Are you using Virtual WLC? I was told by an engineer from Wireless that if you
are running Virtual WLC, you must run FlexConnect.
Mike Rojas
From: sheaha...@gmail.com
To: ccie_security@onlinestudylist.com
Date: Fri, 13 Dec 2013 09:46:33 -0500
Subject: [OSL | CCIE_Security] 802.1x AP
Either we are both Doing it wrong, or it just doesnt trigger
I tried my configuration using a the loopback as the trigger (did not work)
and then added a new interface (fa0/1) put a host there and add the host for
trigger the ACL and it worked fine.
This is triggered on the debug IP packet
Hi;
I did the CWA for the wireless client and everything worked fine. The only
thing weird is that I am seeing like 3 or 4 authentication successful and then
a fail, but the CoA is being done correctly and the client is being re-assinged
to the correct VLAN.
Has anybody run into this
Tarik;
Thank you for your attention to this issue. So I brought a wireless CCIE to
help me a bit and we found out the issue. PEAP was failing because I had a Typo
on the authorization ACL on the ISE.
Once we corrected the typo PEAP worked and I was able to see it working. Just
CWA and It
Any Ideas? Im a bit behind with the rest of the lab just for testing this.
Mike.
From: mike_c...@hotmail.com
To: ccie_security@onlinestudylist.com; pio...@ipexpert.com
Date: Wed, 9 Oct 2013 18:17:12 -0600
Subject: [OSL | CCIE_Security] ISE Wireless Dot1x issue
Hello;
So I managed to fixed
Hello;
So I managed to fixed the problem with the profile that I had before. The main
issue that I have right now is with the authentication.
I didnt have a wireless device so I added a Dlink adapter and selected the
option to create a profile to it.
When I authenticate, I get the following
Hello;
I have an issue setting up the profile for the wirless client. I configured the
Profile using the Anyconnect Profile editor, I save the profile, but when I
went and did the network repair, only the wired network was showed.
Another thing (and this is an aside Note for whoever is
profile went
fine and the Policy was downloaded correctly.
Any help would be appreciated.
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
if
it was permitting all IP to get the dACL feature work.
Regards,
--
Piotr KaluznyCCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.URL: http://www.IPexpert.com
On Tue, Oct 1, 2013 at 10:51 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hello,
I am encountering an issue
Kaluzny
CCIE #25665 (Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Oct 1, 2013 at 11:31 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi Piotr;
Thanks for the explanation. Yeah, at some point I remember about that ACL when
we were doing Dot1x
and multi-host settings will change the source
to the specific learned ip from device tracking or dhcp snooping, while
single-host will not.
Jan
2013/10/1 Mike Rojas mike_c...@hotmail.com
Hi Piotr;
Thanks for the explanation. Yeah, at some point I remember about that ACL when
we were
Hi;
I completed the MAB for the IP phone task, however I have some doubts and I
think it resides on concepts.
1-When the Phone connects to the Network, the guide says that the Username and
password Attribute is going to be the device MAC address. I guess this is
authenticated against the
Good ISE profiling info:
http://www.thesecurityblogger.com/?p=632
Mike.
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking
but either use version 9 or enable
Compatibility Mode (press ALT, then tools - Compatibility Mode I believe is
how you enable it).
Regards,
--Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Aug 2, 2013 at 6:54 PM, Mike
(Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Aug 2, 2013 at 6:54 PM, Mike Rojas mike_c...@hotmail.com wrote:
Tried with Mozilla, Chrome and IE, none of them show any groups.
Mike.
Date: Thu, 1 Aug 2013 20:53:30 -0700
From: t_adm
Tried with Mozilla, Chrome and IE, none of them show any groups.
Mike.
Date: Thu, 1 Aug 2013 20:53:30 -0700
From: t_adm...@yahoo.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] ISE, Unable to see security groups
Which browser are you using, try using Mozilla or IE. I
to see if you find it. Aside
from that, I think It was a good idea for me using it that way because I was
more aware of the file structure of the WSA.
Hope it helps.
