Hi Mike, did you configure the aaa authorizarion exec command and aaa
authorization command [level] ?
Br,
Bruno Silva
Enviado via iPhone
Em 15/06/2012, às 16:40, Mike Rojas mike_c...@hotmail.com escreveu:
It was on the username and the privilege is 15... the list is attached to
local
Hi,
When u have aggressive mode u exchange messages with the ids in cleartext while
performing dh, i believe that's the main reason why you don't have to have a
dns server configured in order to make it work.
If it was main mode it would not work because when the isakmp responder
receives a
Hi Eugene,
As far as I understand your quetion you are probably missunderstanding the use
of port mapping for non-standard ports. Look, for mapping standard applications
to non-standard ports gou can use ip-port map [application] port [non-standard
port]. What u cannot do for this case is for
Exec should do the trick, and I did it, but still gave me the user mode,
either way all the configuration commands where correctly authorized, it was
just the user prompt which bugged me.
They clarify that it is expected.
Cheers,
Mike
From: auranpr...@gmail.com
Date: Mon, 18 Jun 2012
I did not test standalone and saw no documentation that led me to believe it
would work standalone.
From: Alexei Monastyrnyi [mailto:alexei...@gmail.com]
Sent: Monday, June 18, 2012 7:55 AM
To: Anthony Sequeira
Cc: CCIE Security
Subject: Re: [OSL | CCIE_Security] Protecting Against Fragmentation
Hi Anthony.
Mentioning ip virtual-reassembly as a part of CBAC/ZBF, did you actually
test this as a standalone feature or did you always use it as a part of
your CBAC/ZBF configuration?
Cheers
A.
On 6/18/2012 12:22 PM, Anthony Sequeira wrote:
Here is a post I did today on this topic.
Bruno, what you are saying is correct, in aggressive mode the IKE id is
sent in clear text but I don't think that this answers my question.
If you take a look at the config/debug output in my first post, the
initiator router sends its hostname as the IKE ID but the receiving router
doesn't
This is a question in regards IP to IP tunnel matching on FPM.
class-map type stack match-all STACK
stack start l2-start
match field ETHER type eq 0x800 next IP
match layer 2 IP protocol eq 4 next IP
match layer 3 IP protocol eq 6 next TCP
First, what is the difference between the last
Hi Bruno,
Haven’t we seen the debugs where the initiator sends its hostname as an ID not
the IP address? The main question is how the responder knows the IP address of
the initiator.
Eugene
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On
Hi Eugene,
Sorry, again, as other times I have put myself ahead of everything. When you
configure your crypto map to apply in your interface you have to put the set
peer command with the ip address, unless you have a DNS server configured for
it to resolve the hostname.
So again, there are 2
My $0.02 to what I have always thought about it.
First, I'd stay away from stack-start l2-start if I know for sure that
IP-TCP runs over ETHER and doesn't encapsulates it somehow differently, i.e.
I'd start my stack type class-map with IP matching thus making router's life
easier.
But it's
Guys,
What's wrong with my distribute-list that I'm trying to setup on the ASA to
allow only routes 192.10.1.0/24 and 150.1.7.7 to send to R4 ?
The topology is as follows:
BB2---(192.10.1.0)SW1 -
(EIGRP)ASA(EIGRP)-R4
Anthony,
Thanks for your daily bit on the challenge. I am following it as I will also
do my lab around the same time.
I am under the impression that virtual-reassembly always has to be applied
to the outside int when CBAC and ZBF is used. Is this correct?
I am busy with a VII IPEXPERT
Hi everone,
I am abit confused about Application Layer Gateway,
Could you please tell me how ALG is applied along with NAT?
-What is the advantage of applying ALG in the network?
-What is the impact on the network architecture?
Cheers,
P
___
For
Ok but here is my question,
match field IP protocol eq 0x4 next IP
We are saying there, in the IP protocol it will come IP again wouldnt it?
The main idea if I understand correctly is to match and IP header twice... So,
I would think that this line
match field IP protocol eq 0x4 next IP
and
I'd rather say that match field IP protocol eq 0x4 next IP will match the
first IP header that goes after ETHER header and match field IP protocol eq
0x6 next TCP
Will match for the second IP header that goes after the first IP header.
As for the quiz I was not 100 percent sure myself because
Well, this was not my question, Bruno ;)
It was Imre who started this thread and I tried to understand what was going on.
Imre, what do you have in your crypto map for the peer? I'm almost positive
it's an IP address and as he stated there's neither DNS server nor IP host
mapping configured
17 matches
Mail list logo