You are correct. Why complicate and make a mess?
Plus why would there be a need for GETVPN and DMVPN on the same router using
the same Hub router. You know what am I saying. If this is for the lab then
just test one scenario at a time.
Just my few cents...
Best Regards.
Eugene,
Thanks for this key by the way. This is the section of lab that I have not
touched yet.
Could you please let me know how do you get this key during the lab?
Could you please let me know how do you get the key during the real life?
I am a registered Cisco customer.
Best Regards.
Hi Tyson / Eugene,
Could you please let me know how can we get this key on IPEXPERT rack during my
practice lab?
Is this key given during the CCIE Sec lab?
I have not touched this section of lab yet. Just getting ready.
Best Regards.
__
Adil
On Apr 5, 2011, at 4:44 PM,
it should be available on Cisco Documentation but
again it would be a good idea to know where to get it.
From: Adil Pasha [mailto:aspa...@gmail.com]
Sent: 06 April 2011 17:23
To: Eugene Pefti; Tyson Scott
Cc: meeta bakshi; ccie_security@onlinestudylist.com
Subject: Re: [OSL
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: segunda-feira, 2 de Maio de 2011 16:23
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] IPS VM File?
Could someone please let me know if there a way to run IPS ver 6.x on my VM
Fusion
Thanks for your clarification Bruno.
Just a quick question.
So what if I want to block just a string 'xe3'. But if this is embedded then
ASA should not stop it.
Best Regards.
__
Adil
On May 5, 2011, at 12:49 PM, Jim Terry wrote:
Thank you!
Jt
On Thu,
I also have one more question.
Here is the solution for the question I have to block the work 'CMD' :
ASA
Regex CMD “CMD”
!
policy-map type inspect HTTP URL
match request URI regex CMD
What if I use class-map type http and classify the traffic and then call this
class-map type within the
Does anyone know or have screen shots for IPS Tuning question in YB Lab 1 -
Question 4.1 ?
I could not figure out how to configure the IPS.
The question is for sig2 and states:
Enable HTTP application policy enforcement, allowing a maximum of five HTTP
requests to the server at any given
methods recognized by the sensor.
•Chunked Transfer Encoding—Error specifies actions to be taken when a chunked
encoding error is seen.
With regards
Kings
On Sun, May 8, 2011 at 6:59 AM, Adil Pasha aspa...@gmail.com wrote:
Does anyone know or have screen shots for IPS Tuning
Could you please let me know what is the reason that I am getting the mismatch
error message?
I spend enough time on Google and read ASA Config Guide but could not get the
answer.
Thanks in advance.
When I configure the ASA policy based NAT without any port and use 'permit ip'
in the ACL the
,
Meytal
מאת: ccie_security-boun...@onlinestudylist.com בשם Adil Pasha
נשלח: ש 14/05/2011 17:20
אל: CCIE Security Maillist
נושא: Re: [OSL | CCIE_Security] [SOLVED] ASA NAC - no response from CTAEAPoUDP
Could you please let me know what is the reason that I am getting the
mismatch error
On Sun, May 15, 2011 at 12:35 AM, Adil Pasha aspa...@gmail.com wrote:
Thanks Meytal,
Could you please let me know the reason?
Best Regards.
__
Adil
On May 14, 2011, at 2:42 PM, Meytal Mizrahi wrote:
Hi Adil,
your access-list in incorrect, try:
access-list
Does anyone know why EIGRP starts flapping when it is used with DMVPN/ GRE?
It is so annoying and painful. I have to remove the tunn interface and paste it
back in. It works for a while and then drops again.
Is there a bug issue?
Thanks in advance.
Adil.
Jim,
I have done Yusuf's lab 1 multiple times and would like to work with you again.
It will a good information sharing.
I am scheduled for my own vRACK on Sunday from 8 to 4PM so it will be no
problem for me.
Let me know your WebEx info.
If you would like to talk to me please let me know
Could you please let me know for how long a CCIE Sec written exam is valid for?
Best Regards.
__
Adil
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE
again.
