Hi All,
I've just received my lab results of my attempt today. And frankly, I'm completely amazed. The whole lab exam went perfect in my opinion, I had finished 80% of the tasks just before lunch with only three tasks left, one which I knew I had to use reference, one was NTP troubleshooting that took some more time and some ezvpn stuff that was playing around. Did the reboot just before lunch and basically finished lunch with a good feeling. Had a small thing just after lunch (thank goodness for reboot testing). And basically I finished everything around 2PM. So I did another full reboot and full reread of everything and reverified evertything that was to be verified (checked output, etc). And left the exam at 3PM (I rebooted three times, read through the exam three times and everything was working as expected, al the nasty stuff they've put in it was gone, a nice happy lab). But my lab results is telling me failed. And that surprises me.. Actually so much that I asked a reread as I know that packet tracer command on the asa is not one of the most truthfullnesss for packet tracing So currently, I failed my third attempt, but it really has started to wonder if I'm reading or misinterpreting things at this moment. my firewall scoring and IPS was much lower then expected. I'm most amazed on those two, as I completed both as expected. But that's why I asked the reread. I can understand about the advanced security that I might've missed one task and I might 've interpreted one task on the network attacks incorrectly as well. But then again. could be part of the lab. But what really starts to frustrate me is that you don't get any idea why you've scored so low on those topcis, when the verification works. It would be really great, with NDA, that with these kind of scores, you can ask the proctor or anybody why the proctor thinks that the config / working is incorrect, while you see that it is correct. There are always more than one way to get to rome. Let's say, and I'm saying that this is an actual exam question, but I've seen it on one of the many labs I've done in the past few weeks. Configure network this and that that when it goes to that destination, it must be translated to this ip, and to that ip for other traffic, do not use static. So, my guess is: access-list acl_nat1 permit <sourcenetwork> <destinationnetwork> access-list acl_nat1_rest permit <sourcenetwork> any nat (inside) 1 access-list acl_nat1 nat (inside) 2 access-list acl_nat1_rest global (outside) 1 <translate1> global (outside) 2 <translateother> The thing is, I could've replaced the nat (inside) 2 access-list nat (inside) 2 <sourcenetwork> And it also works. So the question is, how is it verified, as both solutions work. Sometimes it could be that the proctor might not know everything about what you can or cannot do with an asa, and could then write off your points? So, I'm a bit dissapointed, and i'm not hoping on the reread to succeed, but I'm more amazed / surprised about that if you have more than perfect time management, everything is verified ok, and then still fail. That is really weird to me. I'll probably go for a fourth attempt, as I'm way to stubborn to not get it, but sometimes you really start wondering how things are scored... Pieter-Jan --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/
<<inline: green.gif>>
Think before you print.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
