Hello, It seems I have this working fine but whats odd is when I log one user in I can't immediately login to my other context as my other user. I'm using the local user dbase. I have to clear cache in my browser and clear webvpn session context all to get my other user to login. I've seen this problems inconsistently when using domains w/o aaa authentication domain as well. Anyone seen this before??..i'm running v15.1(1) T code. I'm *assuming* the creds are getting cached after I login to the first domain successfully. Is there way to auto clear webvpn cache?
REF: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd80512065.html This allows you to login as "admin" on the webvpn portal. The "@admin" string is passed on to aaa username admin@admin priv 15 password 0 cisco username temp@temp priv 15 password 0 cisco webvpn gateway derek ip address 192.168.2.11 port 443 ssl trustpoint TP-self-signed-1483162022 logging enable inservice ! webvpn context test ssl authenticate verify all ! url-list "admin" heading "ADMIN" url-text "ADMIN" url-value "http://11.11.11.11/admin"; ! ! policy group test url-list "admin" default-group-policy test aaa authentication list ezvpn aaa authentication domain @admin gateway derek domain admin logging enable inservice webvpn context test2 ssl authenticate verify all ! url-list "temp" heading "TEMP" url-text "temp" url-value "http://11.11.11.1/temp"; ! ! policy group test2 url-list "temp" default-group-policy test2 aaa authentication list ezvpn aaa authentication domain @temp gateway derek domain temp logging enable inservice On Tue, Oct 11, 2011 at 8:37 AM, <[email protected]>wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. Re: EZVPN Remote in IOS (Kingsley Charles) > 2. Re: EzVPN and VTI (Hussain Arsalan Ali) > 3. Re: EzVPN and VTI (Kingsley Charles) > 4. Re: EZVPN Remote in IOS (Kingsley Charles) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 11 Oct 2011 15:05:11 +0530 > From: Kingsley Charles <[email protected]> > To: yusef sheriff <[email protected]> > Cc: OSL Security <[email protected]> > Subject: Re: [OSL | CCIE_Security] EZVPN Remote in IOS > Message-ID: > <cahs0b06q9r_u5xtj075hn3rz-r1aupqrrcgiistojk+pc_1...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > Have you configured split tunneling on the ASA? > > > With regards > Kings > > On Tue, Oct 11, 2011 at 12:45 PM, yusef sheriff <[email protected]> > wrote: > > > Hi All, > > > > I have configured EZVPN server on ASA and remote clien is IOS router. VPN > > is able connect without any issue. But in remote clients are loosing the > > internet connectivity, NAT translation becomes empty once I applied the > > crypto ipsec ezvpn outside in dialer interfaces below is configuration of > > router. > > > > =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.11 11:07:53 > > =~=~=~=~=~=~=~=~=~=~=~= > > sh run > > Building configuration... > > Current configuration : 2999 bytes > > ! > > ! Last configuration change at 07:03:00 UTC Tue Oct 11 2011 > > ! > > version 15.0 > > service config > > service timestamps debug datetime msec > > service timestamps log datetime msec > > service password-encryption > > ! > > hostname Router > > ! > > boot-start-marker > > boot-end-marker > > ! > > ! > > no aaa new-model > > ! > > ! > > ! > > ! > > --More-- ! > > ! > > no ipv6 cef > > ip source-route > > ip cef > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > redundancy > > ! > > ! > > ! > > ! > > ! > > --More-- ! > > crypto ipsec client ezvpn ASA > > connect acl 105 > > group aooman key hlg2oma@vpn > > mode network-extension > > peer 213.42.108.130 > > username hlgoman password us@hlom > > xauth userid mode local > > ! > > ! > > ! > > ! > > ! > > interface GigabitEthernet0/0 > > ip address 10.10.10.1 255.255.255.0 > > ip access-group 100 out > > ip nat inside > > ip virtual-reassembly > > duplex auto > > speed auto > > crypto ipsec client ezvpn ASA inside > > ! > > ! > > --More-- interface GigabitEthernet0/1 > > no ip address > > duplex