:54 PM, Bruno silva auranpr...@gmail.com wrote:
As far as I understand the proccess here works the same way as a router on
stick.
Once you have your switch working as a layer 3 device with ip addresses
configured on the interfaces it doesn't need the ASA to forward traffic
between different
routing.
With regards
Kings
On Thu, Apr 28, 2011 at 6:23 PM, Bruno silva auranpr...@gmail.com wrote:
Kings, you're kinda wrong, the ASA being configured as the default gateway
does not imply that it will handle the traffic of the networks configured on
the SVI interfaces of the switch
sub-interfaces directly?
With regards
Kings
On Thu, Apr 28, 2011 at 7:06 PM, Bruno silva auranpr...@gmail.com wrote:
No kings, this is basic routing, the L3 switch will use the best path to
find the network, which is directly connected...
2011/4/28 Kingsley Charles kingsley.char
)28. Do you guys know of anything that would
make this behavior to happen, maybe any command, IDK.
Thank you for your help!
Best Regards,
Bruno Silva.
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
it and create another key with the id,
but replacing the old one, or you create a new key with id 2 and keep your
practice...
I'm not using the WB so I'm giving an opinion as an outsider... Hope it helps.
BR,
Bruno Silva
Enviado via iPhone
Em 28/12/2011, às 21:55, joshdu...@yahoo.com escreveu:
Hi
Hi, there's a document on cisco.com that explains exactly which one comes
first. For all means ACL comes b4 inspection in any case. The difference is
that inbound acl comes b4 analizing the routing table and outbound acl looks at
the routing table first.
Att,
Bruno Silva
Enviado via iPhone
information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
engine will begin to work AFTER your
traffic comes back and hits the ACL, what for me is what`s going on here.
Hope it helps.
BR,
Bruno Silva.
Em 22/05/2012, às 08:46, Alexei Monastyrnyi escreveu:
Eugene,
it does not go as deep as inspecting tunnel SAs. As per command line
reference
interface and it works.
Another thing is, did you try to make the ipsec-pass-thru with an acl inside
the class-map and applied it on the interface instead of globally?
BR,
Bruno Silva.
Em 22/05/2012, às 22:08, Eugene Pefti escreveu:
Hi Bruno,
Thanks for your willingness to help. I didn’t
of global
one. I’ll try it of course but I don’t think it will have any effects because
it’s just making it prioritized over the global policy.
Eugene
From: Bruno Silva [mailto:auranpr...@gmail.com]
Sent: Tuesday, May 22, 2012 6:34 PM
To: ccie_security@onlinestudylist.com
Cc
Hi Eugene,
Either I am crazy or your inbound acl just denies the following addresses:
ip access-list extended RFC2827-INBOUND
deny ip 174.1.0.0 0.0.255.255 any log
deny ip 150.1.0.0 0.0.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
permit ip any any
The 192.168.* is
Hi Mike, did you configure the aaa authorizarion exec command and aaa
authorization command [level] ?
Br,
Bruno Silva
Enviado via iPhone
Em 15/06/2012, às 16:40, Mike Rojas mike_c...@hotmail.com escreveu:
It was on the username and the privilege is 15... the list is attached to
local
address
for the tunnel names, that is not the case with aggressive mode because the
responder knows the id either if it's the hostname or the ip address.
Br,
Bruno silva
Enviado via iPhone
Em 15/06/2012, às 14:54, Imre Oszkar oszk...@gmail.com escreveu:
I don't have anything else on the routers
is for example use a port that is used by
another protocol, for example map ftp to the telnet port because it's already
bei g used by other standard app.
The user defined port-map is used usually when u have a non-standard
application.
Br,
Bruno Silva
Enviado via iPhone
Em 10/06/2012, às 18:29
.
Hopefully this solves your question.
BR,
Bruno Silva.