-Original Message-
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: Thursday, May 19, 2011 11:09 AM
To: CCIE Security Maillist
Subject: [OSL | CCIE_Security] CCIE SEC Written Exam Validity?
Could
must retake the written exam before
being allowed to attempt the lab exam again.
On Thu, May 19, 2011 at 9:08 AM, Adil Pasha aspa...@gmail.com wrote:
Could you please let me know for how long a CCIE Sec written exam is valid
for?
Best Regards.
__
Adil
Could someone please help me out here?
I am in IPEXPERT vRACK.
I downloaded the new signature package to ACS and using a preinstalled tftp
server.
Whey I tried to do tftp to R1 for YB Lab 2 Q 4.2, I received the following
error.
R1#
*May 21 06:30:28.727: %IPS-4-IPS_SIGNATURE_FILE: IPS
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Anthony
Sequeira
Sent: Thursday, May 19, 2011 11:38 AM
To: Adil Pasha; CCIE Security Maillist
Subject: Re: [OSL | CCIE_Security] CCIE SEC Written Exam Validity?
From the page:
http://www.cisco.com/web/learning/le3/ccie/security
Guys,
Could you please tell me why am I getting this error message in Yusuf's lab 1 -
Q 6.1?
I have done this lab multiple times but never saw this error message.
Whey I apply the policy map on control-plane the DMVPN or eigrp drops between
dmvpn nei. Is there a bug issue or am I doing
cm_icmp
Next unblock the DMVPN tunnel IP address.
With regards
Kings
On Sat, May 28, 2011 at 11:46 PM, Adil Pasha aspa...@gmail.com wrote:
Guys,
Could you please tell me why am I getting this error message in Yusuf's lab 1
- Q 6.1?
I have done this lab multiple times but never
AM, Adil Pasha aspa...@gmail.com wrote:
Kingsley,
I just did the lab again and exactly as you have mentioned in the message
with option match-all instead of match-any.
Now all works except ICMP between DMVPN tunnels or addresses received over
the tunnel.
I am still searching the answer
Could you please tell me where can I download Putty CM session on IPEXPERT's
website?
Best Regards.
__
Adil
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or
If you are studying for CCIE lab then my honest suggestion is to get on the
real equipment and save yourselves a lot of time. I know real equipment will
turn out more expensive but time is very import and you will not be distracted
by GNS3 issues. I ran into many funky GNS3 issues and wasted
and capable of handling dot1q frames.
Travis
From: Adil Pasha [mailto:aspa...@gmail.com]
Sent: Friday, June 10, 2011 2:46 PM
To: Travis Niedens
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] QEMU and Trunk interfaces
If you are studying for CCIE lab then my
Hi Jim,
This is regarding TCP SYN flood attack.
I have a Cisco document on it and will search and send it to you.
Best Regards.
__
Adil
On Jun 12, 2011, at 2:32 PM, Jim Terry wrote:
Hi all,
I am catching up on email and ran across this one on FPM. Where did you run
You are amazing.
What a guy.
THANK YOU SO MUCH.
Most of us may not know about these links.
Best Regards.
__
Adil
On Jun 14, 2011, at 9:50 PM, Renato Morais wrote:
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks -
You guys are the best.
Best Regards.
__
Adil
On Jun 15, 2011, at 12:24 PM, Anthony Sequeira wrote:
This is pure awesomeness.
It inspired me to start a new 5 part series on blog.ipexpert.com entitled
Preventing Basic DDoS Attacks. I am expanding a bit on the article
Could someone please let me know where is the password recovery link for
IPEXPERT?
I am trying but no luck.
Best Regards.
__
Adil
___
For more information regarding industry leading CCIE Lab training, please visit
Could some please help me out here?
In YB Lab 2, Q-7.4 the requirement is to rate limit the traffic using
'rate-limit' command and not to use MQC. I completely understand that. Just in
case if the question asks to use MQC how will I configure the following
rate-limit command using MQC?
Hi guys,
This is about NAT question.
