Hi Raman,
I may have put a lot of redundant words and obscured the gist of my problem.
Again, this is a topology:
BB2---(192.10.1.0)SW1 -
(EIGRP)ASA(EIGRP)-R4
(loopback-150.1.7.7)
I don't have any problem with routes on
Hi Eugene,
After changing the distribute list, in my case, I had to restart the routers
(because I`m using GNS3), for some reason, even after changing the distribute
list to use tthe hole network instead of the host it still didn`t work for me.
So after trying everything in my power I tried to
Hi Eugene,
I have been thinking about your question and why the exercise is not correct
and here are my thoughts on that:
1 - As you stated before here is your routing table:
C163.1.127.0 255.255.255.0 is directly connected, IN
C163.1.124.0 255.255.255.0 is directly connected, OUT
D
Hi Mike,
Why did you choose to look for code 0? Code 0 means different thing for
each ICMP type.
I think for echo messages you should look for icmp type 8 .
Now the interesting part is that if you try to match icmp type 8 instead
of code 8 your solution won't work.
Oszkar
Annnd Bingo,
Oszkar,
You are right. I sent a clarification on this exercise it will drop any ICMP
message within GRE that has a code 0 on them. Seems that there is a problem
with FPM because it cannot match types correctly. If I match code 0 it will
drop both ICMP echo and echo reply because they both
Hi Mike,
Code 0 means no code, and majority of the ICMP types have code 0. As a
result you will drop much more than echo/echo reply.
And you are right, for some reason matching types for ICMP is not working
in this case.
On Wed, Jun 20, 2012 at 3:37 PM, Mike Rojas mike_c...@hotmail.com wrote:
Meant to say that 8 here is type and 0 is code.
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Eugene Pefti
Sent: Wednesday, June 20, 2012 4:47 PM
To: Imre Oszkar; Fawad Khan
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL
Hey,
Yeah, weird isnt it? Most people think that is mandatory to have a next GRE
when mounting the stack, if you are not going to match anything on that
specific header, why would you mount it?
I dont know... I ended up liking it a lot, of course it can get really nasty.
Mike
Date: Wed,
I am looking for the functions command:
group-policy WEBVPN attributes
vpn-tunnel-protocol webvpn
webvpn
functions port-forward
ASA(config-group-webvpn)# ?
Group-policy WebVPN commands:
activex-relayEnable or
I learn something new every day. Thank you guys, I'll read about it and
update my personal notes as well.
On Wednesday, June 20, 2012, Imre Oszkar wrote:
I have to disagree with you on this:) I don't think that ICMP type and
code are the same.
For instance Type 3 code 0 means Net
Hey,
Basically, If we want to be really specific into the protocol, we we will need
to create our own PHDF for GRE.. There are 16 bits for protocol type we would
mostlikely specify the next IP header (0x800) in order to match the stack on
the exact order.
On our stack we are saying, look
It has been removed:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1935301
Mike
From: jo...@isc.co.za
To: ccie_security@onlinestudylist.com
Date: Thu, 21 Jun 2012 04:37:52 +0200
Subject: [OSL | CCIE_Security] WEBVPN
I am looking for the functions command:
Thanks, Mike.
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: 21 June 2012 05:08 AM
To: jo...@isc.co.za; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] WEBVPN
It has been removed:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html
13 matches
Mail list logo