Mike Rojas
Security Technical Lead
From: d...@syssec.biz
Date: Wed, 31 Jul 2013 10:50:27 +0900
To: ccie_security
Hi All,
I was able to successfully join the ISE to the DC, however I am not able to see
the security groups. I tried to browse for troubleshooting steps but cant seem
to find any.
On my WSA, it works like a charm.
Any guidance onto what to check?
Mike
, 2013, at 3:45 AM, Mike Rojas mike_c...@hotmail.com wrote:Hi All,
I was able to successfully join the ISE to the DC, however I am not able to see
the security groups. I tried to browse for troubleshooting steps but cant seem
to find any.
On my WSA, it works like a charm.
Any guidance onto what
that in the gui itself, so I'm guessing you meant ftp in the browser.I'll try
it, but I also used filezilla to access it and I couldn't see the files.
I did try it on a different pod, and the directories were there, which is very
odd. Thanks Mike!-DanOn Aug 2, 2013, at 3:43 AM, Mike Rojas
mike_c
suggestions are very welcome.
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike
: http://www.IPexpert.com
On Wed, Jul 10, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike
with the certificate used by the old
Ironport or at least with the pointers. Did you check that?
BR,Bruno Silva.
Em 11/07/2013, às 22:58, Mike Rojas mike_c...@hotmail.com escreveu:Hi Bruno;
I had to install it from scratch, I did not find a way to add another interface
to the VM. So I backed up the file
activated. To modify physical settings for any port, including T1/T2,
use etherconfig.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jul 10, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com
ERROR: access-list outside_access_in does not exist
Mike Rojas
Date: Tue, 9 Jul 2013 20:57:40 +0200
From: pi...@howto.pl
To: ateki...@hotmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] ASA - ACL applied to interface with no ip
address
Aaron
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike.
___
For more information regarding industry leading CCIE Lab training,
Hi,
On this particular, it does says Only for IT subnet. Where on the DSG it says
that is only for IT?
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
the identity and on the policy, when they said
identity to use, I selected the One that I created then on advanced, I selected
my time-range, instead on the DSG they select all, authenticated and not
authenticated users.
Any thoughts?
Mike Rojas
Security Technical Lead
Samsung Mobile
Original message
From: Mike Rojas mike_c...@hotmail.com
Date: 20/06/2013 06:59 (GMT+05:30)
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WSA Research Host NoAuth Policy
Hi;
I am doing the policy where the not authenticated user can
Joe;
This is the problem:
From: joeastorino1...@gmail.com
Date: Wed, 19 Jun 2013 21:31:17 -0400
To: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] 8.4 VPN Hairpin
Anybody? Really interested to know the answer. I have read everything I can
find on the topic.
Sent from
Joe;
(Stupid Outlook sorry for the previous e-mail)
object network obj_any
nat (any,outside) dynamic interface
Lets say that the VPN client goes out being Natted to the interface IP,
everything is good, BUT, the reply packet from the source on the internet, will
ALSO try to hit the same
Hi Joe;
Main difference, you can change the order of the NAT statements, with Auto, you
cant.
For Dynamic NAT/PAT, I would definitely encourage you to use Auto NAT and for
Statics to use Manual, here is an example why:
If you have an inbound connection and the Dynamic PAT is configured
it falls out of the
specified time range. Hence in your access logs you see
“MONITOR_CONTINUE_WEBCAT”.
Sam
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Tuesday, June 18, 2013 8:16 AM
-0500
CC: ccie_security@onlinestudylist.com
To: mike_c...@hotmail.com
Mike-Are you using only the WSA management interface? Did you add a static
route on the WSA or only using the default route?
Regards,Jay McMickle- 2x CCIE #35355 (R/S,Sec)Sent from my iPhone 5
On Jun 12, 2013, at 8:48 PM, Mike
config or use that would have changed
this? Can you wipe it and run through the setup again if you can't get it
working through the menu or CLI?
Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)
Sent from my iPhone 5
On Jun 13, 2013, at 11:18 AM, Mike Rojas mike_c...@hotmail.com wrote:
Jay
Hi,
So I am using a virtual WSA for the WSA book. The main issue that I have is
that I need to point a route of 192.168.0.0 to the ASA.
I put the route in place, but all the traffic is still taking the Management
default gateway to return back to the host that made the request.
I remember
get to the destination because of some
routing missbehavior... If you get an answer I would also use it...:P
—
Sent from Mailbox for iPhone
On Wed, Jun 12, 2013 at 11:29 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
So I am using a virtual WSA for the WSA book. The main issue that I
Take a look here:
http://proctorlabs.com/secure/shop
Mike Rojas
From: ama...@mantzcc.com
To: ccie_security@onlinestudylist.com
Date: Mon, 3 Jun 2013 20:58:30 +
Subject: [OSL | CCIE_Security] lab hardware and licensing
I am working to build my own lab and I was wondering if someone
Hi,
I am running Proxy settings on P1 with a PAC file. When the request gets in on
the P1 port I immediately get a RST from WSA. Web proxy is enabled on Express
forward.
Any suggestions?
Mike
___
For
Hi,
I was checking this demo, the last video on the WSA introduction. There are
basically two policies created, one for Vlan100 and another one for Vlan60.
The VLAN100 is able to download the malware.exe file correctly because he is
only monitoring it.
Since The global policy was being
...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Sunday, June 2, 2013 4:33 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass
Hi,
I was checking this demo, the last video on the WSA introduction. There are
basically two policies created, one
Samarth;
Some that come on the top of my head:
-Ipv6
-ISE
-ACS 5
-WSA
-Ikev2
-Wireless security.
If I come with more in the mean time, will reply.
Mike.
From: s...@ipexpert.com
To: ccie_security@onlinestudylist.com
Date: Thu, 30 May 2013 23:38:42 +0530
Subject: [OSL | CCIE_Security]
for the update,
Mike your ACL seems to be for version 8.3 and above, the lab I am working on
has my firewall at pre 8.2 hence the ACL to the translated and not real ip
address.
Thanks,
Tarik Admani
From: Mike Rojas mike_c...@hotmail.com
To: Tarik Admani t_adm...@yahoo.com; IPX Forums
Hi,
I completed the IOS FW section today. I havent check the solution yet but I did
have to use the DSG to find out about the User-based Firewall.
Just to make sure, I would like to see if by using this feature is necessarily
to use the Tag and template class maps and policy maps.
Checking
Hi
I had both.
Mike
Sent from my iPhone
On May 15, 2013, at 11:08 PM, Tarik Admani t_adm...@yahoo.com wrote:
Hi,
I just checked the workbook section initial configs, and they seem to be the
final configurations after the workbook is completed. Could someone please
check and make sure
Hi,
I started Workbook 2 today and I can see that is requesting a task for a subnet
that I dont see. It is requesting to NAT the Vlan 101 but it is not on that
Router.
Is it requesting that info for the Vlan where the ISE is connected?
Cheers,
Mike.
Nevermind I found it :)
Mike.
From: mike_c...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Thu, 16 May 2013 19:11:30 -0600
Subject: [OSL | CCIE_Security] WB2 IOS NAT Task1 Point 9-14
Hi,
I started Workbook 2 today and I can see that is requesting a task for a subnet
that I
stacks (2960S, 3750), switches in VSS
(4500E, 6500), Nexus in vPC but not on ASAs…
Hope that helps,
Patrick
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Samarth Chidanand
Sent: May-15-13 12:49 AM
To: 'Mike Rojas
Hi,
I used the Configuration files from the Failover Lab till Lab 10 and they seem
to be fine. The rest, I configured them myself (Since they were not released
yet).
I am about to finish the ASA WB and I have to say... Wooow... I dont think they
left anything behind on the ASA part, I do
Hello,
I have a quick question, and I think most of you know it but I am quite new
with Etherchannels and I need guidance on an issue that I am having. On Lab 9
which is the one with BVI Active/Active and BVI interfaces, there is a task
that we need to configure the etherchannel for the
Hi,
I looked on the DSG and it says that you need to only enable like 4 of the
traps. What I did was just to configure:
snmp-server enable traps all
And then I removed the one for syslogs. Is there any particular reason why only
4 Traps were enabled instead of all?
Mike.