auto > > speed auto > > pppoe enable group global > > pppoe-client dial-pool-number 1 > > no cdp enable > > ! > > ! > > interface GigabitEthernet0/2 > > no ip address > > shutdown > > duplex auto > > speed auto > > ! > > ! > > interface Dialer0 > > no ip address > > ! > > ! > > interface Dialer1 > > ip address negotiated > > ip access-group 101 in > > --More-- ip mtu 1492 > > ip nat outside > > ip virtual-reassembly > > encapsulation ppp > > ip tcp adjust-mss 1452 > > dialer pool 1 > > dialer-group 1 > > ppp authentication chap pap callin > > ppp chap hostname hlgoman > > ppp chap password 7 15160D1A503A797C2E > > ppp pap sent-username hlgoman password 7 06020937185E5B410357 > > ppp ipcp dns request accept > > ppp ipcp route default > > ppp ipcp address accept > > ! > > ! > > ip forward-protocol nd > > ! > > no ip http server > > no ip http secure-server > > ! > > ip nat inside source route-map nonat interface Dialer1 overload > > ip route 0.0.0.0 0.0.0.0 Dialer1 > > --More-- ip route 172.23.1.0 255.255.255.0 10.10.10.2 > > ip route 172.23.2.0 255.255.255.0 10.10.10.2 > > ! > > ip access-list extended VPN_ACCESS > > deny ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 > > deny ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 > > deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 > > permit ip 172.23.1.0 0.0.0.255 any > > permit ip 172.23.2.0 0.0.0.255 any > > permit ip 10.10.10.0 0.0.0.255 any > > ! > > access-list 10 permit 172.23.2.0 0.0.0.255 > > access-list 10 permit 172.23.1.0 0.0.0.255 > > access-list 10 permit 10.10.10.0 0.0.0.255 > > access-list 100 permit ip any any > > access-list 101 permit ip any any > > access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 > > access-list 105 permit ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 > > access-list 105 permit ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 > > access-list 106 permit ip 172.23.1.0 0.0.0.255 any > > access-list 106 permit ip 172.23.2.0 0.0.0.255 any > > access-list 106 permit ip 10.10.10.0 0.0.0.255 any > > dialer-list 1 protocol ip permit > > ! > > ! > > ! > > ! > > route-map EVPN permit 1 > > match ip address 105 > > ! > > route-map nonat permit 10 > > match ip address VPN_ACCESS > > ! > > ! > > ! > > control-plane > > ! > > ! > > ! > > line con 0 > > line aux 0 > > line vty 0 4 > > password 7 07062C584F0A485744 > > login > > ! > > scheduler allocate 20000 1000 > > --More-- end > > Router# > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20111011/99b9e491/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Tue, 11 Oct 2011 14:35:52 +0500 > From: Hussain Arsalan Ali <[email protected]> > To: <[email protected]> > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > > THere is no NAT on ASA . Yes I am using GNS3 . Are you sure the config is > OK ? > > Date: Tue, 11 Oct 2011 15:02:38 +0530 > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > From: [email protected] > To: [email protected] > CC: [email protected] > > The issue is in IPSec Phase 2. > > > *Mar 1 07:54:30.054: ISAKMP:(1074): phase 2 SA policy not acceptable! > (local 136.1.123.3 remote 136.1.121.1) > *Mar 1 07:54:30.054: ISAKMP: set new node -133501578 to QM_IDLE > > Possible reasons are transform set or Proxy IDs doesn't match. But with > EzVPN, those are not relevant. > > The other reason would be ISAKMP profile. If the ISAKMP profile fails to > match the identity, we could see this message. > > > Are you using GNS? Is the ASA doing NAT? > > > With regards > Kings > > On Tue, Oct 11, 2011 at 1:17 PM, Hussain Arsalan Ali <[email protected]> > wrote: > > > > > > > > I tried doing it again in office and I can see the HTTP page on client > machine . When I type in the pass it times out after sometime . I am > attaching a debug file on R3 ( Server ) . > Can you tell me if the configuration done by me is correct ? I was thinking > if the crypto ipsec client ezvpn IT outside should be on the physical > interface ot the virtual-template interface