Hello,
I have a question and this is basically what I understand about these 3
features:
1-RootGuard--Enabled on the designated ports in case we received a Higher BPDU
on that port, we are going to put it on an inconsistent state.
2-LoopGuard-Blocked ports stop receiving BPDU's it thinks
Hello,
If you are tasked to rate limit the traffic that is not IP, we know that it is
cef-excempt. However, I have a doubt on that. I see that many people just add
the police to the class-default, but class default is everything including IP,
my question is, would you create an Access list
Way to go Ozkar...
Mike
Date: Sat, 21 Jul 2012 06:48:13 -0700
From: oszk...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] mission completed..time for new challenges:)
Hi guys,
I passed the lab last week in SJ.
I needed a week to alleviate a little
Darn,
No near to Costa Rica... RTP Here I come.
Mike
Date: Sat, 21 Jul 2012 18:08:43 -0400
From: fawa...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] New mobile labs before November
Hi All,
Maybe I read it too quick. But if the pool is defined under the group...
shouldnt that one just take it and assign the IP address to it? I dont know why
there was the need to assign it on the user itself
Mike.
Date: Mon, 23 Jul 2012 13:21:38 +0530
From:
Hi Everyone,
Quick one, with zone based if they tell you to inspect telnet on a non standard
port, does zone based also use the system ports? Or should we use an access
list permitting the traffic on port 23 and have it being inspected as a regular
tcp traffic? Since it didnt say anything to
, Jul 24, 2012 at 10:27 AM, Mike Rojas mike_c...@hotmail.com wrote:
Hi Everyone,
Quick one, with zone based if they tell you to inspect telnet on a non standard
port, does zone based also use the system ports? Or should we use an access
list permitting the traffic on port 23 and have it being
...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Mike Rojas
Sent: Monday, July 23, 2012 9:58 PM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Zone based Firewall Port Map
Hi Everyone,
Quick one, with zone based if they tell you
BRO CONGRATS!
PROUD YOU! 17234! Alexei RELOADED X2!!!
Mike
Date: Thu, 26 Jul 2012 18:20:29 +1000
From: alexei...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] dubs #17234 (RS/Sec)
Guys,
have just
Does the Router knows how to resolve that name? The logs downthere are from the
receiver right?
Mike
Date: Thu, 26 Jul 2012 17:24:38 -0700
From: gaub...@yahoo.com
To: guardg...@gmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Preshared Key with Hostnames
Also,
Take a look at this:
http://blog.ipexpert.com/2012/07/10/isakmp-profiles-in-action-part-ii/
Self identity blah, Make sure you are matching it on the other side of the
tunnel... also that you can resolve the names.
Mike
Date: Thu, 26 Jul 2012 17:24:38 -0700
From: gaub...@yahoo.com
Hey,
crypto isakmp profile AGRESSIVE
keyring default
self-identity fqdn
match identity host Router1
initiate mode aggressive
crypto isakmp profile AGRESSIVE
keyring default
self-identity fqdn
match identity host Router2
initiate mode aggressive
crypto isakmp key
If I am not mistaken I tried it out today on a Ipexpert rack.
I tried to put a method list on the HTTP server and it didnt work, only with
local user, when I enabled the loging default tacacs, it authenticated againts
AAA, so by that test/error scenario, I would say it overrides it.
I was
“show run interface” ?
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Mike Rojas
Sent: Monday, July 30, 2012 9:52 PM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Privilege level command
Any idea why
“show
running-config” IOS will allow it to be ran with all options after the command
and that’s why it doesn’t show it in the running config.
Eugene
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, July 30, 2012 11:08 PM
To: Eugene Pefti; ccie_security@onlinestudylist.com
Hey,
Mostlikely is not going to be like Zone based where you have interface not cfg
for zoning and such, it would be more like for invalid flags, retransmissions,
IP ident 0 (which in lots of cases are caused by late packets or OoO).
Mike.
From: eug...@koiossystems.com
To:
You can also enable the HTTPs server on the ASA (if no TFTP available) and do:
https://ip/capture/name/pcap
Mike
From: fawa...@gmail.com
Date: Sat, 4 Aug 2012 00:26:27 -0400
To: parvez.ahma...@gmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Packet Capture
I would definetly start the configuration ones first, cuz you can play with
what is needed or not... Then... let the games Begin!
