Hi Steve,
We will be releasing our security volume -1 technology labs workbook section
by section. It's one of the finest workbook to use for your practice. To be
released soon. It's a true CCIE technology workbook and not a CCNP Security
level type of workbook with just 2 or 3 routers and 1 firewall etc etc. We
plan on releasing a sample soon, hence you will know what I am speaking
about.
This is my statement about Volume-1 workbook ---- " CCIE Security Volume 1
Technology Lab workbook - Want to be a CCIE, learn and practice the
technology labs the CCIE way"
Samarth Chidanand
Sr Instructor / Developer - IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: Wednesday, February 20, 2013 9:28 AM
To: [email protected]
Subject: CCIE_Security Digest, Vol 80, Issue 21
Send CCIE_Security mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://onlinestudylist.com/mailman/listinfo/ccie_security
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific than
"Re: Contents of CCIE_Security digest..."
Today's Topics:
1. Re: Fw: SSH session (Steve Di Bias)
2. Re: Fw: SSH session (Jay McMickle)
----------------------------------------------------------------------
Message: 1
Date: Tue, 19 Feb 2013 19:48:04 -0800
From: Steve Di Bias <[email protected]>
To: Jay McMickle <[email protected]>
Cc: "[email protected]"
<[email protected]>
Subject: Re: [OSL | CCIE_Security] Fw: SSH session
Message-ID:
<CAP_sHUasQ_0jruY-DFJU_W1=H8Qd=teq5wypun5ymdmh8al...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Jay, SJ or RTP? What preparation materials have you been using for version
4?
Thanks,
Steve Di Bias- CCIE #32840
On Tue, Feb 19, 2013 at 7:34 PM, Jay McMickle <[email protected]>wrote:
> LOVE that command!
>
> Now, if Cisco would take our recommendation for the priority command,
> I would be a happy camper! Have you ever wondered why the "failover
> LAN unit primary" doesn't have a priority command like GLBP or HSRP?
> We meet each year and remind them. :?
>
> PS- (Steve)- I'm closing in on my first attempt to Security version 4.
> Should be by the end of March.
>
> Regards,
> Jay McMickle- CCIE #35355 (RS)
> Sent from my iPhone 5
> Support me to fight MS!
>
> http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=588604
> 3&pg=personal&fr_id=20226
>
>
> On Feb 19, 2013, at 6:54 PM, Steve Di Bias <[email protected]> wrote:
>
> Of course, but please don't misunderstand me here. All I'm saying is
> that if your ASA get's hacked not having an TELNET/SSH client isn't
> going to save you...
>
> So as to end this discussion I really only cared about having
> TELNET/SSH clients for troubleshooting purposes only.
>
> I can assure you that I could really care less about having embedded
> TELNET/SSH clients in versions 8.4 and beyond, thanks to tcp ping!
>
>
> http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/p
> .html#wp2133619
>
>
> With this ability the need for embedded clients has diminished
>
> ping tcp 1.1.1.1 3389
>
> Happy studies
>
>
> Thanks,
> Steve Di Bias- CCIE #32840
>
>
> On Tue, Feb 19, 2013 at 4:36 PM, <[email protected]> wrote:
>
>> By that logic is not necessary to encrypt passwords or pre-shared
>> keys stored in the running configuration. Remember that security is a
>> layered approach, and involves vigilance wherever possible.
>>
>> Sent via mobile.
>>
>> On Feb 19, 2013, at 6:58 PM, Steve Di Bias <[email protected]> wrote:
>>
>> Assuming someone hacks into your ASA, having an embedded SSH client
>> would be the least of your worries
>>
>> On Tuesday, February 19, 2013, Piotr Matusiak wrote:
>>
>>> This is NOT missing feature. There is no TELNET/SSH client for
>>> purpose. I wouldn't like my ASA become a hop point to the rest of my
>>> network if someones breaks in.
>>>
>>> Regards,
>>> Piotr
>>>
>>>
>>> On 2/19/13 10:45 PM, Jimmy Larsson wrote:
>>>
>>> That has annoyed me since forever as well...
