That is his question, why would it be needed, I mean the technical explanation.
Im sure if you run the debug, without having a crypto map applied on the host
facing interface, it will tell you no atts acceptable. I am assuming if this
has something to do with the identity or if the IP address
Hi Eugene,
Apart from who wrotte the solution for this task, what I think is not the case,
I have also came across this task and for some reason this is not the only
wrong thing on it. This is a ipsec ha solution that you're trying to configure
and for some reason the solution not only does
Thanks, Bruno.
I found this white paper recently and put it aside for tomorrow morning to
study on a fresh brain ;)
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Bruno Silva
Sent: Thursday, June 21, 2012 11:12 PM
To:
Guys,
Cleared the lab finally, in my 3rd attempt.
Thanks for all the wonderful posts in here , which really helped in nailing the
concepts. This mailer and the archives were an immense help to me.
You guys are amazing. :-)
___
For more information
Congrats Deepak!!
On Thu, Jun 21, 2012 at 11:59 PM, Deepak N depp3...@yahoo.com wrote:
Guys,
Cleared the lab finally, in my 3rd attempt.
Thanks for all the wonderful posts in here , which really helped in
nailing the concepts. This mailer and the archives were an immense help to
me.
You
Who-hoo
Well done, mate! You did it just in time ;)
Can you please share your best and worst experiences ?
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Deepak N
Sent: Thursday, June 21, 2012 11:59 PM
To: OSL CCIE-Security
Congrats Bro...
Cheers..
Wale Ogunyemi
CCIE#29171
From: Deepak N depp3...@yahoo.com
To: OSL CCIE-Security ccie_security@onlinestudylist.com
Sent: Friday, June 22, 2012 7:59 AM
Subject: [OSL | CCIE_Security] Finally...and it took a year
Guys,
Cleared the
Well done!
Johan Bornman
Integrated Systems Consulting (Pty) Ltd
Cell: 082 783 3635
On 22 Jun 2012, at 9:49, wale ogunyemi waletechniq...@yahoo.com wrote:
Congrats Bro...
Cheers..
Wale Ogunyemi
CCIE#29171
From: Deepak N depp3...@yahoo.com
To: OSL CCIE-Security
Congratulations you deserve it :)
Date: Fri, 22 Jun 2012 14:59:20 +0800
From: depp3...@yahoo.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Finally...and it took a year
Guys,
Cleared the lab finally, in my 3rd attempt.
Thanks for all the wonderful posts in here ,
Congratulations Deepak,
This is a great achievement.
Best Regards.
__
Adil
On Jun 22, 2012, at 2:59 AM, Deepak N wrote:
Guys,
Cleared the lab finally, in my 3rd attempt.
Thanks for all the wonderful posts in here , which really helped in nailing
the concepts. This
Congratulations Deepak. :)
On Friday, June 22, 2012, waleed ' wrote:
Congratulations you deserve it :)
--
Date: Fri, 22 Jun 2012 14:59:20 +0800
From: depp3...@yahoo.com javascript:_e({}, 'cvml',
'depp3...@yahoo.com');
To: ccie_security@onlinestudylist.com
Congratulations :)
Regards,
Mohamed Abdin
On Fri, Jun 22, 2012 at 8:59 AM, Deepak N depp3...@yahoo.com wrote:
Guys,
Cleared the lab finally, in my 3rd attempt.
Thanks for all the wonderful posts in here , which really helped in
nailing the concepts. This mailer and the archives were an
It's not a workbook scenario, so it's not a requirement. I'm playing
with the idea of having clients on both sides of and EZVPN server.
Is having only one crypto map a requirement?
I?d have two different crypto maps applied to Fa0/1 and Ser0/1/0.
Bruno and all,
I have a stupid question to ask. The white paper given below says that IPSec HA
is supported only by high-end routers.
I didn’t have any problem adding all required commands on 1841 router but
didn’t test it yet because I still don’t understand all the nitty-gritty
details about
Hi guys!
I know this is an old post and it has been answered, but I would like to
bring it back to discussion if you don't mind.
So we know that ip address is a requirement for EZVPN Remote for routing
purposes which is great, but do we really need the ip unnumbered lo0 or
similar configured on
Sorry I hit the send button by accident, so here is the complete e-mail:))
Hi guys!
I know this is an old post and it has been answered, but I would like to
bring it back to discussion if you don't mind.
So we know that ip address is a requirement for EZVPN Remote for routing
purposes which
Seems like my PC went crazy and sends the drafts by its own...here is the
complete e-mail.
Hi guys!
I know this is an old post and it has been answered, but I would like to
bring it back to discussion if you don't mind.
So we know that ip address is a requirement for EZVPN Remote for routing
I recently did my tests with DHCP based EzVPN remote router and all I had to do
under the client virtual-template interface was:
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
Then when you apply the crypto ipsec client profile to the physical interfaces
the
That was my point, Imre,
Your client is network extension mode and according to Cisco the virtual-access
interface doesn't use loopback but the physical one.
Can you please try it in the client or network plus mode to confirm that it
behaves differently. I loaded different labs to my routers.
Hi Eugene,
I have tested it with all three modes and works well. The only difference
is that with client mode and network-plus the virtual-access interface will
inherit the IP address of lo1.
I recently did my tests with DHCP based EzVPN remote router and all I had
to do under the client
Folks,
Up until now I always thought that by default when any VPN connection lands on
the ASA one of the following condition always works, namely
If this is a certificate based authentication then the OU in the certificate is
used to match for the tunnel-group.
Trying to prove it with different
I dug deeper into the intrinsic details of certificate processing and did the
following that I thought would change the picture. But still no luck
1) Created the certificate map:
crypto ca certificate map CERT-MAP 1
subject-name attr ou eq webvpn
2) Enabled the mapping rules
Yes, you need a reload for HA to work.
With regards
Kings
On Sat, Jun 23, 2012 at 12:10 AM, Eugene Pefti eug...@koiossystems.comwrote:
Bruno and all,
I have a stupid question to ask. The white paper given below says that
IPSec HA is supported only by high-end routers.
I didn’t
On the Server, you need ip unnumbered configured. On the client side, it is
not required.
With regards
Kings
On Sat, Jun 23, 2012 at 1:24 AM, Imre Oszkar oszk...@gmail.com wrote:
Hi guys!
I know this is an old post and it has been answered, but I would like to
bring it back to discussion
What about router platforms? Will I have a chance to test it with 1841 or 2800
routers? At least IPExperts lab gives an example of statefull IPSec HA with
2811 routers.
Eugene
Sent from iPhone
On Jun 22, 2012, at 7:57 PM, Kingsley Charles
OU matching is only applicable for IPSec. With WebVPN, you need to either
use group-url or group-alias for landing on the tunnel-group.
Your configuration, enables double authentication. Certificate
authentication and PKI User authentication from OU.
With regards
Kings
On Sat, Jun 23, 2012 at
For HA to work, you need a specific VPN accelerator card inserted in the
router. I forgot the card's name
With regards
Kings
On Sat, Jun 23, 2012 at 8:35 AM, Eugene Pefti eug...@koiossystems.comwrote:
What about router platforms? Will I have a chance to test it with 1841
or 2800 routers? At
Agreed.
Thanks Kings!
On Fri, Jun 22, 2012 at 8:00 PM, Kingsley Charles
kingsley.char...@gmail.com wrote:
On the Server, you need ip unnumbered configured. On the client side, it
is not required.
With regards
Kings
On Sat, Jun 23, 2012 at 1:24 AM, Imre Oszkar oszk...@gmail.com wrote:
28 matches
Mail list logo