Em 18/06/2012, às 22:04, Eugene Pefti escreveu:
Hi Bruno,
Haven’t we seen the debugs where the initiator sends its hostname as an ID
not the IP address? The main question is how the responder knows the IP
address of the initiator
was not correctly formulated about this
one. I`m not a rs specialist so I`m just telling u about my experience with
this so sorry if I am wrong about it...=D
BR,
Bruno Silva.
Em 19/06/2012, às 00:12, Eugene Pefti escreveu:
Guys,
What’s wrong with my distribute-list that I’m trying to setup on the ASA
it helps everyone on the path. After all we are on the
same boat. =)
BR,
Bruno Silva.
Em 19/06/2012, às 01:42, Eugene Pefti escreveu:
Well, this was not my question, Bruno ;)
It was Imre who started this thread and I tried to understand what was going
on.
Imre, what do you have in your crypto
to understand what happens here.
BR,
Bruno Silva.
Em 19/06/2012, às 01:42, Eugene Pefti escreveu:
Well, this was not my question, Bruno ;)
It was Imre who started this thread and I tried to understand what was going
on.
Imre, what do you have in your crypto map for the peer? I’m almost positive
to restart the routers and
that`s what made it work.
Hopefully the same helps you.
BR,
Bruno Silva.
Em 20/06/2012, às 04:23, Eugene Pefti escreveu:
Hi Raman,
I may have put a lot of redundant words and obscured the gist of my problem.
Again, this is a topology:
BB2---(192.10.1.0
is not possible at all, at least not that I know.
After changing it you have to clear the EIGRP proccess or reload the router (in
my case that`s what made it work because of gns3)
Hopefully that helps you. =)
BR,
Bruno Silva
Em 20/06/2012, às 04:23, Eugene Pefti escreveu:
Hi Raman,
I may have
.
BR,
Bruno Silva
Enviado via iPad
Em 22/06/2012, às 00:27, Mike Rojas mike_c...@hotmail.com escreveu:
Yep,
Anyone who think differently is very appreciated...
Mike
From: eug...@koiossystems.com
To: mike_c...@hotmail.com; ccie_security@onlinestudylist.com
Subject: RE: [OSL
a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
For more information regarding industry leading CCIE Lab
Hi,
I think the only way multicast is comming to the lab is with GETVPN...as far as
I know of course...
Eniado via iPad
Em 07/07/2012, às 15:08, Likavec, Jaromir jaromir.lika...@igd.fraunhofer.de
escreveu:
Hello,
What way is multicasting coming in the LAB except in the GET VPN
the static
ip address from the Active-directory.
BR,
Bruno Silva
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
?
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html
Thanks
Ben
On Tue, Jul 10, 2012 at 12:22 AM, Bruno Silva auranpr...@gmail.comwrote:
Hi guys,
I was wondering if it's possible to give a static ip address mapped from
the active directory via Radius. I
profiles to configure your
tunnel...
BR
Bruno Silva.
Em 13/08/2012, às 00:57, Mike Rojas mike_c...@hotmail.com escreveu:
Hi,
Were you using DVTI? I tried to break it...and I tried hard... couldnt make
it not work. My study partner said that he was having issues with phase one.
Seems like
the mode transport
in the transform-set and when I configured it the other VPNs just stopped
working.
With your friend, I believe he was using the isakmp profile and for that I
believe the keyring is necessary if you are using profiles to configure your
tunnel...
BR
Bruno Silva.
Em
Standby Router Protocol (HSRP)
Marta Sokolowska.
___
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
--
Bruno
Hi Guys,
I was studying some IPS functions and I came accross the regex session, which
is no news to me but, I was wondering if I had the following cenario:
R1 -- IPS --ASA1
Suppose I want to reset a telnet connection from R1 to ASA1 when the user types
show running-config how would I
signature config in text?
On 8/18/2012 4:12 PM, Bruno Silva wrote:
Hi Guys,
I was studying some IPS functions and I came accross the regex session,
which is no news to me but, I was wondering if I had the following cenario:
R1 -- IPS --ASA1
Suppose I want to reset a telnet
show conf on
IPS and copy-paste that specific signature.