Mike
Date: Sat, 4 Aug 2012 15:52:15 +1000
From: mayd...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Troubleshooting Labs -
Couple of questions.
I saw an exercise that they asked you to permit (Truly hate that word when it
comes to ZONE BASED FIREWALL) trace route from outside to inside, on the
solution they put that they need to inspect from inside to outside ICMP but
from outside to inside they put pass on it.
-member security external duplex auto speed auto
zone security internalzone security externalzone-pair security internal source
external destination internal
service-policy type inspect test
i tried it will inspect the 443 and 80 traffic.
regardskrishna
On Mon, Aug 6, 2012 at 4:34 AM, Mike Rojas
To: mike_c...@hotmail.com
hi Mike,
i check i am able to pass my http and https traffic through this configuration.
if my solution is wrong then how it will work can you please explain me.
i want to understand what is my mistake.
regardskrishna
On Mon, Aug 6, 2012 at 9:16 AM, Mike Rojas mike_c
Hello,
Another interesting question is in regards of virtual HTTP on the ASA, if you
are connected directly to the same broadcast domain as the virtual IP it does
not work.
If I try to do virtual http I get:
%ASA-2-106001: Inbound TCP connection denied from 192.10.1.200/4475 to
(inside,outside) 192.10.1.100 192.10.1.100
But when you connect to it from higher security level it should work without
NAT. What are your ASA proxyarp settings ?
Eugene
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Mike Rojas
Eugene,
I did... I will forward you my config in a bit.
Mike Rojas
From: eug...@koiossystems.com
To: mike_c...@hotmail.com; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] Virtual http
Date: Mon, 6 Aug 2012 19:41:17 +
Hm...
This only makes me believe you
Eugene,
You dont have to actually tell it to use it. As soon as you run pim over it, it
should send it over there (Thats how I learned it the hard way) Any
Multicast expert is free to join the call here :D
PS (Still working in getting you the config for the virtual http wanna finish
If I am not mistaken,
On the Router 1 (inside router if Im not too Costa Rican at 9:44 PM ), you
need to point the RP-address to the loopback and then on router 2, create an
static Mroute towards that tunnel interface...
Try it out, if not, it will be a long long Night for me...
Mike.
ip pim rp
Group: 239.0.0.1, RP: 1.1.1.1, next RP-reachable in 00:01:27
Group: 224.0.1.40, RP: 1.1.1.1, next RP-reachable in 00:00:29
R2#sh ip pim rp
Group: 224.0.1.40, RP: 1.1.1.1, uptime 00:26:29, expires never
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, August 06
239.0.0.1
ip pim send-rp-announce Lo0 scope 16 group-list 1
ip pim send-rp-discovery Lo0 scope 16 interval 30
!
Then on R2 you can do show ip mroute 239.0.0.1 and you should see
it's learnt by the tunnel.
Cheers,
Warrick
On Tue, Aug 7, 2012 at 3:01 PM, Mike Rojas mike_c...@hotmail.com wrote
Completely Agree,
Something that I noticed yesterday is that whatever IP that you use for
registration, it has to have PIM enable. Overall great Blog, I was going
through It and gosh... is pretty much everything you need.
It would be nice to have outputs for the configurations he puts.
Hello,
This is for the new guys in the group. As you already know the ASA is not like
the regular routers where you can simply enable a URL list put the value and
that is it. The ASA requires you to configure an XML based URL list that later
on you need to import to your webvpn
Hello All,
I was studying normal like any other Sunday with a bright afernoon, all sunny
and windy... and I got asked by one of the guys that I work with (that is also
studying) if I had ever encountered a problem with EZVPN server when configured
on a DMVPN hub. I try to do some memory
with it and
because of that the other VPNs that where configured using that transform set
weren`t working...
BR,Bruno Silva.
Em 13/08/2012, às 00:20, Mike Rojas mike_c...@hotmail.com escreveu:Hello All,
I was studying normal like any other Sunday with a bright afernoon, all sunny
and windy... and I got asked
...BRBruno Silva.
Em 13/08/2012, às 00:57, Mike Rojas mike_c...@hotmail.com escreveu:Hi,
Were you using DVTI? I tried to break it...and I tried hard... couldnt make it
not work. My study partner said that he was having issues with phase one. Seems
like yours was on Phase 2.
