Hi Johan,
I would recommend you to focus on labs that are more core-technology
oriented and also on those you found difficult in the past.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sat, Feb 6, 2010 at 6:57
Kingsley,
PHDF files use the same logic as standard header-based matching. They were
created to streamline the configuration. In the lab exam, if they don't
specify the method in the question, feel free to choose the one you are the
most comfortable with.
Regards,
--
Piotr Kaluzny
CCIE #25665
Hi Javier,
During the exam time documentation shortcuts will be available for you.
White papers are not accessible, however.
I recommend you to get used to the following link :
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Jimmy,
Have you enabled EAP-MD5 under the Global Authentication section on the
ACS?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Feb 11, 2010 at 5:15 PM, Jimmy Larsson ji...@kvistofta.nu wrote:
Hi
I
Johan,
As far as I remember, IOS allows you to use typical network and wildcard
masks for object-groups. ASA supports only network mask.
The methods were mixed just to show you different ways of doing things.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer
Johan,
All in all I would recommend you to make your own diagram including things
like NAT and filtering (CBAC, ZFW, ASAs inside-outside). This is
particularly useful later in the lab.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http
Johan,
Looks there was a typo there - it should be 10.10.12.0 255.255.255.0
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Feb 17, 2010 at 10:35 AM, Johan Bornman jo...@isc.co.za wrote:
Hi,
Just
Kings,
Try to use the same FQDN. Otherwise set it to something similar to this :
group-url https://10.20.30.40/mine
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Feb 18, 2010 at 2:36 PM, Kingsley
fails).
Regarding the ASA - I found it depends on the soft version you have there. I
would recommend you to configure CN=FQDN and set IKE_ID to DN. If you still
experience any problems on ASA, turn off validation using peer-id-validate
command.
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr
Kings,
It depends on the question wording - if it is needed they may tell you this.
Otherwise go ahead and ask the proctor.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Feb 24, 2010 at 12:31 PM
Guys,
It is not so much of an issue on ASA, because by default ASA uses DN as
IKE_ID when certificates are used for IKE Phase I authentication. Keep this
command in mind when working with IOS, though.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert
Kings,
These are the Cisco recommended values (you can find them in the
documentation for this command) :
normal burst (in bytes) = configured rate (in bits per second) * (1 byte)/(8
bits) * 1.5 seconds
extended burst = 2 * normal burst
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP
Michael,
Please reload the devices and give it another try. Don't you have any
filters applied? If it does not help paste the configs.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sun, Mar 14, 2010 at 11:41
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 6:42 AM, Kingsley Charles
kingsley.char...@gmail.com wrote:
Hi all
Can someone please let me know, where we can find the RFC 3330 in the CISCO
Badar,
What are the ACS logs saying about this?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 2:19 PM, Kingsley Charles
kingsley.char...@gmail.com wrote:
Did you try confguring one
Kings,
If you are using an IOS device as a DHCP Server issue no ip dhcp snooping
information option and let us know how it goes.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 2:41 PM
Kings,
Can you see any bindings right now? Remember that you can always enable DHCP
Snooping debugs on the switch and see what is going on.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 3
Brad,
Yes, this is exactly what I ran into as well. Not sure if I could get
working both - HTTP and Telnet but it seems that Tyson is right. You are now
aware of it, would not expect to see it in the lab.
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc
Kings,
Debug looks good (looks option 82 is turned off). Are you using show ip dhcp
*snooping* bindings to check it?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 3:47 PM, Kingsley
Kings,
You are right but this was just to show/remind you about the existing
option.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Mar 16, 2010 at 1:16 PM, Kingsley Charles
kingsley.char...@gmail.com
Jimmy,
As far as I know that's the answer. Generally speaking IPsec tunnels were
not logical tunnel interfaces for routing purposes until the VTIs has been
introduced.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
Kings,
NBAR uses * as the wildcard (it is actually zero or more occurences of a
character), not ..