For some reason I am not seeing the correct NAT'd address when I PING from R3
to R5 even though the ICMP is being sent from 192.168.35.3 to R5 and R5 replies
with NAT'd address as you can see on R3' debug.
R3#
*Jun 22 16:25:48.462: ICMP: echo reply rcvd,
, 2011 at 9:57 PM, Adil Pasha aspa...@gmail.com wrote:
Hi guys,
This is about NAT question.
For some reason I am not seeing the correct NAT'd address when I PING from R3
to R5 even though the ICMP is being sent from 192.168.35.3 to R5 and R5
replies with NAT'd address as you can see on R3
102
set interface Serial0/1/0
With regards
Kings
On Thu, Jun 23, 2011 at 5:42 PM, Adil Pasha aspa...@gmail.com wrote:
Thanks Kingsley.
Here is the config:
R5:
!
interface Loopback5
ip address 10.55.55.55 255.255.255.255
ip nat inside
ip virtual-reassembly
!
!
interface
and Australia. Be
sure to visit our online communities at www.ipexpert.com/communities and our
public website at www.ipexpert.com
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: Thursday, June 23, 2011 8:58
Download XShell 4.0. It is free and better than Secure CRT since you do not
have to pay $100. Works on 64 bit or 32 bit.
It is the best product I used for TELNET and quit using Sec CRT. Putty is beta
and no reliability since I was having all sorts of problems. And if you use
Conn Mgr then just
http://www.cisco.com/en/US/partner/tech/tk828/technologies_tech_note09186a00800f67d5.shtml
Could someone please let me know if this link is still valid?
For some reason it is not working for me.
Best Regards.
__
Adil
___
For
/guide/gt_vfrag.html
Best Regards.
__
Adil
On Jun 26, 2011, at 5:24 PM, Anthony Sequeira wrote:
Does not work for me either.
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: Sunday, June
Piotr / Tyson,
In your opinion and experience which one is preferred?
CEH or CISSP or CISA
Or which one to go first that will make a student more marketable?
Best Regards.
__
Adil
On Jun 26, 2011, at 4:22 PM, Piotr Matusiak wrote:
http://www.eccouncil.org/CEH.htm
pentests you should go for CEH. If you
want to run security audits go for CISA. If you want to know more about
information security in addition to CCIE, go for CISSP.
Regards,
Piotr
2011/6/27 Adil Pasha aspa...@gmail.com
Piotr / Tyson,
In your opinion and experience which one is preferred
Could someone please let me know what is the following error about?
This is YB Lab 1:
I launched the browser on 443 and was able to download and install the client
on XP desktop. I am connected to ASA using webvpn and the client is downloaded
to the XP desktop, but when I tried to connect
Does anyone know which is the best VNC client to access IPEXPERT racks using
MAC?
Best Regards.
__
Adil
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE
, at 2:46 PM, Dennis DeFoort wrote:
You need to create an anyconnect profile upload it to flash , make sure you
allow remote desktop connections in the profile. You can edit/crate a profile
from the standalone profile editor or asdm 6.3 and up
On 2011-06-29, at 2:26 PM, Adil Pasha wrote
...@onlinestudylist.com] En nombre de Adil Pasha
Enviado el: miércoles, 29 de junio de 2011 10:56 a.m.
Para: CCIE Security Maillist
Asunto: [OSL | CCIE_Security] Cisco Anyconnect Error.
Could someone please let me know what is the following error about?
This is YB Lab 1:
I launched the browser
I believe Yusuf's Practice Labs are authorized material.
Best Regards.
__
Adil
On Jun 29, 2011, at 4:39 PM, Dennis DeFoort wrote:
no i teach cisco authorized material
On 2011-06-29, at 4:25 PM, Adil Pasha wrote:
Thanks Dennis,
This will be a challenge during
Thanks Piotr.
I tried using a VNC on Mac but it did not work.
I got Real VNC for MAC now and will try it in next labs session.
Best Regards.
__
Adil
On Jun 29, 2011, at 4:58 PM, Piotr Matusiak wrote:
Connect to WinXP using VNC instead of RDP.