How did you go around
To: mike_c...@hotmail.com
Yes Mike,
You are right...I`m sorry, I forgot you were talking about EZVPN instead of
GET...Well, can your friend provide the configuration because that would be one
of those strange IT mysteries...don`t you think? LOL
br,Bruno Silva.
Em 13/08/2012, às 01:17, Mike Rojas
Hello,
I run into this one trying to understand the features, is not documented in any
lab is merely me playing around. I have the following scenario:
Router1 Get KS (Multicast
rekey)
I think this one depends so much in how the command is placed,
Mainly because you can do sh run, show running-config, sh runn, etc. Now, I
have seen that some types of telnet clients, send character per character
making it difficult to the IPS
to catch the string.
My advice here, get and
.
HTH
A.
On 8/19/2012 8:45 AM, Mike Rojas wrote:
I think this one
To: mike_c...@hotmail.com
CC: alexei...@gmail.com; fawa...@gmail.com; ccie_security@onlinestudylist.com
\s is the space I guess...And why should it be to service?
Bruno.
2012/8/19 Mike Rojas mike_c...@hotmail.com
Hey,
What is that \s? Also, it should be to service
Mike.
Date: Sun, 19 Aug
sides to the default of broadcast and run debug
ip ospf adjacency
On Sat, Aug 18, 2012 at 6:43 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hello,
I run into this one trying to understand the features, is not documented in
any lab is merely me playing around. I have the following scenario
I think Piotr make it really straight forward last time it happened.
Sent from my iPhone
On Aug 25, 2012, at 11:05 PM, Fawad Khan fawa...@gmail.com wrote:
Those who have given exam couple of times know.
Any config with up address 4x.4x.yy.zz will also tell.
Also I checked some
The AAA authentication must have @ in front of the domain for proper
authentication. The gateway will remain without the @. Very important if you
are using the same computer and browser, clear everything (cookies, history and
such) then try again with the other user.
Mike.
From:
you please refer me to any Cisco document that explains it? I mean the “@”
part
Eugene
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, August 27, 2012 10:08 PM
To: Eugene Pefti; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] SSL VPN, one gateway, two
seeing the right title but I still can’t login
after changing the domain authentication to @admin and @user.
From: Mike Rojas [mailto:mike_c...@hotmail.com]
Sent: Monday, August 27, 2012 10:12 PM
To: Eugene Pefti
Subject: RE: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts
You will be able to login without the @ but it will load only one context.
Mike.
From: eug...@koiossystems.com
To: madsen.ja...@gmail.com
Date: Tue, 28 Aug 2012 05:28:14 +
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts
If the question says allow BGP to successfully authenticate and it doesnt
specify it (that you need to allow traffic inbound) once the peers are
authenticated, you should stop seeing those messages. That being said it is not
a requirement and since the questions does not specifies it, you can
Hey
If there is a flow already started on the asa firewall the return packets will
hit whatever policy you have defined for the initial flow Thats the idea of
stateful firewall..
Im not quite sure how accurate is the show service policy flow in regards to
already established flows...but
carefully what they
ask.
Mike Rojas
Date: Fri, 14 Sep 2012 11:13:33 +0200
From: peter.jorgen...@mil.dk
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] ASA contexts with a shared physical interface.
Hi
Have a doubt about
Sent from my iPhone
On Sep 26, 2012, at 5:09 PM, Guardgrid guardg...@gmail.com wrote:
No in the doc. What about the route to the discard addr on the trigger, is
that needed?
Sent from my iPhone
On Sep 26, 2012, at 6:46 PM, Fawad Khan fawa...@gmail.com wrote:
No.
On
Prepare for anything.
All of them are exam-like
Date: Fri, 28 Sep 2012 12:56:22 -0500
From: shipbgps...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] time for 5 Full-scale Labs only.
Hi All,
The company I work for just bought for me the Volume 2 Workbook for
for 5 Full-scale Labs only.
no, they are not. :-) lab 20 is a killer :-)
try 11 to 15, if you still have time, 18 - 19.
And definitely try both Yusuf labs.
HTH
A.
On 9/29/2012 4:00 AM, Mike Rojas wrote
Hello Jason,
It should apply the same for Mail Relay. It should work as well.
Mike Rojas.