Please refer to this part of documentation :
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr
/technologies_q_and_a_item09186a00800e523b.shtml
Other than that I would recommend you to read NAT section from Cisco Router
Firewall Security by Richard Deal.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sun, Mar 21
Kings,
Here you go :
http://www.cisco.com/en/US/products/hw/routers/ps167/products_tech_note09186a008012fb87.shtml
Products - Routers - Service Provider Edge -Cisco 12000 -
Troubleshooting Technotes.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert
Michael,
This should be configured between R4 and R9. Please think what should the
ASA do in order to help get this to work.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Mar 23, 2010 at 8:09 AM, Michael
out a part of parameters based on
the AD hierarchy.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Mar 23, 2010 at 1:19 PM, Kingsley Charles
kingsley.char...@gmail.com wrote:
Hi all
I am trying
Kings,
Security - Firewalls - ASA - Configuration Examples TechNotes
Then just use CTRL+F and look for LDAP.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Mar 23, 2010 at 1:28 PM, Kingsley Charles
authorization.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Mar 26, 2010 at 2:33 PM, Jimmy Larsson ji...@kvistofta.nu wrote:
Hi dudes (dudettes?)!
I am playing with command authorization. Since ive never
command), the user was able to issue it.
To perform command authorization aaa authorization commands you have to
use TACACS+ (it cannot be done with RADIUS or locally). This means that part
of the configuration will be done on the Cisco ACS (AAA) server.
Regards,
--
Piotr Kaluzny
CCIE #25665
ipv4) and it
works.
Does that mean, IPSec VTI supports multicasting?
With regards
Kings
___
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP
/11 Piotr Kaluzny pio...@ipexpert.com
Jimmy,
ICMP_OBJ group covers Unix traceroute. It uses ICMP Type 3 Code 3 (Port
Unreachable) and ICMP Type 11 Code 0 (Time Exceeded; TTL exceeded in
transit).
Cheers,
Piotr K
On Fri, Jun 11, 2010 at 8:36 AM, Jimmy Larsson kvisto...@gmail.comwrote
?
/Jimmy
2010/6/11 Piotr Kaluzny pio...@ipexpert.com
Unix-based traceroute sends UDP probes (Port Unreachable is expected to be
received from the end device), whereas Windows-based sends ICMP Echo
Requests (expects Echo Replies from the end device).
Regards,
Piotr K
On Fri, Jun 11
.
Thanks for the help
Regards
Anantha Subramanian Natarajan
___
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert
Kings
On Wed, Jul 7, 2010 at 1:15 PM, Piotr Kaluzny pio...@ipexpert.com wrote:
Anantha,
Destination XLATE means an XLATE for the return traffic. For example, if
you PAT some traffic inside-outside (source translation), the return
traffic will be destined to the PAT IP address and port (so
Kashif,
You can use the set ip access-group statement under a crypto map or a
VPN-filter on the ASA.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jun 29, 2011 at 5:43 PM, Kash iqbal sama_1...@hotmail.com
Innocent,
That's a special identifier for router when it communicates with RADIUS to
download the policy. Simply put, the password has to be cisco.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Aug 2
Hi Jim,
The difference is that in this case there are 3 condition sets, each
containing only one element. The other way to configure this would be to use
only one condition set and then you would use AND inside and OR between.
Just another way of doing things.
Regards,
--
Piotr Kaluzny
CCIE
% verification tools. They work correctly in vast
majority of cases but not always. The best verification method for MPF is to
generate some traffic and look into the counters in the show service-policy.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc
Jim,
Awesome news! Contgrats!!
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Oct 5, 2011 at 7:31 AM, Jim Terry jim0te...@gmail.com wrote:
Hi all,
I passed and I want to thank everyone on this list
|Internet* (or just show run interface one by one).
Good luck.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Dec 21, 2011 at 4:14 PM, Fawad Khan fawa...@gmail.com wrote:
i would add
sh ip access-list (better
Merry Christmas guys.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sat, Dec 24, 2011 at 12:00 PM, Narbik Kocharians narb...@gmail.comwrote:
Merry Christmas and a happy new year to all.
On Sat, Dec 24, 2011
Eugene,
Did you enable shell (execution shell) authorization? Also if you want to
see the # - privilege exec mode, you must assign the user to at least
privilege level 2.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http
Diego,
Great news, way to go!
