how you checked that re key messages still recieved on GM's ??
Date: Wed, 13 Jun 2012 09:00:46 +0800
From: depp3...@yahoo.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Rekey address
What is the significance of the 'address ipv4 x.x.x.x' in the gdoi group
Sorry , i was wrong, apparently the GM's are not receiving the rekey requests
from the KS :(So what needs to be done on the asa context to get the rekey
messages from the KS to the GM?
gm1#sh crypto gdoi gm rekey Group GET (Multicast) Number of Rekeys received
(cumulative) : 0
Hi Deepak,
We just recently discussed it here that if you have CBAC/ZFW in the path of
TACACS traffic and your dutifully included TACACS for inspection it will still
not work because TCP port 49 is not allowed by PAM.
Eugene
From: ccie_security-boun...@onlinestudylist.com
Airport details I don't see on the Cisco site, that the reason for my
question.
I am from South-Africa, the airport details is not so obvious as you make it
to be.
Now I also know google:-)
-Original Message-
From: Matt Hill [mailto:mayd...@gmail.com]
Sent: 13 June 2012 08:25 AM
To:
Asa will not pass multicast in a multiconext mode. GRE tunnel will be
needed between the routers to handle the multicast rekeying if needed.
On Wednesday, June 13, 2012, Eugene Pefti wrote:
Then it matches to what Cisco guide says about address ipv4 x.x.x.x.
You'd need it only for unicast
Thanks, Joe. Much appreciated.
On 13 Jun 2012, at 15:43, Joe Astorino joeastorino1...@gmail.com wrote:
I had a good experience with the Wingate hotel. They provided a
shuttle to/from the lab as well.
On Wed, Jun 13, 2012 at 6:42 AM, Johan Bornman jo...@isc.co.za wrote:
Thanks.
No problem. I know a lot of other CCIEs and CCIE candidates have been
happy there as well. When you give them a call to book your room,
mention that you are there to take your CCIE lab exam at Cisco. They
should have a shuttle to and from the lab, and they will also pick you
up at the airport
Nope, a Server address is not needed when configuring GET, I guess Kings
already responded to this. Ill look for his e-mail
Date: Wed, 13 Jun 2012 08:48:08 -0400
From: fawa...@gmail.com
To: eug...@koiossystems.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Rekey
Guys,
Am I missing something? It is a notorious question about role-based access and
CLI views but my point is about finding the required details in Cisco docs.
I need the right TACACS attributes for cli-view. Assuming that I forgot the it
is cli-view-name I navigate to following sections hoping
If a training vendor could make a VM that plays on WMWare, Virtual Box
or similar that had a whole security topology on it. ie everything
good to go, just press play and your topology is there. So Vendor X
says, this VM needs your favourite OS running on a box with xxGB RAM
and off you go.
I
Try show aaa attribute
On Wednesday, June 13, 2012, Eugene Pefti wrote:
Guys,
Am I missing something? It is a notorious question about role-based access
and CLI views but my point is about finding the required details in Cisco
docs.
I need the right TACACS attributes for
Agreed. Count me in.
On Wed, Jun 13, 2012 at 3:52 PM, Matt Hill mayd...@gmail.com wrote:
If a training vendor could make a VM that plays on WMWare, Virtual Box
or similar that had a whole security topology on it. ie everything
good to go, just press play and your topology is there. So
Mike, we need an address for multicast as I observed that the GMs didn't
accept the rekeys, if there address is different.
On safer side always configure address for both modes.
With regards
Kngs
On Wed, Jun 13, 2012 at 8:42 PM, Mike Rojas mike_c...@hotmail.com wrote:
Nope, a Server address
Yeah, but I was referring to the KS server ipv4 address.. I agree without the
Multicast address rekey is not gonna work... in fact is going to tell you that
the configuration is incomplete.
Date: Thu, 14 Jun 2012 08:07:37 +0530
Subject: Re: [OSL | CCIE_Security] Rekey address
From:
Thanks, Fawad,
I remember looking into it but somehow I skipped the right name in the long
list.
Let me get it right. This command outputs all available and known to IOS
attributes or only those returned by RADIUS ?
If it's only RADIUS and I guess it by the only available prompt:
R6#sh aaa
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_laas.html
Check this link, it confirms our understanding.
On Wednesday, June 13, 2012, Eugene Pefti wrote:
Thanks, Fawad,
I remember looking into it but somehow I skipped the right name in the
long list.
Let me
16 matches
Mail list logo