Cheers
A.
On 8/19/2012 2:30 PM, Bruno Silva wrote:
Hi Alexei,
The reason that I am asking this is because I was testing and capturing
the traffic but aparently the telnet between cisco equipments sends each
char at the time
is not specific to Cisco gear.
I had no problem matching any specific regex with a regular TCP string
engine. That is why I asked to see your configuration. Just do show conf on
IPS and copy-paste that specific signature.
Cheers
A.
On 8/19/2012 2:30 PM, Bruno Silva wrote:
Hi Alexei,
The reason
is sending TO service, router is sending
FROM service.
A.
On 8/19/2012 4:03 PM, Bruno Silva wrote:
\s is the space I guess...And why should it be to service?
Bruno.
2012/8/19 Mike Rojas mike_c...@hotmail.com
Hey,
What is that \s? Also, it should be to service
Mike
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking
to.
___
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
if there's anyway of doing a static ip assignment to a
dynamic user mapping. First I though on doing this with radius but I could
not find any option that allow me to do it so...Can anyone help me with
that?
thank you very much!
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP
was helpful.
-Kevin Sheahan
On Thu, Jan 31, 2013 at 6:58 AM, Bruno Silva auranpr...@gmail.com wrote:
Hi guys,
I hoppe you all can help me to find out a thing that's been a pain here.
I'm using dinamic user mapping from active-directory to ACS and there are
some specific users that must have
begins when I set up
the new proxy and ISE environments for the lab. I don't know how to use them
but... Let's give it a try... My lab will tame place in the next july 4th in
São Paulo/ BR. As soon as I set ul the new environment I can send u my topology
if u like.
BR,
Bruno Silva
Enviado via
Well,
Last time I ran into a problem like that was an IOS issue, for some reason the
previous IOS used by me did not have compression, when I upgraded it, the new
IOS had compression so the exchange could never happen. Did you check this?
BR,
Bruno.
Em 22/02/2013, às 21:03, Kevin Sheahan
software and
remote configuration required to support IPsec VPN connections.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1053858
BR,
Bruno Silva
On ter, out 30, 2012 at 6:23 AM, Sheraz Sheraz
she...@live.com=mailto:she...@live.com; wrote:
DMVPN:
Dynamic
Really? Discussing HERE? Get a room...
--
Bruno Silva
Sent from Iphone
On Sat, Feb 23, 2013 at 3:39 PM, Jason D'Mello jasondmell...@gmail.com
wrote:
Yes they are proud.
I think your parents arent abt you.
hehehe
On Sat, Feb 23, 2013 at 10:44 PM, Piotr Matusiak pi...@howto.pl wrote:
You
me solve
various questions in the WB and during the exam. If studying hard is not enough
you are not worthy having the CCIE.
--
Bruno Silva
Sent from Iphone
On Sat, Feb 23, 2013 at 4:55 PM, Wayne Lawson
waynelawson-...@ipexpert.com wrote:
We're banning him.
Regards,
Wayne A. Lawson II
I am glad I could help.
BR,
--
Bruno Silva
Sent from Iphone
On Wed, Feb 27, 2013 at 12:05 AM, Piotr Kaluzny pio...@ipexpert.com
wrote:
Kevin
As a general guideline I'd say you should be familiar with a manual
navigation through the Doc CD and should only rely on the Command
References
that it
probably does not have an example of it. If I where YOU I would make sure that
I can do it without the configuration guide or, you can chop up the parts and
search for each one separately.
That`s my insight with this topic.
BR,
Bruno Silva.
Em 27/02/2013, às 23:44, Kevin Sheahan sheaha...@gmail.com
it in the 2800 series? Thanks!
--
Bruno Silva
Sent from Iphone___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
could help :-)
--
Marta Sokołowska.
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
For more information regarding industry leading CCIE Lab training, please visit
Amazing, nobody gives up...even though others got banned...