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sat, Jan 21, 2012 at 2:20 AM, Mark Senteza msent...@googlemail.comwrote:
Congratulation Diego,
Great number that is, no doubt
Kings,
You are right - it is often an overlooked concept. Basically it does not
work the same as MPF. Just verify with sh service-policy flow :
deny=true for domain=inspect X means that inspection was disabled for
protocol X.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr
Kings,
I might have mixed up the commands, cannot access the pod now - try
packet-tracer for verification.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Mar 22, 2012 at 7:11 PM, Kingsley Charles
the specified action off
for the flow - useful with inspect when you want to only allow passive or
active FTP, not both.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Mar 22, 2012 at 7:04 PM, Kingsley Charles
Eugene,
I don't believe match not is available in L3/4 class-map, at least it was
not in older versions of code
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Mar 22, 2012 at 7:48 PM, Eugene Pefti eug
Hi Ben
Whatever is in the blueprint can show up on the exam.
The verification for the type of stuff you mentioned is either based on
running config or show commands.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
://www.ipexpert.com/Cisco/CCIE/Security/Lab-Boot-Camp/10-day-bootcamp
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Jun 14, 2012 at 11:48 PM, Matt Hill mayd...@gmail.com wrote:
Am I on drugs, or is there not a bootcamp
Kings,
Packet Tracer is buggy in multiple context mode (some certain scenarios).
Maybe they fixed it in 8.2, but not 100% of that.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jul 4, 2012 at 3:49 PM
Kings
Woow, finally :) Damn well deserved - congrats!
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Jul 6, 2012 at 3:32 AM, Kingsley Charles kingsley.char...@gmail.com
wrote:
Hi all
8 years dream
Kevin
As a general guideline I'd say you should be familiar with a manual
navigation through the Doc CD and should only rely on the Command
References and Configuration Guides.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http
Kevin
This is an example of document that, as far as I know, is not part of any
configuration guide/command reference.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Feb 28, 2013 at 3:44 AM, Kevin
Bruno
This is correct, only ISR G2
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Mar 1, 2013 at 4:40 AM, Bruno Silva auranpr...@gmail.com wrote:
Hey guys,
Quick question, I was trying to run IOS 15
that it follows the same structure.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
___
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
a quick demonstration of this new solution
you can take a look at our website using the following link :
http://www.ipexpert.com/cisco/ccie/online-hd-ilt
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
=rssutm_medium=rssutm_campaign=whats-new-ipexperts-march-2013-newsletter-for-cisco-certification-candidates
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
___
For more
Daljeet
DSG will be released the week March 25th.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Mar 15, 2013 at 2:58 AM, Daljeet SinGH dalsbeh...@gmail.com wrote:
Hi Wayne,
By when DSG
. IPv4 multicast traffic
is dropped from higher to lower - then you could create a permit all ACL
for the inside, but once again - unless they tell you be specific.
That would a good question to the proctor, by the way.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical
Hi
99% people I know will configure it through the IDM (unless this is really
basic stuff) but both methods are listed on the blueprint.
Just in case Java/GUI crashes ;)
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http
an individual
interpretation of the tag. Like on NAD1 tag RESTRICT maps to ACL1 User
X vs on NAD2 it calls out ACL2 User X.
Just in case you want to play with it - the RADIUS attribute used here is
tag-name.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert
Hi
1. Because the command takes bytes, not bits. The last paragraph of the
solution mentions that
2. This is for IPv6
3. IP Protocol 4 is IPIP, then 1 is ICMP, ICMP Type 8 is Echo Request
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL
Hi
Just login and navigate under Go To Current vRack Sessions button on the
left pane, right below Proctor Labs Current Time. If this button is not
visible to you it means your session is not scheduled for right now.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical
Joe
Auto-NAT is for simple source translations and/or redirection. Manual NAT
is what you have to use when you want to add some policy/conditions to the
equation, like when you want to only translate packets going to a
particular destination
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP
Paul
This depends on the internal priority of inspection engines implemented on
the ASA which is something you cannot modify. I think 8.2 conf guide has a
table showing you the exact order.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL
Hi Ayaz
Please contact support
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jul 3, 2013 at 5:17 AM, Ayaz Merchant merchanta...@gmail.comwrote:
Hi All,
Does anyone know how to initialize ISE. I am
Hi Dan
Please double-check the routes. If traffic between the interfaces with the
same security level was allowed, you should be good.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sat, Jul 6, 2013 at 10
Guys
Apologies for any inconvenience. We are aware of the problems related to
the revert/load configs functions and this will get fixed soon.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Sun, Jul 7, 2013
Mike
Not sure if this is what you are asking for but you can use
interfaceconfig to add P1/P2 to the mix.