Date: Sat, 29 Sep 2012 00:44:13 -0600
From: madsen.ja...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] SMTP Inspection
Hi Group,
I just thought of something while
Hello Jason,
Two things, make sure that there are no class maps, policy maps or anything.
Once sure of that, use clear config fixup that should bring back the
defaults.
Cheers,
Mike Rojas.
Date: Mon, 1 Oct 2012 11:31:25 -0600
From: madsen.ja...@gmail.com
To: ccie_security
scratch and using the default
values, (class inspection default, policy map global policy and even the
service-policy)
Mike Rojas
From: michael.mulholl...@dfpni.gov.uk
To: pi...@howto.pl
Date: Tue, 2 Oct 2012 00:47:48 +0100
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL
Hello Allan,
That is in FACT what you need to do, however be careful because the port for
Gdoi (UDP 848) does not appear there as open port even if the router is the Key
server. So if your router is key server or if it is running GET, you need to
have that in mind.
Mike Rojas.
From
Hi back on my studies, its everything that is not normally found on a regular
subject name. Such as the hostname or any other attribute that can be attached
to a x.509 cert
Sent from my iPhone
On Oct 12, 2012, at 12:10 AM, Jason Madsen madsen.ja...@gmail.com wrote:
actually, re-reading that
to break in the lab? :) I just recall in
the previous thread that it might be a bad idea to use mac address
auto in the lab?
Cheers,
Matt
CCIE #22386
CCSI #31207
On 21 October 2012 12:14, Mike Rojas mike_c...@hotmail.com wrote:
Mac address auto is the trick on all of those exercises
Hi
http://www.ccie1.com/?p=427
Thanks,
Mike
From: ancampo...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Mon, 29 Oct 2012 18:10:35 +
Subject: [OSL | CCIE_Security] GETVPN using KS--ASA_Multiplecontext-GM with
multicast rekey..
Hi there,
Can anyone point me or
Hahaha, i know the feeling It will taste better when i get it on my own
Sent from my iPhone
On Dec 5, 2012, at 2:27 AM, Dave Craddock d...@craddock.us wrote:
Problem is there will always be someone that wants the fast route. They get
found out when they can’t do the job but then it’s too
This is a very easy concept, the answer is yes...
Look for RPF check... U need to be careful that there are no asymmetric nat
rules.
Sent from my iPhone
On Dec 19, 2012, at 10:19 AM, Joe Astorino joeastorino1...@gmail.com wrote:
Nobody?
On Thu, Dec 13, 2012 at 4:18 PM, Joe Astorino
Building Systems
Cisco UC Mobility Number: (513) 870-1187
CCNA, CCSP, CCNP Voice, MSCE+S
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Jay McMickle
Sent: Friday, December 28, 2012 1:28 PM
To: Adil Pasha; Mike Rojas
Cc
No support for SSH client. Thats it.
Mike Rojas
Security Technical Lead
From: sheaha...@gmail.com
Date: Tue, 19 Feb 2013 19:36:50 -0500
To: sdib...@gmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Fw: SSH session
By that logic is not necessary to encrypt
code) that the default
would be some sort of Any as well.
My question here, what is the best method in order to match Non-IP traffic when
creating a CEF except?
Regards,
Mike Rojas
Security Technical Lead
Hello,
I have some doubts in regards to workbooks 1 and the information on the
Newsletter:
1-Are we going to receive the complete book? Or just by parts?
2-Are the solutions already on the workbook?
3-When are we going to be able to schedule labs on Proctor labs?
Mike Rojas
Security
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject: ASA OSPF Task 3 lab 2
Date: Sat, 16 Mar 2013 17:56:07 -0600
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject: OSPF on ASA (Task 3 Lab 2)
Date: Sat, 16 Mar 2013 15:26:25 -0600
Hi,
Hi Kevin and Marta,
Excellent, thanks for the tip. I will write it down on my notes.
The only thing in regards to Kevin is that the range may only work for ABRs.
range Summarize routes matching address/mask (border routers only)
Thanks a bunch, I will write this down.
Mike Rojas
Hi All,
I am having issues trying to upload the image to GNS. Once I start the router,
I get:
DynamipsError: 209-unable to start VM instance
'ghost-c7200p-adventerprisek9-mz.151-4.M1.image-127.0.0.1.ghost'
Have googled it but still not able to find the solution. Tried bunch of images,
Hi All,
Based on the link
http://www.ipexpert.com/Cisco/CCIE/Security/Development-Timelines
They should be on our accounts already, however I am not able to see the
workbooks. Is anybody having the issue? (My bad not checking it early)
Mike.
or the DSG's for Section 1 - 6.
