VRF Aware IPsec is a very real topic. In fact we have it deployed at our edge for our Voice Racks. But MPLS and L3 VPN are not covered under the blueprint thus VRF Aware IPsec currently isn't under the blueprint. You would be required to understand MPLS and Multiprotocol BGP. Again all stuff that is currently not there.
They are definitely cool features though. The fact that you can break the routers into virtual routing instances. It is awesome. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: Mohammed Gazzaz [mailto:[email protected]] Sent: Thursday, May 07, 2009 3:23 PM To: [email protected]; [email protected] Subject: RE: [OSL | CCIE_Security] Two New Features Tyson, Are you sure ? what about this http://cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/ sec_ipsec_mib_vrf.html Clearly, it was not my day. I could not login to one of the routers because the enable password was different. The proctor thought I changed the password (Why would I do that?). After debating with him, he talked to the engineers in Brussels and they fixed the issue. I was not able to use the ACS server for authentication and many questions were depending on this part. I was able to ping the ACS server and telnet to port tcp 49 and tcp 2002 but when I did "test aaa. ...." I got this error " No authorative response from the server" I went to the proctor and he told me that I have to figure out the solution. I only saw this error when the trial version of the ACS expired after 3 months. Regards, Mohammed Gazzaz _____ From: [email protected] To: [email protected]; [email protected] Subject: RE: [OSL | CCIE_Security] Two New Features Date: Thu, 7 May 2009 14:14:13 -0400 Mohammed, VRF is not covered on the Security blueprint at this time. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Mohammed Gazzaz Sent: Thursday, May 07, 2009 1:24 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] Two New Features Hello, Yes, only two ASA's. I went to the lab Yesterday and did not pass. (First Attempt) I failed becuase I read in a blog (Long time ago) that Cisco will take their time to introduce the new changes and though that I will only get one or two questions from the new blueprint. I was wrong. 25 questions (each one equals 4 points) many questions on the new stuff and Troubleshooting is a big part now. I got 3 or 4 questions to troubleshoot VPN configurations. Going to DOC CD to read and to figure out the solution for most of the new techonlogies during the exam will consume your time. Any way, It was a good experience for me and now I know my weak points. Is VRF+IPSEC part of the securtiy exam? Regards, Mohammed Gazzaz _____ From: [email protected] To: [email protected] Date: Thu, 7 May 2009 04:10:15 -0400 CC: [email protected] Subject: Re: [OSL | CCIE_Security] Two New Features John, Sorry if it wasn't clear, this is a continuation from my previous email just before this where I stated "There are only two ASA's on the lab". When it was announced in October for the blueprint change Yusef, the program manager, stated at the time there were no plans to add additional ASA's to the lab. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: John Meggers [mailto:[email protected]] Sent: Wednesday, May 06, 2009 8:28 PM To: Tyson Scott Subject: Re: [OSL | CCIE_Security] Two New Features Umm... To your knowledge what? John Sent from my iPhone On May 6, 2009, at 7:53 PM, "Tyson Scott" <[email protected]> wrote: To my knowledge Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: John Meggers [mailto:[email protected]] Sent: Wednesday, May 06, 2009 7:34 PM To: Tyson Scott Cc: <[email protected]> Subject: Re: [OSL | CCIE_Security] Two New Features Is there any information about whether additional ASAs have been added to the racks to replace the PIX and VPN3K? John Sent from my iPhone On May 6, 2009, at 4:26 PM, "Tyson Scott" <[email protected]> wrote: Hey Guys, I have completed the Proctorlabs load lab config feature. The load lab configuration feature now supports loading the configuration for IPS Sensor, ASA, and ACS. So if a lab has any of these devices you can now have the base or final configuration for these devices loaded to save yourself some time when you are working on Proctorlabs. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. _____ check out the rest of the Windows LiveT. More than mail-Windows LiveT goes way beyond your inbox. More than messages <http://www.microsoft.com/windows/windowslive/> _____ check out the rest of the Windows LiveT. More than mail-Windows LiveT goes way beyond your inbox. More than <http://www.microsoft.com/windows/windowslive/> messages