2011/6/29 Adil Pasha
?
With regards
Kings
On Wed, Jun 29, 2011 at 10:26 PM, Adil Pasha aspa...@gmail.com wrote:
Could someone please let me know what is the following error about?
This is YB Lab 1:
I launched the browser on 443 and was able to download and install the client
on XP desktop. I am connected
Only if someone can translate the English version into simple English.:)
Best Regards.
__
Adil
On Jun 30, 2011, at 9:02 AM, Kingsley Charles wrote:
The following is English translated version.
Bit confusing
Does anyone have clear data on this...
-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: Thursday, June 30, 2011 9:10 AM
To: Kingsley Charles
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Will QEQ be removed?
Only if someone can translate the English version into simple English.:)
Best
Thanks Anthony.
Best Regards.
__
Adil
On Jul 1, 2011, at 4:43 PM, Anthony Sequeira wrote:
It is effective Aug 15, 2011
From: Adil Pasha [mailto:aspa...@gmail.com]
Sent: Friday, July 01, 2011 3:01 PM
To: Anthony Sequeira
Cc: Kingsley Charles; Aaron O'Conner
I have done this question many times and it works.
I am doing the lab tomorrow in IPX racks and routers so I am sure that IOS
supports it.
Hope I am not wrong and I will send you the config and stats.
Best Regards.
__
Adil
On Jul 1, 2011, at 4:12 PM, Piotr Matusiak
Yes it is possible.
You have to create virtual telnet configuration and allow the ACL and ACS for
virtual telnet IP address.
Best Regards.
__
Adil
On Jul 2, 2011, at 9:04 PM, Mark Senteza wrote:
Hi,
I've been trying to get the IOS auth-proxy feature to work when
You have to enable:
swi port mo access
before you type dot1x on an interface.
Best Regards.
__
Adil
On Jul 3, 2011, at 10:59 AM, Umberto Nobile wrote:
In my lab there a two cat 3560-24-ts and two cat 3560v2-24-ts.
The ios image are 12.2.50.see1 in 3560 and
:07 PM, Umberto Nobile wrote:
You are right Adil,
But I just do that.! If you don’t put in interface config sw port mode
access command, you cannot type any dot1x command.
Umberto
Da: Adil Pasha [mailto:aspa...@gmail.com]
Inviato: domenica 3 luglio 2011 19:00
The solution is explained in the book.
Best Regards.
__
Adil
On Jul 4, 2011, at 1:23 AM, Kingsley Charles wrote:
The issue is on the ASA side. Configure peer-id-validate nocheck under the
trustpoint of the ASA. Mostly that should solve the issue. If still you face
the
Congratulations Richard.
Hope Cisco does not change the exam since everyone who comes out of the lab
talks about Yusuf's Practice Labs.:)
Enjoy your life now. CCIE exams are more than doing Ph.D:)
Best Regards.
__
Adil
On Jul 5, 2011, at 4:14 AM, Richard
, Diego Cambronero wrote:
Hi,
I have Yusuf practice however I am wondering If we can load the lab in
Ipexpert's vracks?
I just checked cuz I am in a session right now however I cannot find
anything.
Has anyone tried this?
El 05/07/11 09:49, Adil Pasha aspa...@gmail.com
Thanks Richard.
I know how happy you are today...:)
Actually, I learned it after a while that any of the online racks can do any
topology as long as the student can modify Layer 2 for his/her lab either it is
Yusuf's or IPX or INE. It is always Layer 2 when I am practicing my Security
Which lab and which question?
Please let me know.
Best Regards.
__
Adil
On Jul 15, 2011, at 1:18 PM, Derek wrote:
Hello,
I've been going through one of Yusuf's practice Labs he gave out at last
years Cisco live CCIE Security 8hr break out session. One of the tasks
You may have to reinstall it.
Please do let us know if you get to fix
Best Regards.
__
Adil
On Jul 16, 2011, at 6:49 AM, Kingsley Charles wrote:
I am not able to find these scripts in CSMon.