I made on the CLient router . > > > Date: Tue, 11 Oct 2011 11:41:36 +0530 > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > From: [email protected] > To: [email protected] > > CC: [email protected] > > What is the issue? Is the tunnel coming up? > > > With regards > Kings > > > On Mon, Oct 10, 2011 at 11:28 PM, Hussain Arsalan Ali <[email protected]> > wrote: > > > > > > > > I am configuring EzVPN using VTI . R1 is Client while R3 is Server . There > is ASA in between which has allow any any statement there . It is working > fine with Network Extension Mode ( without VTI ) but when I switched to VTI > i cant bring things up . There is no isakmp debug messages on router . > Attached is config . > > > > > > ALI > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20111011/18b8525c/attachment-0001.html> > > ------------------------------ > > Message: 3 > Date: Tue, 11 Oct 2011 16:00:01 +0530 > From: Kingsley Charles <[email protected]> > To: Hussain Arsalan Ali <[email protected]> > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > Message-ID: > <cahs0b05fdgw_ymg-zorsw4qeo-rksctn-9hiredfito_nbo...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > Yes, I feel the config is good. I hope,I have not overlooked :-) > > > With regards > Kings > > On Tue, Oct 11, 2011 at 3:05 PM, Hussain Arsalan Ali <[email protected]> > wrote: > > > THere is no NAT on ASA . Yes I am using GNS3 . Are you sure the config > is > > OK ? > > > > ------------------------------ > > Date: Tue, 11 Oct 2011 15:02:38 +0530 > > > > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > > From: [email protected] > > To: [email protected] > > CC: [email protected] > > > > The issue is in IPSec Phase 2. > > > > > > *Mar 1 07:54:30.054: ISAKMP:(1074): phase 2 SA policy not acceptable! > (local 136.1.123.3 remote 136.1.121.1) > > *Mar 1 07:54:30.054: ISAKMP: set new node -133501578 to QM_IDLE > > > > > > > > Possible reasons are transform set or Proxy IDs doesn't match. But with > > EzVPN, those are not relevant. > > > > The other reason would be ISAKMP profile. If the ISAKMP profile fails to > > match the identity, we could see this message. > > > > Are you using GNS? Is the ASA doing NAT? > > > > > > With regards > > Kings > > > > On Tue, Oct 11, 2011 at 1:17 PM, Hussain Arsalan Ali <[email protected] > >wrote: > > > > > > I tried doing it again in office and I can see the HTTP page on client > > machine . When I type in the pass it times out after sometime . I am > > attaching a debug file on R3 ( Server ) . > > > > Can you tell me if the configuration done by me is correct ? I was > thinking > > if the* crypto ipsec client ezvpn IT outside *should be on the physical > > interface ot the virtual-template interface I made on the CLient router . > > > > ------------------------------ > > Date: Tue, 11 Oct 2011 11:41:36 +0530 > > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > > From: [email protected] > > To: [email protected] > > CC: [email protected] > > > > > > What is the issue? Is the tunnel coming up? > > > > > > With regards > > Kings > > > > On Mon, Oct 10, 2011 at 11:28 PM, Hussain Arsalan Ali <[email protected] > >wrote: > > > > I am configuring EzVPN using VTI . R1 is Client while R3 is Server . > There > > is ASA in between which has allow any any statement there . It is working > > fine with Network Extension Mode ( without VTI ) but when I switched to > VTI > > i cant bring things up . There is no isakmp debug messages on router . > > Attached is config . > > > > > > > > ALI > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20111011/f4a7487f/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Tue, 11 Oct 2011 18:07:30 +0530 > From: Kingsley Charles <[email protected]> > To: yusef sheriff <[email protected]>, > [email protected] > Subject: Re: [OSL | CCIE_Security] EZVPN Remote in IOS > Message-ID: > <cahs0b07+uk130lgphodpmkwzfqgvqvnakg2opxel0sdvbgu...