>>>
>>> http://nat0.net/another-missing-asa-feature-telnet-and-ssh-client/
>>>
>>> Best regards
>>> Jimmy
>>>
>>>
>>> 2013/2/19 cisco 2006 <[email protected]>
>>>
>>>
>>>
>>> ----- Forwarded Message -----
>>> *From:* cisco 2006 <[email protected]>
>>> *To:* "[email protected]" <
>>> [email protected]>
>>> *Sent:* Tuesday, 19 February 2013, 20:32
>>> *Subject:* Fw: SSH session
>>>
>>>
>>>
>>> Dear Sir,
>>>
>>> I'm preparing for CCIE Security using IPexpert materials , and I
>>> have a question about ssh session .The question is that :
>>> Can I opening ssh from cisco asa to another like a switch ?
>>>
>>> Best Regards,
>>> Israa
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> For more information regarding industry leading CCIE Lab training,
>>> please visit www.ipexpert.com
>>>
>>> Are you a CCNP or CCIE and looking for a job? Check out
>>> www.PlatinumPlacement.com
>>>
>>>
>>>
>>>
>>> --
>>> -------
>>> Jimmy Larsson
>>> http://nat0.net
>>> -------
>>>
>>>
>>> ___________________________________________
>>>
>>>
>>
>> --
>> Thanks,
>> Steve Di Bias- CCIE #32840
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training,
>> please visit www.ipexpert.com
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com
>>
>>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training,
> please visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
</archives/ccie_security/attachments/20130219/e3ea9ed2/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 19 Feb 2013 21:57:52 -0600
From: Jay McMickle <[email protected]>
To: Steve Di Bias <[email protected]>
Cc: "[email protected]"
<[email protected]>
Subject: Re: [OSL | CCIE_Security] Fw: SSH session
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
SJC.
I've been making my own labs with new items from the blueprint in addition
to what was on v3. I picked up another vendor's workbooks (the only one with
them out right now) and I've already labbed 15 hours this week (work is
allowing me to do this at home). I'm back at my old routine again- 35-40
hours a week. At this rate, I'll be done with this 2,000 page workbook in 4
weeks.
FlexVPN and DMVPNv3 have been eating my lunch, but ISE isn't bad after
taking a bootcamp and implement it at work. WLC on the other hand has been
tricky.
Just another month or so- I'll take a swing.
PS- I'll never go back to RTP. Not just because I failed Security v3 there,
but the food alone is enough to make anyone want to quit labbing! Proctor
was awesome, but I don't like my food in a community bowl wrapped in
plastic. SJC it is.
Regards,
Jay McMickle- CCIE #35355 (RS)
Sent from my iPhone 5
Support me to fight MS!
http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=5886043&pg=p
ersonal&fr_id=20226
On Feb 19, 2013, at 9:48 PM, Steve Di Bias <[email protected]> wrote:
> Jay, SJ or RTP? What preparation materials have you been using for version
4?
>
> Thanks,
> Steve Di Bias- CCIE #32840
>
>
> On Tue, Feb 19, 2013 at 7:34 PM, Jay McMickle <[email protected]>
wrote:
>> LOVE that command!
>>
>> Now, if Cisco would take our recommendation for the priority command, I
would be a happy camper! Have you ever wondered why the "failover LAN unit
primary" doesn't have a priority command like GLBP or HSRP? We meet each
year and remind them. :?
>>
>> PS- (Steve)- I'm closing in on my first attempt to Security version 4.
Should be by the end of March.
>>
>> Regards,
>> Jay McMickle- CCIE #35355 (RS)
>> Sent from my iPhone 5
>> Support me to fight MS!
>> http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=58860
>> 43&pg=personal&fr_id=20226
>>
>>
>> On Feb 19, 2013, at 6:54 PM, Steve Di Bias <[email protected]> wrote:
>>
>>> Of course, but please don't misunderstand me here. All I'm saying is
that if your ASA get's hacked not having an TELNET/SSH client isn't going to
save you...