The following scripts are provided with CSMon:
RESTART_ALL_SERVICES.BAT—
Does anyone has good documentation or web link on PVLANs?
Best Regards.
__
Adil
On Jul 16, 2011, at 12:02 AM, Travis Niedens wrote:
Speaking from experience, I agree with Kings.
From: ccie_security-boun...@onlinestudylist.com
and brought it back.
With regards
Kings
On Sat, Jul 16, 2011 at 9:25 PM, Adil Pasha aspa...@gmail.com wrote:
You may have to reinstall it.
Please do let us know if you get to fix
Best Regards.
__
Adil
On Jul 16, 2011, at 6:49 AM, Kingsley Charles wrote:
I
/stop (from windows
cmd)
2)Use Whoislock application to terminate the service
3)Use batch file in the CSMon folder to restart services
4)Re-install ACS
5)Re-install Windows
Wuth regards
Kings
With regards
Kings
On Sat, Jul 16, 2011 at 10:09 PM, Adil Pasha aspa...@gmail.com wrote
The new loopback for VPN peering between R5 and ASA2.
The existing loopback 0 is for IPSec interesting traffic. If you are using the
same loopback 0 for VPN peering and IPSec interesting traffic there will be
issues, but I do not remember right now which issues I ran into ..:)
Best
Please tell me which option to use?
Contain or = if they ask to check Windows XP with service pack 3?
Best Regards.
__
Adil
On Jul 23, 2011, at 1:08 PM, Kingsley Charles wrote:
Not all parameters will have contain option. If you ask me, I feel using
contain than = is
24, 2011 at 3:56 AM, Adil Pasha aspa...@gmail.com wrote:
Please tell me which option to use?
Contain or = if they ask to check Windows XP with service pack 3?
Best Regards.
__
Adil
On Jul 23, 2011, at 1:08 PM, Kingsley Charles wrote:
Not all parameters
Which archive or e-mail?
I am new to this.
Best Regards.
__
Adil
On Jul 23, 2011, at 10:36 PM, Kingsley Charles wrote:
You can refer to the mail that in the archive.
With regards
Kings
On Sun, Jul 24, 2011 at 5:34 AM, Adil Pasha aspa...@gmail.com wrote:
Hi guys
Thanks Kingsley.
Best Regards.
__
Adil
On Jul 23, 2011, at 10:36 PM, Kingsley Charles wrote:
You can refer to the mail that in the archive.
With regards
Kings
On Sun, Jul 24, 2011 at 5:34 AM, Adil Pasha aspa...@gmail.com wrote:
Hi guys,
I am testing IOS auth
Jim / Kingsley,
Thank you so much for the suggestions.
Yes it working now for port redirection.
My topology is Desktop R9 (auth-proxy + port-mapping for http 80 to 8080)
-- R2 (http on port 8080
Now the only thing is that if I initiate a session on http://10.12.12.12 which
is port 80
IOS proxy on non-80 port is
working on that image.
And as far I know, IOS http server can listen to a single port at a time.
Hence, I think you can't make auth-proxy work on 80 and 8080 simultaneously.
With regards
Kings
On Sun, Jul 24, 2011 at 10:11 AM, Adil Pasha aspa...@gmail.com
.
With regards
Kings
On Sun, Jul 24, 2011 at 6:20 AM, Adil Pasha aspa...@gmail.com wrote:
Thanks Ishwinder for your suggestion. Could you please review it again?
I have a test lab with the solution using contains for both OS Type and
service pack.
Best Regards
work for simple http ports and
supporting one port only, am I correct?
Best Regards.
__
Adil
On Jul 24, 2011, at 10:39 AM, Adil Pasha wrote:
All clear now, Kingsley. Thank you so much.
Seems like IOS auth-proxy is just for single http port. So in my production
network
Thanks Ishwinder,
So if I have to match Windows XP with Service Pack 4 or Windows 2000 with
service pack 3, something like that, using contains will be the safes option
since it will cover = in it. What is the correct answer and I will not get
zero in the lab?
