Hi Terry If you fix the route issue, then during 5.1 ASA cut-through proxy will work. But when you complete 7.2, the telnet will be dropped and hence 5.1 will be considered as incomplete. Is this what you are trying to say?
With regards Kings On Tue, Jun 15, 2010 at 7:31 PM, Terry Little (terlittl) <[email protected] > wrote: > Hi Kings, > > > > I found the route issue and fixed that. I have verified that the issue is > with the NBAR config on R2 (inbetween R1 and the ASA) that causes R2 to drop > ALL telnet from R5 and SW1. I just can’t figure out how to reconcile the the > requirements of 5.1 and 7.2 so that both work at the same time. I can make > either work just fine by themselves. > > > > Anyone else have any experience with this lab that got it to work??????? > > > > Terry Little > > (425) 894-4109 (m) > > (425) 468-1057 (o) > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Tuesday, June 15, 2010 12:31 AM > > *To:* Terry Little (terlittl) > *Cc:* CCIE Sec > *Subject:* Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 > > > > Hi Terry > > I did lab 2 two times. The ASA cut-through proxy verification was not > successful. I was able to telnet but it just hanged. First time I was not > able to find the issue but the 2nd time I found that the ASA didn't have the > route to R1. > > I suspect, there is a problem in the lab as I hit it two times. > > > With regards > Kings > > On Mon, Jun 14, 2010 at 11:11 PM, Terry Little (terlittl) < > [email protected]> wrote: > > Kings, > > > > Do you have any idea how to resolve this, or it really just a problem with > the lab…i.e. ask the proctor. J > > > > > > Terry Little > > (425) 894-4109 (m) > > (425) 468-1057 (o) > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Monday, June 14, 2010 9:26 AM > > > *To:* Terry Little (terlittl) > *Cc:* CCIE Sec > *Subject:* Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 > > > > Yes, there is some slight confusion there. > > > With regards > Kings > > On Mon, Jun 14, 2010 at 7:34 PM, Terry Little (terlittl) < > [email protected]> wrote: > > I have a serious confusion concerning section 5.1 and how it interacts with > section 7.2. > > > > 5.1 configures the ASA to authenticate telnet from R5 to R1. The traffic > path is R5-R6-ASA1/c1-R2-R1. Ok this part is cool and works fine before you > complete 7.2. > > > > 7.2 marks all telnet traffic reaching R6 from DLCI 65, and then R2 drops > all the marked traffic. > > > > I do NOT see how these two can coexist. Any thoughts? What am I missing? > > > > Regards, > > > > Terry Little > > [email protected] > Phone: +1 425 468 1057 > > Mobile: +1 425 894 4109 > > Cisco Systems, Inc. > > Network Consulting Engineer > World Wide Security Services Practice > Cisco.com - http://www.cisco.com > > > > This email may contain confidential and privileged material for the sole > use of the intended recipient. Any review, use, distribution or disclosure > by others is strictly prohibited. If you are not the intended recipient (or > authorized to receive for the recipient), please contact the sender by reply > email and delete all copies of this message. > > For corporate legal information go to: > http://www.cisco.com/web/about/doing_business/legal/cri/index.html > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