Hi,
And just checking cuz currently i was trying to do everything on gns and real
equipment, i went to proctorlabs and everything is booked up to next month!!!
Are u guys going to open more spots there? What about when the you release the
mocklabs?
I wanted to take advantage since the WB are
is the same. Let us hear
back. Regards,Jay McMickle- 2x CCIE #35355 (RS,Sec)
From: Mike Rojas mike_c...@hotmail.com
To: Jason Madsen madsen.ja...@gmail.com
Cc: ccie_security@onlinestudylist.com ccie_security@onlinestudylist.com
Sent: Wednesday, May 1, 2013 11:05 PM
Subject: Re: [OSL
Hi,
I am having troubles with BGP passing through with authentication. I configured
the routers as follow (Since the Initial configs are not ready, but based on
the exercise you kind of know where it is going :))
R1
router bgp 14
no synchronization
bgp log-neighbor-changes
network
use NAT here as the BGP source address is built into
the MD5 hash.
Jason
On Wed, May 1, 2013 at 9:07 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
I am having troubles with BGP passing through with authentication. I
configured the routers as follow (Since the Initial configs
issue, and use a different class map? This
would remove the host restriction and just check on the BGP port.
class-map BGP
match port tcp eq bgp
The rest is the same.
Let us hear back.
Regards,
Jay McMickle- 2x CCIE #35355 (RS,Sec)
From: Mike Rojas mike_c
within a week for the remaining
sections.
Samarth Chidanand
Sr Instructor / Developer – IPexpert
CCIE #18535 (RS, Security)
CCSI #34585
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent
Sam and Team,
I was checking the VoDs (They are good) and a question pops up. In normal
circumstances the ASA is going to allow everything from a higher to lower
security level.
This is where I got confused the other day. If we are tasked to configure a
global ACL, all the packets from a
://www.IPexpert.com
On Tue, Apr 30, 2013 at 1:43 AM, Mike Rojas mike_c...@hotmail.com wrote:
Sam and Team,
I was checking the VoDs (They are good) and a question pops up. In normal
circumstances the ASA is going to allow everything from a higher to lower
security level.
This is where I got
), round-trip min/avg/max = 1/2/4 ms
R5#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security
Hi,
This task says that you need to allow the traffic from the outside to the
loopback 222.222.222.222/32 on R2. The problem comes when it says that I need
to allow this using the Global ACL. There was already a Global ACL configured
but also, there are 2 access list on ASA3 used to allow
Thats what makes IPexpert the best on training for CCIE..
Way to go..
Mike.
From: mar...@ipexpert.com
Date: Fri, 26 Apr 2013 00:10:11 -0400
To: ccie...@onlinestudylist.com; ccie...@onlinestudylist.com;
ccie_security@onlinestudylist.com; ccie...@onlinestudylist.com;
#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security
ms
R5#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL
...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Saturday, April 13, 2013 4:29 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Hi,
I do have some questions in regards to that specific point. It says
Hi,
I do have some questions in regards to that specific point. It says that I need
to send the default route to Router 1 (Which I already did to practice prefix
lists :)) but it also says that change the distance of the null route to 250
and that is where I get confused.
Is the null route
ospf 1 router-id 11.45.45.11 network 10.0.10.0 255.255.255.0 area 1
network 192.168.10.0 255.255.255.0 area 0
area 1 filter-list prefix OSPF out
Marta Sokolowska.
2013/3/18 Mike Rojas maykol.ro...@outlook.com
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject
Hi All,
Based on the link
http://www.ipexpert.com/Cisco/CCIE/Security/Development-Timelines
They should be on our accounts already, however I am not able to see the
workbooks. Is anybody having the issue? (My bad not checking it early)
Mike.
or the DSG's for Section 1 - 6.
His response was:
Section 2 will be available later tonight or in the AM. The DSG stuff is
getting edited and will trickle in over the next few days.