What is the string for Windows XP
two rules and
the Service pack has to exist in conjunction with the OS, hence 'AND' between
the rule itself).
OS type 'contains' Windows XP, Service Pack '=' 3 etc.
Regards,
Ishwinder
On Sun, Jul 24, 2011 at 9:48 PM, Adil Pasha aspa...@gmail.com wrote:
Thanks Ishwinder,
So if I have
XP, Service Pack '=' 3 etc.
Regards,
Ishwinder
On Sun, Jul 24, 2011 at 9:48 PM, Adil Pasha aspa...@gmail.com wrote:
Thanks Ishwinder,
So if I have to match Windows XP with Service Pack 4 or Windows 2000 with
service pack 3, something like that, using contains will be the safes
).
OS type 'contains' Windows XP, Service Pack '=' 3 etc.
Regards,
Ishwinder
On Sun, Jul 24, 2011 at 9:48 PM, Adil Pasha aspa...@gmail.com wrote:
Thanks Ishwinder,
So if I have to match Windows XP with Service Pack 4 or Windows 2000 with
service pack 3, something like that, using
Regards.
__
Adil
On Jul 25, 2011, at 5:18 AM, Piotr Matusiak wrote:
Adil,
It works for HTTP and HTTPS. It should work fine with your config. What
exactly are you getting int the browser?
Regards,
Piotr
2011/7/24 Adil Pasha aspa...@gmail.com
I just tried to make
wrote:
Try to use IE instead of FF and it should be fine! The problem is web browser
related, not IOS.
Regards,
Piotr
2011/7/25 Adil Pasha aspa...@gmail.com
Thanks for your reply Piotr,
Here is the router configuration that does not support auth-proxy for https.
R9(config)#ip
:48 PM, Adil Pasha aspa...@gmail.com wrote:
Thank you so much Kingsley.
You have written a nice explanation and I will follow your advise of testing
is myself.
One more question if you do not mind.
What would be the Posture Validation Cisco:host or Cisco:PA ?
My workbook says Cisco:PA
.
With regards
Kings
2011/7/25 Adil Pasha aspa...@gmail.com
I used IE and that gave me all sorts of problems and the page does not come
up. Then I used Safari since I have Mac but that gave gave me Authentication
Failed message.
Any other suggestion so I can put this topic to sleep
.
W dniu 26 lipca 2011 19:55 użytkownik Adil Pasha aspa...@gmail.com napisał:
Piotr,
I has 12.4.24T
All is working fine except when I remove the ACL for tcp any any 26 then it
does not work.
Are you suggesting that it should work without the above ACL?
Best Regards
Thanks for the explanation for the second command. I was waiting for that
answer.
Best Regards.
__
Adil
On Jul 27, 2011, at 10:07 AM, Piotr Matusiak wrote:
My thoughts:
- ip nhrp server-only - cosmetic thing, everything is working without it.
Should you configure it?
Hi Piotr,
Could you please answer on CoPP planes, as you explained DMVPN spoke
configuration the other day?
Thanks for DMVPN answer and I want to thank you in advance for CoPP explanation.
Best Regards.
__
Adil
On Jul 28, 2011, at 9:48 AM, Derek wrote:
sorta obscure to
AnyConnect is part of the Blue Print but Cisco's documentation says:
Pre-configuration Tasks
1. You must configure the router for CCP.
Routers with the appropriate security bundle license already have the CCP
application loaded in flash.
Refer to Cisco Configuration Professional Quick Start
Hi guys,
I have my EZVPN server configured for the following:
aaa authentication login ezvpn group tacacs+ local
aaa authorization network ezvpn group tacacs+ local
The ACS server has this error message when I launch my IPSec client from my
laptop and try to connect to my EZVPN server router.
or local. Am I right???
image001.png
De: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] En nombre de Adil Pasha
Enviado el: jueves, 28 de julio de 2011 02:01 p.m.
Para: CCIE Security Maillist
Asunto: [OSL | CCIE_Security] ACS for EZVPN Client
I am creating IPSec L2L VTIs. Tunnel source and destination are routable
loopback address on each side. No problem with this.