>>>
>>> So as to end this discussion I really only cared about having TELNET/SSH
clients for troubleshooting purposes only.
>>>
>>> I can assure you that I could really care less about having embedded
TELNET/SSH clients in versions 8.4 and beyond, thanks to tcp ping!
>>>
>>> http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference
>>> /p.html#wp2133619
>>>
>>> With this ability the need for embedded clients has diminished
>>>
>>> ping tcp 1.1.1.1 3389
>>>
>>> Happy studies
>>>
>>>
>>> Thanks,
>>> Steve Di Bias- CCIE #32840
>>>
>>>
>>> On Tue, Feb 19, 2013 at 4:36 PM, <[email protected]> wrote:
>>>> By that logic is not necessary to encrypt passwords or pre-shared keys
stored in the running configuration. Remember that security is a layered
approach, and involves vigilance wherever possible.
>>>>
>>>> Sent via mobile.
>>>>
>>>> On Feb 19, 2013, at 6:58 PM, Steve Di Bias <[email protected]> wrote:
>>>>
>>>>> Assuming someone hacks into your ASA, having an embedded SSH
>>>>> client would be the least of your worries
>>>>>
>>>>> On Tuesday, February 19, 2013, Piotr Matusiak wrote:
>>>>>> This is NOT missing feature. There is no TELNET/SSH client for
purpose. I wouldn't like my ASA become a hop point to the rest of my network
if someones breaks in.
>>>>>>
>>>>>> Regards,
>>>>>> Piotr
>>>>>>
>>>>>>
>>>>>> On 2/19/13 10:45 PM, Jimmy Larsson wrote:
>>>>>>> That has annoyed me since forever as well...
>>>>>>>
>>>>>>> http://nat0.net/another-missing-asa-feature-telnet-and-ssh-clien
>>>>>>> t/
>>>>>>>
>>>>>>> Best regards
>>>>>>> Jimmy
>>>>>>>
>>>>>>>
>>>>>>> 2013/2/19 cisco 2006 <[email protected]>
>>>>>>>
>>>>>>>
>>>>>>> ----- Forwarded Message -----
>>>>>>> From: cisco 2006 <[email protected]>
>>>>>>> To: "[email protected]"
>>>>>>> <[email protected]>
>>>>>>> Sent: Tuesday, 19 February 2013, 20:32
>>>>>>> Subject: Fw: SSH session
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Dear Sir,
>>>>>>>
>>>>>>> I'm preparing for CCIE Security using IPexpert materials , and I
have a question about ssh session .The question is that :
>>>>>>> Can I opening ssh from cisco asa to another like a switch ?
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Israa
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> For more information regarding industry leading CCIE Lab
>>>>>>> training, please visit www.ipexpert.com
>>>>>>>
>>>>>>> Are you a CCNP or CCIE and looking for a job? Check out
>>>>>>> www.PlatinumPlacement.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> -------
>>>>>>> Jimmy Larsson
>>>>>>> http://nat0.net
>>>>>>> -------
>>>>>>>
>>>>>>>
>>>>>>> ___________________________________________
>>>>>
>>>>>
>>>>> --
>>>>> Thanks,
>>>>> Steve Di Bias- CCIE #32840
>>>>>
>>>>> _______________________________________________
>>>>> For more information regarding industry leading CCIE Lab training,
>>>>> please visit www.ipexpert.com
>>>>>
>>>>> Are you a CCNP or CCIE and looking for a job? Check out
>>>>> www.PlatinumPlacement.com
>>>
>>> _______________________________________________
>>> For more information regarding industry leading CCIE Lab training,
>>> please visit www.ipexpert.com
>>>
>>> Are you a CCNP or CCIE and looking for a job? Check out
>>> www.PlatinumPlacement.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </archives/ccie_security/attachments/20130219/7851d8b5/attachment.html>
End of CCIE_Security Digest, Vol 80, Issue 21
*********************************************
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
