[OSL | CCIE_Security] Lab 11 Task 4.4 DMVPN

Hello everyone - I am working through Lab 11 and am having problems with the DMVPN. The tunnels work fine, but then I cannot establish an eigrp neighbor relationship with the hub. On R5 and R6 I get the following: R5#sh ip eigrp ne IP-EIGRP neighbors for process 100 H Address

Re: [OSL | CCIE_Security] CCIE_Security Digest, Vol 45, Issue 50

Elliot, In terms of actually applying policies to an interface you can only have one policy assigned to each interface and one applied globally to all interfaces, at any one time. What I think you are referring to though is the application type policies such as ftp and http etc, which are nested

Re: [OSL | CCIE_Security] Lab 11 Task 4.4 DMVPN

Michael, Please reload the devices and give it another try. Don't you have any filters applied? If it does not help paste the configs. Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Sun, Mar 14, 2010 at 11:41

[OSL | CCIE_Security] Lab 2 sect 2.11 zbfw

I was curious as to why the solution for this section calls out special treatment for the icmp packets. Aren't these packets already covered by other lines in the configuration? It seems to work fine for me without the icmp specific class and policy configuration. Terry Little

Re: [OSL | CCIE_Security] Lab 2 sect 2.11 zbfw

Terry, When you say, t these packets already covered by other lines in the configuration?, What lines of the configuration are you talking about? FW-OUT-IN passes icmp echo but does not inspect it. FW-IN-OUT passes the echo-reply since it wasn't inspected on the way in. FW-IN-OUT also

Re: [OSL | CCIE_Security] Lab 2 sect 2.11 zbfw

Terry, I believe there may have been a bug in the 12.4(22)T code when I wrote that lab. For some reason when I inspected ICMP both ways it would drop the ICMP packets with policy match failures on the inbound zone pair. Since Upgrading to 12.4(24)T I no longer see that same problem so I may

[OSL | CCIE_Security] Security design best practice

Dears, I have ASA with DMZ zone and wonder which better to deploy my Proxy (Bluecoat) and SIP server at this zone and what the deployment options for public and private (inside, outside) interfaces to be connected, It's better for bluecoat to have one arm at DMZ zone and the other directly to

[OSL | CCIE_Security] RFC 3330 filtering

Hi all Can someone please let me know, where we can find the RFC 3330 in the CISCO docs. That's a big list to memorize :-) With regards Kings ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com