The pre-shared crypto key is cry isakmp key cisco address 2.2.2.2 (loopback
int)
But when I use crypto keyring the tunnel starts flapping and I have to use
physical
Guys,
I have exhausted myself looking for sample configuration for VRF AWARE
site-to-site IPSec sample configurations with crypto keyring and isakmp
profiles.
I found some useless articles on multiple websites and no help.
If you have a good document or link, could you please forward it to me?
...@itsinfocom.com wrote:
I think thats not going to work with tacas but only with radius a protocol
that you can use to assing the client group attributes. You can assign the
attributes locally or using radius not tacacs.
El 28/07/2011, a las 06:39 p.m., Adil Pasha aspa...@gmail.com escribió
:14 AM, Kingsley Charles wrote:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html
With regards
Kings
On Fri, Jul 29, 2011 at 8:01 AM, Adil Pasha aspa...@gmail.com wrote:
Guys,
I have
with tacas but only with radius a protocol
that you can use to assing the client group attributes. You can assign the
attributes locally or using radius not tacacs.
El 28/07/2011, a las 06:39 p.m., Adil Pasha aspa...@gmail.com escribió:
Yes I did and it works.
I am trying to test ACS
using the following link:
https://learningnetwork.cisco.com/message/153577#153577
With regards
Kings
On Fri, Jul 29, 2011 at 2:25 PM, Adil Pasha aspa...@gmail.com wrote:
Thanks Kingsley.
I went through all these links but did not find any help. The closest
configuration I found
Is it possible to create a context name and config file name as follows?
context name = Admin
config file name = Admin.cfg
Please note that there is also a default context admin and the default config
file is admin.cfg
ASA allows me to create a new context called Admin and also allows me to
Guys,
Is there a reason why EZVPN remote access connection does not work through the
ZFW.
I have permit ip any any from Inside to Outside on ZFW router.
Without IPSec connection I can access the Outside networks. And without ZFW
interface configuration on the ZFW router IPSec client functions
use DVTI? If so, have you assigned virtual interface to the zone?
Regards,
Piotr
2011/7/30 Adil Pasha aspa...@gmail.com
Guys,
Is there a reason why EZVPN remote access connection does not work through
the ZFW.
I have permit ip any any from Inside to Outside on ZFW router.
Without
Hi Ishwinder,
I sent an attached document with screen shot on IOS auth-proxy topic after I
tested it in my lab.
Best Regards.
__
Adil
On Jul 31, 2011, at 12:45 PM, Bruno wrote:
I think Kings and other folks discussed this last week or so.
You should enable router to
Kingsley bhaiya,
Man you are one of the best..:)
You know that Tyson and Piotr are best of the bests..:)
Thank you so much for helping me out with EzVPN using TACACS. I spent 30 min
research to find out the attributes for TACACS to download the ACL. They are
not obvious documents.
I configured the CA on my router. I also configured clock using clock set
command.
But when I reload the router I loose the clock but date is good, why?
R4#sh clock
*15:34:23.759 UTC Wed Aug 3 2011
R4#
If the question asks to configure CA server only, what will be the solution
when there is
-
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Adil Pasha
Sent: quarta-feira, 3 de Agosto de 2011 16:38
To: CCIE Security Maillist
Subject: [OSL | CCIE_Security] CA Server Question.
I configured the CA on my router. I also
[mailto:ccie_security-boun...@onlinestudylist.com] Per conto di Antonio
Soares
Inviato: mercoledì 3 agosto 2011 17:52
A: 'Adil Pasha'; 'CCIE Security Maillist'
Oggetto: [?? Probable Spam] Re: [OSL | CCIE_Security] CA Server Question.
Is this a virtual router or real router ?
Regards
Guys,
I am trying my best to figure this out.
I have the following:
PC ZFW router EZVPN server
I have the flowing configuration on ZFW router
class-map type inspect match-any i2o
match access-group 104
!
policy-map type inspect i2o
class type inspect i2o
inspect
class
1 - 100 of 214 matches
Mail list logo