His response was:
Section 2 will be available later tonight or in the AM. The DSG stuff is
getting edited and will trickle in over the next few days.
Cheers,
Warrick
On Tue, Mar 26, 2013 at 8:11 AM, Mike Rojas maykol.ro...@outlook.com wrote:
Hi All,
Based
ospf 1 router-id 11.45.45.11 network 10.0.10.0 255.255.255.0 area 1
network 192.168.10.0 255.255.255.0 area 0
area 1 filter-list prefix OSPF out
Marta Sokolowska.
2013/3/18 Mike Rojas maykol.ro...@outlook.com
From: maykol.ro...@outlook.com
To: ccie_security@onlinestudylist.com
Subject
Hi,
I do have some questions in regards to that specific point. It says that I need
to send the default route to Router 1 (Which I already did to practice prefix
lists :)) but it also says that change the distance of the null route to 250
and that is where I get confused.
Is the null route
...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Saturday, April 13, 2013 4:29 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Hi,
I do have some questions in regards to that specific point. It says
Hi,
This task says that you need to allow the traffic from the outside to the
loopback 222.222.222.222/32 on R2. The problem comes when it says that I need
to allow this using the Global ACL. There was already a Global ACL configured
but also, there are 2 access list on ASA3 used to allow
Thats what makes IPexpert the best on training for CCIE..
Way to go..
Mike.
From: mar...@ipexpert.com
Date: Fri, 26 Apr 2013 00:10:11 -0400
To: ccie...@onlinestudylist.com; ccie...@onlinestudylist.com;
ccie_security@onlinestudylist.com; ccie...@onlinestudylist.com;
#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security
ms
R5#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL
), round-trip min/avg/max = 1/2/4 ms
R5#exit
[Connection to 100.100.35.5 closed by foreign host]
R2#
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Friday, April 26, 2013 7:27 AM
To: ccie_security
Sam and Team,
I was checking the VoDs (They are good) and a question pops up. In normal
circumstances the ASA is going to allow everything from a higher to lower
security level.
This is where I got confused the other day. If we are tasked to configure a
global ACL, all the packets from a
://www.IPexpert.com
On Tue, Apr 30, 2013 at 1:43 AM, Mike Rojas mike_c...@hotmail.com wrote:
Sam and Team,
I was checking the VoDs (They are good) and a question pops up. In normal
circumstances the ASA is going to allow everything from a higher to lower
security level.
This is where I got
within a week for the remaining
sections.
Samarth Chidanand
Sr Instructor / Developer – IPexpert
CCIE #18535 (RS, Security)
CCSI #34585
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent
Hi,
I am having troubles with BGP passing through with authentication. I configured
the routers as follow (Since the Initial configs are not ready, but based on
the exercise you kind of know where it is going :))
R1
router bgp 14
no synchronization
bgp log-neighbor-changes
network
use NAT here as the BGP source address is built into
the MD5 hash.
Jason
On Wed, May 1, 2013 at 9:07 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
I am having troubles with BGP passing through with authentication. I
configured the routers as follow (Since the Initial configs
issue, and use a different class map? This
would remove the host restriction and just check on the BGP port.
class-map BGP
match port tcp eq bgp
The rest is the same.
Let us hear back.
Regards,
Jay McMickle- 2x CCIE #35355 (RS,Sec)
From: Mike Rojas mike_c
is the same. Let us hear
back. Regards,Jay McMickle- 2x CCIE #35355 (RS,Sec)
From: Mike Rojas mike_c...@hotmail.com
To: Jason Madsen madsen.ja...@gmail.com
Cc: ccie_security@onlinestudylist.com ccie_security@onlinestudylist.com
Sent: Wednesday, May 1, 2013 11:05 PM
Subject: Re: [OSL
Hi,
And just checking cuz currently i was trying to do everything on gns and real
equipment, i went to proctorlabs and everything is booked up to next month!!!
Are u guys going to open more spots there? What about when the you release the
mocklabs?
