Paul,
Since you can't configure a lot of SSL VPN features on the ASA via CLI such as portal customization, url lists, DAP attributes and CSD is GUI only - I have spent my SSL VPN study on IOS. Other than CSD there isn't much (that I have come across) that you cannot configure via IOS CLI. I am assuming that we will not have access to any GUI other than IPS during the lab, but I could be in for a surprise. By the way, the ASA has nice feature to walk you through the VPN configuration via CLI. >From config mode type "vpnsetup ?" and follow along. If I am wrong on any of these points, please someone shout out and correct me. This is also a point of confusion for me, I can't understand why Cisco would remove functionality from the CLI. - Matt From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Friday, April 17, 2009 9:41 PM To: [email protected] Subject: [OSL | CCIE_Security] SSL VPN and DAP I am curious as to how and to what extent others are studying for SSL VPN on the ASA and IOS as well as DAP (Dynamic Access Policies) on the ASA. It seems to me that with all of the bells and whistles, they could really mess with you in the version 3 lab. Additionally, some of the config is not really stored in running-config. Luckily, this is not an infrastructure component so there probably wont be other tasks that are dependant on it. In any case, does anyone have any thoughts as to what is reasonable (or likely) for them to throw at you in the lab?