Cheers,
Warrick
On Tue, Mar 26, 2013 at 8:11 AM, Mike Rojas maykol.ro...@outlook.com wrote:
Hi All,
Based
Hi Kevin and Marta,
Excellent, thanks for the tip. I will write it down on my notes.
The only thing in regards to Kevin is that the range may only work for ABRs.
range Summarize routes matching address/mask (border routers only)
Thanks a bunch, I will write this down.
Mike Rojas
Hi All,
I am having issues trying to upload the image to GNS. Once I start the router,
I get:
DynamipsError: 209-unable to start VM instance
'ghost-c7200p-adventerprisek9-mz.151-4.M1.image-127.0.0.1.ghost'
Have googled it but still not able to find the solution. Tried bunch of images,
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject: ASA OSPF Task 3 lab 2
Date: Sat, 16 Mar 2013 17:56:07 -0600
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject: OSPF on ASA (Task 3 Lab 2)
Date: Sat, 16 Mar 2013 15:26:25 -0600
Hi,
Hello,
I have some doubts in regards to workbooks 1 and the information on the
Newsletter:
1-Are we going to receive the complete book? Or just by parts?
2-Are the solutions already on the workbook?
3-When are we going to be able to schedule labs on Proctor labs?
Mike Rojas
Security
No support for SSH client. Thats it.
Mike Rojas
Security Technical Lead
From: sheaha...@gmail.com
Date: Tue, 19 Feb 2013 19:36:50 -0500
To: sdib...@gmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Fw: SSH session
By that logic is not necessary to encrypt
code) that the default
would be some sort of Any as well.
My question here, what is the best method in order to match Non-IP traffic when
creating a CEF except?
Regards,
Mike Rojas
Security Technical Lead
Building Systems
Cisco UC Mobility Number: (513) 870-1187
CCNA, CCSP, CCNP Voice, MSCE+S
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Jay McMickle
Sent: Friday, December 28, 2012 1:28 PM
To: Adil Pasha; Mike Rojas
Cc
This is a very easy concept, the answer is yes...
Look for RPF check... U need to be careful that there are no asymmetric nat
rules.
Sent from my iPhone
On Dec 19, 2012, at 10:19 AM, Joe Astorino joeastorino1...@gmail.com wrote:
Nobody?
On Thu, Dec 13, 2012 at 4:18 PM, Joe Astorino
Hahaha, i know the feeling It will taste better when i get it on my own
Sent from my iPhone
On Dec 5, 2012, at 2:27 AM, Dave Craddock d...@craddock.us wrote:
Problem is there will always be someone that wants the fast route. They get
found out when they can’t do the job but then it’s too
Hi
http://www.ccie1.com/?p=427
Thanks,
Mike
From: ancampo...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Mon, 29 Oct 2012 18:10:35 +
Subject: [OSL | CCIE_Security] GETVPN using KS--ASA_Multiplecontext-GM with
multicast rekey..
Hi there,
Can anyone point me or
to break in the lab? :) I just recall in
the previous thread that it might be a bad idea to use mac address
auto in the lab?
Cheers,
Matt
CCIE #22386
CCSI #31207
On 21 October 2012 12:14, Mike Rojas mike_c...@hotmail.com wrote:
Mac address auto is the trick on all of those exercises
Hi back on my studies, its everything that is not normally found on a regular
subject name. Such as the hostname or any other attribute that can be attached
to a x.509 cert
Sent from my iPhone
On Oct 12, 2012, at 12:10 AM, Jason Madsen madsen.ja...@gmail.com wrote:
actually, re-reading that
Hello Allan,
That is in FACT what you need to do, however be careful because the port for
Gdoi (UDP 848) does not appear there as open port even if the router is the Key
server. So if your router is key server or if it is running GET, you need to
have that in mind.
Mike Rojas.
From
Hello Jason,
It should apply the same for Mail Relay. It should work as well.
Mike Rojas.