--
Bruno Silva
Sent from Iphone
On Sun, Mar 3, 2013 at 9:07 AM, James Rodriguez jamescisco2...@gmail.com
wrote:
Hello ALL,
I have ccie reallabs for v4.
Anybody interested in sharing, kindly email me at jamescisco2...@gmail.com
Thanx
That's exactly what I was about to ask... :P
--
Bruno Silva
Sent from Iphone
On Mon, Mar 4, 2013 at 8:56 PM, Kevin Sheahan sheaha...@gmail.com wrote:
Has there been any site updates to include this material today? I've been
checking and haven't seen anything.. thought maybe I was missing
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking
Same here... No new material... No donnuts for me...:(
--
Bruno Silva
Sent from Iphone
On Tue, Mar 5, 2013 at 12:46 AM, Jay McMickle jay.mcmic...@yahoo.com
wrote:
Same here.
Regards,
Jay McMickle- CCIE #35355 (RS)
Sent from my iPhone 5
Support me to fight MS!
http
Well, just for saying...I am getting really frustrated about the
material...Still doesn`t have access to the v4 audio and vol1...=\...The
worst part is that the link says v4 but when you download it`s still v3..=(
2013/3/5 Bruno Silva auranpr...@gmail.com
Same here... No new material
://www.twitter.com/ipexpert
Linkedin: www.WayneLawson.com http://www.linkedin.com/in/waynelawson
Skype: WayneLawsonIPexpert
Catalog: www.IPexpert.com/Catalog http://www.ipexpert.com/catalog
:: Message sent from iPhone
On Mar 4, 2013, at 11:35 PM, Bruno Silva auranpr...@gmail.com
Ops, my bad, just saw the WSA portion. sorry.
2013/3/5 Bruno Silva auranpr...@gmail.com
Ok Wayne, thanks for the feedback, so far nothing is changed.
Apart of that I have another question, isn't ironport a part of the new V4
blueprint? I can't see it in the material, can you tell me
this will work with main
mode is using certificates, with psk there's this limitation. If you use
aggressive mode it will come up because the message exchange witks differently
and the psk is exchanged after the name.
Hope it helps.
BR,
--
Bruno Silva
Sent from Iphone
On Fri, Mar 8, 2013 at 12
. The agressive mode is not considered very much secure.
Br,
--
Bruno Silva
Sent from Iphone
On sex, mar 8, 2013 at 1:21 AM, sofiene f
sofienef1...@gmail.com=mailto:sofienef1...@gmail.com; wrote:
Thanks Bruno for the response, to recapitulate, If I choose the second option:
( using aggressive
Hi Amrit,
DDoS captures are not easy to get because all DDoS attacks can be different and
have the packet manipulated. Two tools that you can use to manipulate the
packet and simulate DDoS attacks in order to try analizing them are hping and
t50.
Best regards,
Bruno Silva.
Em 23/03/2013, às
a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
For more information regarding industry leading CCIE
Hello Nathan,
What you can do to recover the password is the following, open the video port
behind the appliance, connect a monitor to it and reboot, you`ll maybe be abble
to reset it to the factory default.
Best Regards,
Bruno Silva.
Em 25/03/2013, às 19:24, Nathan Hunter nhunterc
Mike, so far I have the same issue. Last night I thought of just leaving 1
interface at all... And it still doesn't work properly... Anttime I set wccp
with transparent proxy the WSA can't get to the destination because of some
routing missbehavior... If you get an answer I would also use
Hi Mike! Did you get a solution os something with that? I've done so much until
now and so far I have nothing... Same behavior
—
Sent from Mailbox for iPhone
On Fri, Jun 14, 2013 at 9:30 PM, Jay McMickle jay.mcmic...@yahoo.com
wrote:
I think I see what you're saying. I went in and looked at
WCCP-PKT:D90: Sending I_See_You packet to 172.7.4.150 w/ rcv_id 0044
One thing I found was to kick the proxy, but I did it and it does not seem
to work at all...From what I have seen it looks like a common wccp problem
but I can't figure it out...Can anyone help me?
