Pieter-Jan, Don't get discouraged from Lab 20. I can't finish it in 8 hours either.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: Pieter-Jan Nefkens [mailto:[email protected]] Sent: Monday, May 24, 2010 2:02 PM To: Brandon Carroll; Mike Down Cc: Tyson Scott Subject: CCIE Security, Lab 19, results Hello Brandon, Mike, Tyson, I just finished your Lab 19 as a full day lab. I managed to get 84 points, but with a few questions / comments. Can you verify if answering these questions the way I did, would've gotten (probably) full points as well. Task 2.1: I used lower-case security zones, would that be a problem? Task 5.1: In the DSG, loop0 is used as source interface for tacacs. I didn't do that, as it was not explicitly mentioned. It was mentioned to test to R5 loopback's address, so that is the test for telnet and ssh. Task 6.1: I specified snmp-server correctly, bud didn't add Task 6.3 I used the match protocol ssh to match on ssh traffic instead of ACL. I couldn't find a reason not to do it that way. Task 7.3: In task 7.3, there is a task to configure a minimum bandwidth guarantee fof 20 percent for GETVPN. I used the match protocol ipsec (as getVPN uses ESP to encrypt the payload) and created a combination class-map match-any to match on both isakmp (UDP 848) traffic and esp traffic. Would that still count? My feeling is that GetVPN is not only about the ISAKMP, but traffic that is encrypted as well. But that could be my lack of english.. Also, I did this lab in just under the five hours. And that included perparation, reading and the troubleshooting (you guys were nasty with a one-way deny esp btw) and making every mistake possible on the GDOI and DMVPN (PSK, policies, the works).. Anyway, what would my chances be with this score of 84, good core knowledge score and 5 hours to have done lab 19? TIA Pieter-Jan PS @mike: Still working for the location, today is a public holiday, so I hope to get some answers tomorrow.. --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
