Hello everyone - I am working through Lab 11 and am having problems with the
DMVPN. The tunnels work fine, but then I cannot establish an eigrp neighbor
relationship with the hub. On R5 and R6 I get the following:
R5#sh ip eigrp ne
IP-EIGRP neighbors for process 100
H Address
Elliot,
In terms of actually applying policies to an interface you can only have one
policy assigned to each interface and one applied globally to all
interfaces, at any one time.
What I think you are referring to though is the application type policies
such as ftp and http etc, which are nested
Michael,
Please reload the devices and give it another try. Don't you have any
filters applied? If it does not help paste the configs.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sun, Mar 14, 2010 at 11:41
I was curious as to why the solution for this section calls out special
treatment for the icmp packets. Aren't these packets already covered by
other lines in the configuration? It seems to work fine for me without
the icmp specific class and policy configuration.
Terry Little
Terry,
When you say, t these packets already covered by other lines in the
configuration?, What lines of the configuration are you talking about?
FW-OUT-IN passes icmp echo but does not inspect it.
FW-IN-OUT passes the echo-reply since it wasn't inspected on the way in.
FW-IN-OUT also
Terry,
I believe there may have been a bug in the 12.4(22)T code when I wrote that
lab. For some reason when I inspected ICMP both ways it would drop the ICMP
packets with policy match failures on the inbound zone pair. Since
Upgrading to 12.4(24)T I no longer see that same problem so I may
Dears,
I have ASA with DMZ zone and wonder which better to deploy my Proxy
(Bluecoat) and SIP server at this zone and what the deployment options for
public and private (inside, outside) interfaces to be connected,
It's better for bluecoat to have one arm at DMZ zone and the other directly
to
Hi all
Can someone please let me know, where we can find the RFC 3330 in the CISCO
docs. That's a big list to memorize :-)
With regards
Kings
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com