-0500
CC: ccie_security@onlinestudylist.com
To: mike_c...@hotmail.com
Mike-Are you using only the WSA management interface? Did you add a static
route on the WSA or only using the default route?
Regards,Jay McMickle- 2x CCIE #35355 (R/S,Sec)Sent from my iPhone 5
On Jun 12, 2013, at 8:48 PM, Mike
config or use that would have changed
this? Can you wipe it and run through the setup again if you can't get it
working through the menu or CLI?
Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)
Sent from my iPhone 5
On Jun 13, 2013, at 11:18 AM, Mike Rojas mike_c...@hotmail.com wrote:
Jay
it falls out of the
specified time range. Hence in your access logs you see
“MONITOR_CONTINUE_WEBCAT”.
Sam
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Tuesday, June 18, 2013 8:16 AM
Hi Joe;
Main difference, you can change the order of the NAT statements, with Auto, you
cant.
For Dynamic NAT/PAT, I would definitely encourage you to use Auto NAT and for
Statics to use Manual, here is an example why:
If you have an inbound connection and the Dynamic PAT is configured
the identity and on the policy, when they said
identity to use, I selected the One that I created then on advanced, I selected
my time-range, instead on the DSG they select all, authenticated and not
authenticated users.
Any thoughts?
Mike Rojas
Security Technical Lead
Samsung Mobile
Original message
From: Mike Rojas mike_c...@hotmail.com
Date: 20/06/2013 06:59 (GMT+05:30)
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] WSA Research Host NoAuth Policy
Hi;
I am doing the policy where the not authenticated user can
Joe;
This is the problem:
From: joeastorino1...@gmail.com
Date: Wed, 19 Jun 2013 21:31:17 -0400
To: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] 8.4 VPN Hairpin
Anybody? Really interested to know the answer. I have read everything I can
find on the topic.
Sent from
Joe;
(Stupid Outlook sorry for the previous e-mail)
object network obj_any
nat (any,outside) dynamic interface
Lets say that the VPN client goes out being Natted to the interface IP,
everything is good, BUT, the reply packet from the source on the internet, will
ALSO try to hit the same
Hi,
On this particular, it does says Only for IT subnet. Where on the DSG it says
that is only for IT?
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
ERROR: access-list outside_access_in does not exist
Mike Rojas
Date: Tue, 9 Jul 2013 20:57:40 +0200
From: pi...@howto.pl
To: ateki...@hotmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] ASA - ACL applied to interface with no ip
address
Aaron
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike.
___
For more information regarding industry leading CCIE Lab training,
activated. To modify physical settings for any port, including T1/T2,
use etherconfig.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jul 10, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com
, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike
: http://www.IPexpert.com
On Wed, Jul 10, 2013 at 2:56 AM, Mike Rojas mike_c...@hotmail.com wrote:
Hi,
Is it possible to add a new interface on a already installed WSA? I need to add
a T1 interface for the final part of the lab.
Mike
with the certificate used by the old
Ironport or at least with the pointers. Did you check that?
BR,Bruno Silva.
Em 11/07/2013, às 22:58, Mike Rojas mike_c...@hotmail.com escreveu:Hi Bruno;
I had to install it from scratch, I did not find a way to add another interface
to the VM. So I backed up the file
suggestions are very welcome.
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
to see if you find it. Aside
from that, I think It was a good idea for me using it that way because I was
more aware of the file structure of the WSA.
Hope it helps.
Mike Rojas
Security Technical Lead
From: d...@syssec.biz
Date: Wed, 31 Jul 2013 10:50:27 +0900
To: ccie_security
Hi All,
I was able to successfully join the ISE to the DC, however I am not able to see
the security groups. I tried to browse for troubleshooting steps but cant seem
to find any.
On my WSA, it works like a charm.
Any guidance onto what to check?
Mike
, 2013, at 3:45 AM, Mike Rojas mike_c...@hotmail.com wrote:Hi All,
I was able to successfully join the ISE to the DC, however I am not able to see
the security groups. I tried to browse for troubleshooting steps but cant seem
to find any.
On my WSA, it works like a charm.
Any guidance onto what
that in the gui itself, so I'm guessing you meant ftp in the browser.I'll try
it, but I also used filezilla to access it and I couldn't see the files.