Date: Sat, 29 Sep 2012 00:44:13 -0600
From: madsen.ja...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] SMTP Inspection
Hi Group,
I just thought of something while
Hello Jason,
Two things, make sure that there are no class maps, policy maps or anything.
Once sure of that, use clear config fixup that should bring back the
defaults.
Cheers,
Mike Rojas.
Date: Mon, 1 Oct 2012 11:31:25 -0600
From: madsen.ja...@gmail.com
To: ccie_security
scratch and using the default
values, (class inspection default, policy map global policy and even the
service-policy)
Mike Rojas
From: michael.mulholl...@dfpni.gov.uk
To: pi...@howto.pl
Date: Tue, 2 Oct 2012 00:47:48 +0100
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL
Prepare for anything.
All of them are exam-like
Date: Fri, 28 Sep 2012 12:56:22 -0500
From: shipbgps...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] time for 5 Full-scale Labs only.
Hi All,
The company I work for just bought for me the Volume 2 Workbook for
for 5 Full-scale Labs only.
no, they are not. :-) lab 20 is a killer :-)
try 11 to 15, if you still have time, 18 - 19.
And definitely try both Yusuf labs.
HTH
A.
On 9/29/2012 4:00 AM, Mike Rojas wrote
Sent from my iPhone
On Sep 26, 2012, at 5:09 PM, Guardgrid guardg...@gmail.com wrote:
No in the doc. What about the route to the discard addr on the trigger, is
that needed?
Sent from my iPhone
On Sep 26, 2012, at 6:46 PM, Fawad Khan fawa...@gmail.com wrote:
No.
On
carefully what they
ask.
Mike Rojas
Date: Fri, 14 Sep 2012 11:13:33 +0200
From: peter.jorgen...@mil.dk
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] ASA contexts with a shared physical interface.
Hi
Have a doubt about
Hey
If there is a flow already started on the asa firewall the return packets will
hit whatever policy you have defined for the initial flow Thats the idea of
stateful firewall..
Im not quite sure how accurate is the show service policy flow in regards to
already established flows...but
If the question says allow BGP to successfully authenticate and it doesnt
specify it (that you need to allow traffic inbound) once the peers are
authenticated, you should stop seeing those messages. That being said it is not
a requirement and since the questions does not specifies it, you can
The AAA authentication must have @ in front of the domain for proper
authentication. The gateway will remain without the @. Very important if you
are using the same computer and browser, clear everything (cookies, history and
such) then try again with the other user.
Mike.
From:
you please refer me to any Cisco document that explains it? I mean the “@”
part
Eugene
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, August 27, 2012 10:08 PM
To: Eugene Pefti; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] SSL VPN, one gateway, two
seeing the right title but I still can’t login
after changing the domain authentication to @admin and @user.
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, August 27, 2012 10:12 PM
To: Eugene Pefti
Subject: RE: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts
You will be able to login without the @ but it will load only one context.
Mike.
From: eug...@koiossystems.com
To: madsen.ja...@gmail.com
Date: Tue, 28 Aug 2012 05:28:14 +
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts
I think Piotr make it really straight forward last time it happened.
Sent from my iPhone
On Aug 25, 2012, at 11:05 PM, Fawad Khan fawa...@gmail.com wrote:
Those who have given exam couple of times know.
Any config with up address 4x.4x.yy.zz will also tell.
Also I checked some
sides to the default of broadcast and run debug
ip ospf adjacency
On Sat, Aug 18, 2012 at 6:43 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hello,
I run into this one trying to understand the features, is not documented in
any lab is merely me playing around. I have the following scenario
.
HTH
A.
On 8/19/2012 8:45 AM, Mike Rojas wrote:
I think this one
To: mike_c...@hotmail.com
CC: alexei...@gmail.com; fawa...@gmail.com; ccie_security@onlinestudylist.com
\s is the space I guess...And why should it be to service?
Bruno.
2012/8/19 Mike Rojas mike_c...@hotmail.com
Hey,
What is that \s? Also, it should be to service
Mike.
Date: Sun, 19 Aug
1 - 100 of 236 matches
Mail list logo