Hello Kings, Thanks, but as Eugene stated, is not which feature to use rather than what to allow on the trigger ACL, for example on the router, I can use a trigger ACL on the interface to catch the traffic to be authenticated, if No ACLs applied that would be Easy cake, but on the ASA? I mean I need to allow traffic, which traffic and to where should I allow? As well on the router, what if there is an acl on the interface? I need allow specific traffic in order to accomplish the auth-proxy question.
In my first attempt I didnt get any of this, I am just taking precautions :D. Mike Date: Sun, 10 Jun 2012 12:52:33 +0530 Subject: Re: [OSL | CCIE_Security] CTP-Auth Proxy Tricky questions. From: kingsley.char...@gmail.com To: mike_c...@hotmail.com CC: ccie_security@onlinestudylist.com virtual telnet and http is required for non-telnet/http/ftp applications. Auth-proxy, mostly that is the way it will be asked. With regards Kings On Sun, Jun 10, 2012 at 6:52 AM, Mike Rojas <mike_c...@hotmail.com> wrote: Hello All, I have a mayor doubt in regards when you have to configure either CTP or Auth-Proxy. I've seen the question formulated 10 thousand times, but they all differ in the solution and on the methods to accomplish it. For example, when they ask you to do things like: 1-Make sure that the client authenticates before gathering access to the internal network (CTP) Now, I can use either Virtual HTTP, Virtual Telnet or Match command... which one do I use? On this same one, if using match command, I need to allow something in within the interesting traffic so CTP can catch it right? If so, which traffic any http? To specific one host? 2-Allow traffic after being authenticated to the Network x and y (Auth-Proxy) I've seen many exercises when they put an ACL on the interface denying all the traffic and just permitting one specific type of traffic in order to trigger the Auth-proxy, shall I use this approach or match the traffic they ask using a triggering acl? Thanks in advanced. Mike _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com