I wanted to take advantage since the WB are
Hi,
I looked on the DSG and it says that you need to only enable like 4 of the
traps. What I did was just to configure:
snmp-server enable traps all
And then I removed the one for syslogs. Is there any particular reason why only
4 Traps were enabled instead of all?
Mike.
Hi,
I used the Configuration files from the Failover Lab till Lab 10 and they seem
to be fine. The rest, I configured them myself (Since they were not released
yet).
I am about to finish the ASA WB and I have to say... Wooow... I dont think they
left anything behind on the ASA part, I do
Hello,
I have a quick question, and I think most of you know it but I am quite new
with Etherchannels and I need guidance on an issue that I am having. On Lab 9
which is the one with BVI Active/Active and BVI interfaces, there is a task
that we need to configure the etherchannel for the
stacks (2960S, 3750), switches in VSS
(4500E, 6500), Nexus in vPC but not on ASAs…
Hope that helps,
Patrick
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Samarth Chidanand
Sent: May-15-13 12:49 AM
To: 'Mike Rojas
Hi
I had both.
Mike
Sent from my iPhone
On May 15, 2013, at 11:08 PM, Tarik Admani t_adm...@yahoo.com wrote:
Hi,
I just checked the workbook section initial configs, and they seem to be the
final configurations after the workbook is completed. Could someone please
check and make sure
Hi,
I started Workbook 2 today and I can see that is requesting a task for a subnet
that I dont see. It is requesting to NAT the Vlan 101 but it is not on that
Router.
Is it requesting that info for the Vlan where the ISE is connected?
Cheers,
Mike.
Nevermind I found it :)
Mike.
From: mike_c...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Thu, 16 May 2013 19:11:30 -0600
Subject: [OSL | CCIE_Security] WB2 IOS NAT Task1 Point 9-14
Hi,
I started Workbook 2 today and I can see that is requesting a task for a subnet
that I
Hi,
I completed the IOS FW section today. I havent check the solution yet but I did
have to use the DSG to find out about the User-based Firewall.
Just to make sure, I would like to see if by using this feature is necessarily
to use the Tag and template class maps and policy maps.
Checking
for the update,
Mike your ACL seems to be for version 8.3 and above, the lab I am working on
has my firewall at pre 8.2 hence the ACL to the translated and not real ip
address.
Thanks,
Tarik Admani
From: Mike Rojas mike_c...@hotmail.com
To: Tarik Admani t_adm...@yahoo.com; IPX Forums
Samarth;
Some that come on the top of my head:
-Ipv6
-ISE
-ACS 5
-WSA
-Ikev2
-Wireless security.
If I come with more in the mean time, will reply.
Mike.
From: s...@ipexpert.com
To: ccie_security@onlinestudylist.com
Date: Thu, 30 May 2013 23:38:42 +0530
Subject: [OSL | CCIE_Security]
Hi,
I was checking this demo, the last video on the WSA introduction. There are
basically two policies created, one for Vlan100 and another one for Vlan60.
The VLAN100 is able to download the malware.exe file correctly because he is
only monitoring it.
Since The global policy was being
...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Sunday, June 2, 2013 4:33 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WSA Authentication, Policies and Proxy Bypass
Hi,
I was checking this demo, the last video on the WSA introduction. There are
basically two policies created, one
Take a look here:
http://proctorlabs.com/secure/shop
Mike Rojas
From: ama...@mantzcc.com
To: ccie_security@onlinestudylist.com
Date: Mon, 3 Jun 2013 20:58:30 +
Subject: [OSL | CCIE_Security] lab hardware and licensing
I am working to build my own lab and I was wondering if someone
Hi,
I am running Proxy settings on P1 with a PAC file. When the request gets in on
the P1 port I immediately get a RST from WSA. Web proxy is enabled on Express
forward.
Any suggestions?
Mike
___
For
Hi,
So I am using a virtual WSA for the WSA book. The main issue that I have is
that I need to point a route of 192.168.0.0 to the ASA.
I put the route in place, but all the traffic is still taking the Management
default gateway to return back to the host that made the request.
I remember
get to the destination because of some
routing missbehavior... If you get an answer I would also use it...:P
—
Sent from Mailbox for iPhone
On Wed, Jun 12, 2013 at 11:29 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
So I am using a virtual WSA for the WSA book. The main issue that I
101 - 200 of 236 matches
Mail list logo