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > With split tunnleings, the destination entry of the ACL is ignored and > hence > you can see that split tunneling entry 1, 2 and 3 are same. Just an info > that has nothing to do with the Internet disconnectivity. > > > Now, is destinations other than 172.16.0.0/16 not reachable for you? > > With regards > Kings > > On Tue, Oct 11, 2011 at 5:18 PM, yusef sheriff <[email protected]> > wrote: > > > please find the output below:- > > > > Router#sh crypto ipsec client ez > > Router#sh crypto ipsec client ezvpn > > Easy VPN Remote Phase: 8 > > > > Tunnel name : ASA > > Inside interface list: GigabitEthernet0/0 > > Outside interface: Dialer1 > > Connect : ACL based with access-list 105 > > Current State: IPSEC_ACTIVE > > Last Event: MTU_CHANGED > > DNS Primary: 172.16.1.95 > > Default Domain: habtoorengg.co.ae > > Save Password: Allowed > > Split Tunnel List: 1 > > Address : 172.16.0.0 > > Mask : 255.255.0.0 > > Protocol : 0x0 > > Source Port: 0 > > Dest Port : 0 > > Split Tunnel List: 2 > > Address : 172.16.0.0 > > Mask : 255.255.0.0 > > Protocol : 0x0 > > Source Port: 0 > > Dest Port : 0 > > Split Tunnel List: 3 > > Address : 172.16.0.0 > > Mask : 255.255.0.0 > > Protocol : 0x0 > > Source Port: 0 > > Dest Port : 0 > > Current EzVPN Peer: 213.42.108.130 > > > > > > On Tue, Oct 11, 2011 at 2:28 PM, Kingsley Charles < > > [email protected]> wrote: > > > >> Can you paste the "sh crypto ipsec client ezvpn" O/P. > >> > >> With regards > >> Kings > >> > >> > >> On Tue, Oct 11, 2011 at 3:15 PM, yusef sheriff <[email protected] > >wrote: > >> > >>> Yes. its configured. ASA configuration: > >>> > >>> access-list omanao-tunnel_splitTunnelAcl_1 extended permit ip > 172.16.0.0 > >>> 255.255.0.0 172.23.1.0 255.255.255.0 > >>> access-list omanao-tunnel_splitTunnelAcl_1 extended permit ip > 172.16.0.0 > >>> 255.255.0.0 172.23.2.0 255.255.255.0 > >>> access-list omanao-tunnel_splitTunnelAcl_1 extended permit ip > 172.16.0.0 > >>> 255.255.0.0 10.10.10.0 255.255.255.0 > >>> > >>> group-policy aooman attributes > >>> vpn-tunnel-protocol IPSec > >>> password-storage enable > >>> split-tunnel-policy tunnelspecified > >>> split-tunnel-network-list value omanao-tunnel_splitTunnelAcl_1 > >>> default-domain value habtoorengg.co.ae > >>> nem enable > >>> > >>> tunnel-group aooman type remote-access > >>> tunnel-group aooman general-attributes > >>> default-group-policy aooman > >>> tunnel-group aooman ipsec-attributes > >>> pre-shared-key * > >>> > >>> crypto map are starndard configuration > >>> > >>> On Tue, Oct 11, 2011 at 1:35 PM, Kingsley Charles < > >>> [email protected]> wrote: > >>> > >>>> Have you configured split tunneling on the ASA? > >>>> > >>>> > >>>> With regards > >>>> Kings > >>>> > >>>> On Tue, Oct 11, 2011 at 12:45 PM, yusef sheriff < > [email protected]>wrote: > >>>> > >>>>> Hi All, > >>>>> > >>>>> I have configured EZVPN server on ASA and remote clien is IOS router. > >>>>> VPN is able connect without any issue. But in remote clients are > loosing the > >>>>> internet connectivity, NAT translation becomes empty once I applied > the > >>>>> crypto ipsec ezvpn outside in dialer interfaces below is > configuration of > >>>>> router. > >>>>> > >>>>> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.11 11:07:53 > >>>>> =~=~=~=~=~=~=~=~=~=~=~= > >>>>> sh run > >>>>> Building configuration... > >>>>> Current configuration : 2999 bytes > >>>>> ! > >>>>> ! Last configuration change at 07:03:00 UTC Tue Oct 11 2011 > >>>>> ! > >>>>> version 15.0 > >>>>> service config > >>>>> service timestamps debug datetime msec > >>>>> service timestamps log datetime msec > >>>>> service password-encryption > >>>>> ! > >>>>> hostname Router > >>>>> ! > >>>>> boot-start-marker > >>>>> boot-end-marker > >>>>> ! > >>>>> ! > >>>>> no aaa new-model > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> --More-- ! > >>>>> ! > >>>>> no ipv6 cef > >>>>> ip source-route > >>>>> ip cef > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> redundancy > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> --More-- ! > >>>>> crypto ipsec client ezvpn ASA > >>>>> connect acl 105 > >>>>> group aooman key hlg2oma@vpn > >>>>> mode network-extension > >>>>> peer 213.42.108.130 > >>>>> username hlgoman password us@hlom > >>>>> xauth userid mode local > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> interface GigabitEthernet0/0 > >>>>> ip address 10.10.10.1 255.255.255.0 > >>>>> ip access-group 100 out > >>>>> ip nat inside > >>>>> ip virtual-reassembly > >>>>> duplex auto > >>>>> speed auto > >>>>> crypto ipsec client ezvpn ASA inside > >>>>> ! > >>>>> ! > >>>>> --More-- interface GigabitEthernet0/1 > >>>>> no ip address > >>>>> duplex auto > >>>>> speed auto > >>>>> pppoe enable group global > >>>>> pppoe-client dial-pool-number 1 > >>>>> no cdp enable > >>>>> ! > >>>>> ! > >>>>> interface GigabitEthernet0/2 > >>>>> no ip address > >>>>> shutdown > >>>>> duplex auto > >>>>> speed auto > >>>>> ! > >>>>> ! > >>>>> interface Dialer0 > >>>>> no ip address > >>>>> ! > >>>>> ! > >>>>> interface Dialer1 > >>>>> ip address negotiated > >>>>> ip access-group 101 in > >>>>> --More-- ip mtu 1492 > >>>>> ip nat outside > >>>>> ip virtual-reassembly > >>>>> encapsulation ppp > >>>>> ip tcp adjust-mss 1452 > >>>>> dialer pool 1 > >>>>> dialer-group 1 > >>>>> ppp authentication chap pap callin > >>>>> ppp chap hostname hlgoman > >>>>> ppp chap password 7 15160D1A503A797C2E > >>>>> ppp pap sent-username hlgoman password 7 06020937185E5B410357 > >>>>> ppp ipcp dns request accept > >>>>> ppp ipcp route default > >>>>> ppp ipcp address accept > >>>>> ! > >>>>> ! > >>>>> ip forward-protocol nd > >>>>> ! > >>>>> no ip http server > >>>>> no ip http secure-server > >>>>> ! > >>>>> ip nat inside source route-map nonat interface Dialer1 overload > >>>>> ip route 0.0.0.0 0.0.0.0 Dialer1 > >>>>> --More-- ip route 172.23.1.0 255.255.255.0 10.10.10.2 > >>>>> ip route 172.23.2.0 255.255.255.0 10.10.10.2 > >>>>> ! > >>>>> ip access-list extended VPN_ACCESS > >>>>> deny ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> deny ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> permit ip 172.23.1.0 0.0.0.255 any > >>>>> permit ip 172.23.2.0 0.0.0.255 any > >>>>> permit ip 10.10.10.0 0.0.0.255 any > >>>>> ! > >>>>> access-list 10 permit 172.23.2.0 0.0.0.255 > >>>>> access-list 10 permit 172.23.1.0 0.0.0.255 > >>>>> access-list 10 permit 10.10.10.0 0.0.0.255 > >>>>> access-list 100 permit ip any any > >>>>> access-list 101 permit ip any any > >>>>> access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> access-list 105 permit ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> access-list 105 permit ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 > >>>>> access-list 106 permit ip 172.23.1.0 0.0.0.255 any > >>>>> access-list 106 permit ip 172.23.2.0 0.0.0.255 any > >>>>> access-list 106 permit ip 10.10.10.0 0.0.0.255 any > >>>>> dialer-list 1 protocol ip permit > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> route-map EVPN permit 1 > >>>>> match ip address 105 > >>>>> ! > >>>>> route-map nonat permit 10 > >>>>> match ip address VPN_ACCESS > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> control-plane > >>>>> ! > >>>>> ! > >>>>> ! > >>>>> line con 0 > >>>>> line aux 0 > >>>>> line vty 0 4 > >>>>> password 7 07062C584F0A485744 > >>>>> login > >>>>> ! > >>>>> scheduler allocate 20000 1000 > >>>>> --More-- end > >>>>> Router# > >>>>> > >>>>> _______________________________________________ > >>>>> For more information regarding industry leading CCIE Lab training, > >>>>> please visit www.ipexpert.com > >>>>> > >>>>> Are you a CCNP or CCIE and looking for a job? Check out > >>>>> www.PlatinumPlacement.com <http://www.platinumplacement.com/> > >>>>> > >>>> > >>>> > >>> > >> > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20111011/da729458/attachment.html> > > End of CCIE_Security Digest, Vol 64, Issue 29 > ********************************************* >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
