Yes, I've encountered this when the vlans weren't all available on the connected switches. Your configurations may all look correct, but if the vlan isn't in all the catalyst vlan databases that you connect to, then the traffic won't pass. I've learned to always double/triple check my vlans, and if i can, I use a VTP server to push out the vlans so I know they all exist everywhere. -Dan On Aug 20, 2013, at 8:20 PM, MERAJ Khalid <merajkha...@hotmail.com> wrote:
> I think you are right. I am doing it in GNS3 and its looks like GNS3 issue. > But one more thing I had two days ago but still can't figure it out why it > happen but that was i was doing it on actual pod. > I have doing a failover lab and all my config was fine but failover was not > initiating and I tried each and everything to resolve the issue but it didn't > than I removed the vlan 300 and v-400 and put them in vlan below 100 and it > worked straight away that what I never understand. > > I haven't seen this kind of issue before did you came across this before? > > > > > Kind Regards, > Meraj > > > > From: d...@syssec.biz > Subject: Re: [OSL | CCIE_Security] Transparent firewall issue > Date: Tue, 20 Aug 2013 20:12:35 +0900 > To: merajkha...@hotmail.com; ccie_security@onlinestudylist.com > > You are right, I missed that you are doing transparent firewalls. Are you > running on GNS3 or on a rack session? I've had issues with protocol flapping > in GNS3 before, like you described. > If the neighborship establishes then goes down, then it seems like your ACLs > and configurations are correct. I've had problems on that lab before, I went > back and did it from scratch and all worked. > -Dan > > > On Aug 20, 2013, at 8:06 PM, MERAJ Khalid <merajkha...@hotmail.com> wrote: > > No I haven't configured the Nat rules as it was not in that task. > and 2ndly its a transparent firewall and I dont think it will take effect > > > Kind Regards, > Meraj > GSM: 07891571305 > > > Subject: Re: [OSL | CCIE_Security] Transparent firewall issue > From: d...@syssec.biz > Date: Tue, 20 Aug 2013 19:26:23 +0900 > CC: dalsbeh...@gmail.com; ccie_security@onlinestudylist.com > To: merajkha...@hotmail.com > > Did you configure the NAT translation rules that allow the traffic to pass > through your ASA? How is your nat control configured? > http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_control.html > -Dan > On Aug 20, 2013, at 5:41 PM, MERAJ Khalid <merajkha...@hotmail.com> wrote: > > yes I have done the same config but no luck. I am using 8.2 as stated in the > lab. > > its working fine for 8.4. > > > Date: Tue, 20 Aug 2013 16:39:11 +0800 > Subject: Re: [OSL | CCIE_Security] Transparent firewall issue > From: dalsbeh...@gmail.com > To: merajkha...@hotmail.com > CC: ccie_security@onlinestudylist.com > > Are you using 8.2 or 8.4 version? between R5 and R6 there is 8.2 version > ASA. > Need to configure simple transparent config. both interfaces on switch are > on different VLANS. > then allow eigrp on both interfaces > > > On Tue, Aug 20, 2013 at 4:26 PM, MERAJ Khalid <merajkha...@hotmail.com> wrote: > Hi, > > I am doing volume1 Section 1 lab5 "Transparent firewalls" buit couldn't able > to establish Eigrp neighbor ship b/w R5 and R6 through Firewall ASA1 I have > done everything to troubleshoot but no use it establish the session some time > and than drops it saying timer expires. Any Clue what need to be done? > > > Thanks, > > > Kind Regards, > Meraj > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