Thanks,
--
Bruno Silva
know why it tries to validate the
integrity of the certificate using the new interface instead of the old
ones.
Hope it helps.
BR,
Bruno Silva.
2013/7/11 Mike Rojas mike_c...@hotmail.com
Hi Piotr and Team.
So, I installed the WSA but when I try to load the config I get:
Configuration File
Well, that`s different then. What I guess that could`ve happened is that when
you imported the config file it came along with the certificate used by the old
Ironport or at least with the pointers. Did you check that?
BR,
Bruno Silva.
Em 11/07/2013, às 22:58, Mike Rojas mike_c...@hotmail.com
that?
BR,Bruno Silva.
Em 11/07/2013, às 22:58, Mike Rojas mike_c...@hotmail.com escreveu:Hi
Bruno;
I had to install it from scratch, I did not find a way to add another
interface to the VM. So I backed up the file, installed the WSA from scratch
and tried to upload the config, then I got
IronPort matches the
number of interfaces configured with the certificate validation, and then you
have to generate a new certificate for it and reboot it.
BR,
Bruno Silva.
Em 11/07/2013, às 23:25, Mike Rojas mike_c...@hotmail.com escreveu:
I'm gonna claim ignorance here. I just load the whole config
Hi Mike,
There's a vWLC which I personally use to study. You can download for free from
cisco's website and use for 8 weeks with trial license.
BR,
Bruno Silva
—
Sent from Mailbox for iPhone
On Tue, Jul 23, 2013 at 7:49 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi;
I got into ISE
) - configuring a VPN using the infrastructure you already
have. Maybe upgrading the band, but nothing as expensive.
2nd option - MPLS or Leased Line, which are more expensive but more secured
than using the internet to link 2 locations.
It all depends on the budget.
BR,
Bruno Silva
—
Sent from
environment
where the CA is separated from the NDES server. Do I have to create a
trustpoint to each server?
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
___
Free CCIE RS
Nat (interface) 1 your network
Global (external interface) 1 ip address
Where ip address can be interface and 1 can other number.
Enviado via iPhone
Em 19/02/2014, às 04:31, cisco 2006 inht...@yahoo.co.uk escreveu:
Dear All,
I need a sample of commends of how to configure NAT (
? Check out
www.PlatinumPlacement.com
___
Free CCIE RS, Collaboration, Data Center, Wireless Security Videos ::
iPexpert on YouTube: www.youtube.com/ipexpertinc
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Hi Dossou,
Are you sure you correctly enrolled to an scep endpoint? As for ur debug you're
trying to use an scep certificate that has not been signed.
If you are using scep you shoukd use enrollment-url
http://x.x.x.x:80/certsrv/mscep/mscep.dll and after that the certificate should
be issued
properly? Is there anything I should configure on the xml file?
I am pretty sure it`s something on the certificate matching but I can`t
find what. I`ll be very glad if you can help me. The attachment is the ASA
lab configuration that I am using so far.
Thank you,
--
Bruno Silva
Network
No one will even try to help me? I am kinda desperate...=\
2014-04-25 8:34 GMT-03:00 Bruno Silva auranpr...@gmail.com:
Hi Guys,
I have been trying to configure any connect dual authentication factor
with SCEP auto-enrollment. I was successful in configuring everything,
including the LDAP
using SCEP with windows server
the client should download the CA Root Certificate?
BR,
Bruno Silva.
2014-04-29 16:07 GMT-03:00 Fawad Khan fawa...@gmail.com:
Http server is listening on a non standard port, could this be confusing
the client?
Try default 443.
I am sorry, I am not into deployment
I thought that whenever we made the SCEP auto-enroll the certificate chain
should be provided from the server, not just the machine certificate
itself. Seems strange to me, gonna try installing the root ca certificate
and see what happens.
BR,
Bruno Silva.
2014-04-29 16:18 GMT-03:00 Fawad Khan
75 matches
Mail list logo