Wouldn't it be reasonable for Cisco to answer this question? i.e. "What GUIs are available in the V3 blueprint?"
_____ From: Dave Craddock [mailto:[email protected]] Sent: Sunday, April 19, 2009 11:39 AM To: Matt Blake; Paul Stewart; [email protected] Subject: Re: [OSL | CCIE_Security] SSL VPN and DAP It is my understanding that you can only use the GUI if it is built into the device e.g. IDS the gui on the ASA is a separate load so not part of the base appliance. From: [email protected] [mailto:[email protected]] On Behalf Of Matt Blake Sent: 19 April 2009 17:54 To: Paul Stewart; [email protected] Subject: Re: [OSL | CCIE_Security] SSL VPN and DAP Not sure on Q1 - the vpnsetup command is that only one that I am aware of. As for Q2 - I am just going by the CCIE Security blueprint: On v3 Note: The IPS sensor can be configured using CLI and managed through the IPS Device Manager On v2 The VPN Concentrator can be configured using CLI (Command Line Interface) or a GUI web interface. The IDS sensors can be configured using CLI and managed through the IDS Device Manager. The assumption here is that the only GUI we will have access to is IDM. - Matt From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Saturday, April 18, 2009 5:08 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] SSL VPN and DAP The config mode "vpnsetup" command is a nice feature. I wasn't aware of its existence. That is basically the help command for a configuring vpns instead of context help for a single command. You can basically turn on the text capture feature in your terminal client and capture the commands that you will want to custom tailor to the your situation. Your response actually helped a lot but spawned two other questions in my mind. 1. Are there any other ASA commands like this that can give us access to sample commands quicker than looking on the DocCD? 2. How do we no that they want give us browser access to these devices and ask us to configure up CSD, DAP and Portal Customization? It would seem to me that these would be fair game but allowing this access would also give the candidate access to the ASDM and maybe Cisco wants to prevent that. On Sat, Apr 18, 2009 at 9:15 AM, Matt Blake <[email protected]> wrote: Paul, Since you can't configure a lot of SSL VPN features on the ASA via CLI such as portal customization, url lists, DAP attributes and CSD is GUI only - I have spent my SSL VPN study on IOS. Other than CSD there isn't much (that I have come across) that you cannot configure via IOS CLI. I am assuming that we will not have access to any GUI other than IPS during the lab, but I could be in for a surprise. By the way, the ASA has nice feature to walk you through the VPN configuration via CLI. >From config mode type "vpnsetup ?" and follow along. If I am wrong on any of these points, please someone shout out and correct me. This is also a point of confusion for me, I can't understand why Cisco would remove functionality from the CLI. - Matt From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Friday, April 17, 2009 9:41 PM To: [email protected] Subject: [OSL | CCIE_Security] SSL VPN and DAP I am curious as to how and to what extent others are studying for SSL VPN on the ASA and IOS as well as DAP (Dynamic Access Policies) on the ASA. It seems to me that with all of the bells and whistles, they could really mess with you in the version 3 lab. Additionally, some of the config is not really stored in running-config. Luckily, this is not an infrastructure component so there probably wont be other tasks that are dependant on it. In any case, does anyone have any thoughts as to what is reasonable (or likely) for them to throw at you in the lab?
