I'll by that. Be nice if the lab actually worked though. :) Terry Little, Cisco Systems Inc. (425) 468-1057 (w), (425) 894-4109 (c) For corporate legal information go to:http://www.cisco.com/web/about/doing_business/legal/cri/index.html (Sent from handheld device)
________________________________ From: Kingsley Charles <[email protected]> To: Terry Little (terlittl) Cc: CCIE Sec <[email protected]> Sent: Tue Jun 15 07:30:11 2010 Subject: Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 If you check the lab solution verification for 5.1, they are checking for "show uauth" O/P. Even, if the telnet connection is dropped by R2, you will still be having the "uauth" entry when you issue "show uauth" on context c1. Hence, it will be considering as working at the end of the lab. Just a thought. With regards Kings On Tue, Jun 15, 2010 at 7:41 PM, Terry Little (terlittl) <[email protected]> wrote: Yep that nails it on the head. My understanding is at the end of the lab everything is supposed to work unless it says otherwise. Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Kingsley Charles [mailto:[email protected]] Sent: Tuesday, June 15, 2010 7:10 AM To: Terry Little (terlittl) Cc: CCIE Sec Subject: Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 Hi Terry If you fix the route issue, then during 5.1 ASA cut-through proxy will work. But when you complete 7.2, the telnet will be dropped and hence 5.1 will be considered as incomplete. Is this what you are trying to say? With regards Kings On Tue, Jun 15, 2010 at 7:31 PM, Terry Little (terlittl) <[email protected]> wrote: Hi Kings, I found the route issue and fixed that. I have verified that the issue is with the NBAR config on R2 (inbetween R1 and the ASA) that causes R2 to drop ALL telnet from R5 and SW1. I just can’t figure out how to reconcile the the requirements of 5.1 and 7.2 so that both work at the same time. I can make either work just fine by themselves. Anyone else have any experience with this lab that got it to work??????? Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Kingsley Charles [mailto:[email protected]] Sent: Tuesday, June 15, 2010 12:31 AM To: Terry Little (terlittl) Cc: CCIE Sec Subject: Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 Hi Terry I did lab 2 two times. The ASA cut-through proxy verification was not successful. I was able to telnet but it just hanged. First time I was not able to find the issue but the 2nd time I found that the ASA didn't have the route to R1. I suspect, there is a problem in the lab as I hit it two times. With regards Kings On Mon, Jun 14, 2010 at 11:11 PM, Terry Little (terlittl) <[email protected]> wrote: Kings, Do you have any idea how to resolve this, or it really just a problem with the lab…i.e. ask the proctor. J Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Kingsley Charles [mailto:[email protected]] Sent: Monday, June 14, 2010 9:26 AM To: Terry Little (terlittl) Cc: CCIE Sec Subject: Re: [OSL | CCIE_Security] Yusuf Lab2 sec 5 Yes, there is some slight confusion there. With regards Kings On Mon, Jun 14, 2010 at 7:34 PM, Terry Little (terlittl) <[email protected]> wrote: I have a serious confusion concerning section 5.1 and how it interacts with section 7.2. 5.1 configures the ASA to authenticate telnet from R5 to R1. The traffic path is R5-R6-ASA1/c1-R2-R1. Ok this part is cool and works fine before you complete 7.2. 7.2 marks all telnet traffic reaching R6 from DLCI 65, and then R2 drops all the marked traffic. I do NOT see how these two can coexist. Any thoughts? What am I missing? Regards, Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
