Hi Daljeet,
The checklist does mention IKEv2. ISRG2 is part of the hardware list. Flex
VPN is a framework to configure IPsec VPN with IKEv2 on routers. Hence I
would definitely prepare for it, just in case. J
6
Confidentiality and Secure Access
Implement, Optimize, Troubleshoot, IPv4/IPv6 Content
Understanding Cryptographic Protocols (ISAKMP, IKEv1 and IKEv2, ESP,
Authentication Header, CA)
Samarth Chidanand
Sr Instructor / Developer - IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
From: Daljeet SinGH [mailto:[email protected]]
Sent: Wednesday, May 1, 2013 12:27 PM
To: Mike Rojas
Cc: Samarth Chidanand; [email protected]
Subject: Re: [OSL | CCIE_Security] ACL order of Operation
Hi Samarth,
In Section 7 (volume 1) , tasks given related to Flex VPN setup. However I
don;t find flex VPN in Cisco CCIE security checklist. Just curious to know
if we need to prepare this as well.
long complex commands, not easy to remember.:):)
On Tue, Apr 30, 2013 at 1:38 PM, Mike Rojas <[email protected]> wrote:
Sam and Piotr
Thanks a lot for the clarification :)
Mike
Sent from my iPhone
On Apr 29, 2013, at 10:03 PM, "Samarth Chidanand" <[email protected]> wrote:
Hi Mike,
Good question. This really depends on the task. If they explicitly tell you
to use global ACL's, then you must use it. Else you can use the interface
ACL's. If they don't specify or indicate global ACL feature, then choose a
solution which is simple and not complicated and the solution should not
break other tasks. Finally, you can ask the proctor for further
clarification.
The DSG for volume 1 should be released within a week for the remaining
sections.
Samarth Chidanand
Sr Instructor / Developer - IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
From: [email protected]
[mailto:[email protected]] On Behalf Of Mike Rojas
Sent: Tuesday, April 30, 2013 5:13 AM
To: [email protected]
Subject: [OSL | CCIE_Security] ACL order of Operation
Sam and Team,
I was checking the VoDs (They are good) and a question pops up. In normal
circumstances the ASA is going to allow everything from a higher to lower
security level.
This is where I got confused the other day. If we are tasked to configure a
global ACL, all the packets from a higher to lower security level are going
to be dropped unless allowed by the global ACL. So the big question, if in
the test, and something like this pops up, what do we do? Do we allow the
protocols needed for the lab or we allow it based on the behavior it should
be?
Thats kinda of where the question goes...
(Btw, I still dont see the DSG for the remaining workbooks, ie ASA).
Regards.
Mike.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