I did try it on a different pod, and the directories were there, which is very
odd. Thanks Mike!-DanOn Aug 2, 2013, at 3:43 AM, Mike Rojas
mike_c
Tried with Mozilla, Chrome and IE, none of them show any groups.
Mike.
Date: Thu, 1 Aug 2013 20:53:30 -0700
From: t_adm...@yahoo.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] ISE, Unable to see security groups
Which browser are you using, try using Mozilla or IE. I
but either use version 9 or enable
Compatibility Mode (press ALT, then tools - Compatibility Mode I believe is
how you enable it).
Regards,
--Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Aug 2, 2013 at 6:54 PM, Mike
(Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Aug 2, 2013 at 6:54 PM, Mike Rojas mike_c...@hotmail.com wrote:
Tried with Mozilla, Chrome and IE, none of them show any groups.
Mike.
Date: Thu, 1 Aug 2013 20:53:30 -0700
From: t_adm
Good ISE profiling info:
http://www.thesecurityblogger.com/?p=632
Mike.
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking
Hi;
I completed the MAB for the IP phone task, however I have some doubts and I
think it resides on concepts.
1-When the Phone connects to the Network, the guide says that the Username and
password Attribute is going to be the device MAC address. I guess this is
authenticated against the
profile went
fine and the Policy was downloaded correctly.
Any help would be appreciated.
Mike Rojas
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
if
it was permitting all IP to get the dACL feature work.
Regards,
--
Piotr KaluznyCCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.URL: http://www.IPexpert.com
On Tue, Oct 1, 2013 at 10:51 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hello,
I am encountering an issue
Kaluzny
CCIE #25665 (Security), CCSP, CCNPSr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Oct 1, 2013 at 11:31 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi Piotr;
Thanks for the explanation. Yeah, at some point I remember about that ACL when
we were doing Dot1x
and multi-host settings will change the source
to the specific learned ip from device tracking or dhcp snooping, while
single-host will not.
Jan
2013/10/1 Mike Rojas mike_c...@hotmail.com
Hi Piotr;
Thanks for the explanation. Yeah, at some point I remember about that ACL when
we were
Hello;
I have an issue setting up the profile for the wirless client. I configured the
Profile using the Anyconnect Profile editor, I save the profile, but when I
went and did the network repair, only the wired network was showed.
Another thing (and this is an aside Note for whoever is
Hello;
So I managed to fixed the problem with the profile that I had before. The main
issue that I have right now is with the authentication.
I didnt have a wireless device so I added a Dlink adapter and selected the
option to create a profile to it.
When I authenticate, I get the following
Any Ideas? Im a bit behind with the rest of the lab just for testing this.
Mike.
From: mike_c...@hotmail.com
To: ccie_security@onlinestudylist.com; pio...@ipexpert.com
Date: Wed, 9 Oct 2013 18:17:12 -0600
Subject: [OSL | CCIE_Security] ISE Wireless Dot1x issue
Hello;
So I managed to fixed
Tarik;
Thank you for your attention to this issue. So I brought a wireless CCIE to
help me a bit and we found out the issue. PEAP was failing because I had a Typo
on the authorization ACL on the ISE.
Once we corrected the typo PEAP worked and I was able to see it working. Just
CWA and It
Either we are both Doing it wrong, or it just doesnt trigger
I tried my configuration using a the loopback as the trigger (did not work)
and then added a new interface (fa0/1) put a host there and add the host for
trigger the ACL and it worked fine.
This is triggered on the debug IP packet
Hi;
I did the CWA for the wireless client and everything worked fine. The only
thing weird is that I am seeing like 3 or 4 authentication successful and then
a fail, but the CoA is being done correctly and the client is being re-assinged
to the correct VLAN.
Has anybody run into this
Are you using Virtual WLC? I was told by an engineer from Wireless that if you
are running Virtual WLC, you must run FlexConnect.
Mike Rojas
From: sheaha...@gmail.com
To: ccie_security@onlinestudylist.com
Date: Fri, 13 Dec 2013 09:46:33 -0500
Subject: [OSL | CCIE_Security] 802.1x AP
201 - 236 of 236 matches
Mail list logo