If you want to use L4TM just go under Network - Interfaces; port should be
already activated. To modify physical settings for any port, including
T1/T2, use etherconfig.
Regards,
--
Piotr
Hi Dan
We're gonna make significant updates to the security pods very soon, which
will include rebuilding some of our VMs to increase their speed and improve
user experience.
Apologies for any inconvenience.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor
Mike
Please give it a try with IE again but either use version 9 or enable
Compatibility Mode (press ALT, then tools - Compatibility Mode I believe
is how you enable it).
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http
Hi Patrick
Do you have an SVI for VLAN 40? Also did the client obtain an IP address?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Sep 3, 2013 at 10:21 AM, Patrick Ogenstad
patrick.ogens
Daljeet
What is the # pod you are talking about? It definitely should not be the VM
what causes problems here; did you move the PC to the same VLAN where you
have your IPS management port? Just make sure the traffic is not going
through any FR or just serial links.
Regards,
--
Piotr Kaluzny
CCIE
I will send a separate e-mail when we are done with all the remaining
upgrades.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Sep 12, 2013 at 2:33 PM, Daljeet SinGH dalsbeh...@gmail.com wrote:
Can
Mark
Configuration Examples and Technotes, as far as I know, will not be
available. But the conf/reference/end guides you should be able to access.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Sep 12
- Secure Connectivity - GET VPN.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Sep 19, 2013 at 10:29 PM, Rieber, Mark mark.rie...@nexusis.comwrote:
** **
Does anyone know where the GET VPN configuration
Todd
Version 4 is what's being tested now.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Sep 25, 2013 at 8:42 PM, Todd Heide t...@equivoice.com wrote:
What lab are they doing now, 3 or 4? Not sure
4.0 is 3.0 + a lot of new technologies/features. This means that 3.0
materials are still valid for a significant part of the blueprint.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Sep 25, 2013 at 8
Guys
IPexpert has an unbelievable deal for CCIE Security candidates this weekend
only: Buy our incredibly thorough CCIE Security Lab VoD for only $199 and
receive 4 free Security rack vouchers at no additional cost. This package
is a $599 value and features Piotr Kaluzny (CCIE Security #25665
Mike
It should work. Just make sure to convert it to a lightweight AP
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Oct 4, 2013 at 10:14 PM, Mike Rojas mike_c...@hotmail.com wrote:
Hi;
Would
– Device
Sensorhttp://www.youtube.com/watch?v=h571K91GWCAfeature=youtu.be
*
*RS: http://www.youtube.com/watch?v=mGblyTKAGIkPrivate VLANs –
Configuration, Operation and
Troubleshootinghttp://www.youtube.com/watch?v=mGblyTKAGIk
*
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr
Jeremy
You have enabled VPN on Loopback0 (7.7.53.3) but you say that your trigger
ACL is sourced off 33.33.33.33. So what is the traffic you are trying to
protect here?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Technical Instructor - IPexpert, Inc.
URL: http
Look at the NHRP table. You should see full prefixes (subnets) instead of
/32 entries. Generally speaking NHRP table overrides CEF - so even that NH
points to the Hub, when you trace you should see packets flowing directly
between the Spokes.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP
this is when IPS is telling you that it
has seen 5 attacks from 7.7.3.10 total, no matter how many victims there
was in this interval (it replaces Victims' IPs with 0.0.0.0).
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco
Mark
Go ahead and use this document :
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_2_se/configuration/guide/swipv6.html#wp1130142
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco
Can you also send the output of show run | s lwapp from the AP?
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1.810.332.1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free
Kevin
Thanks for your kind words and, again, HUGE congratulations!!
Enjoy your holidays, well deserved :)
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1.810.332.1444
:: Free Videos
Mark
You can move the PC back and forth between the VLANs as you need. Just
remember to put it in the correct VLAN at the end.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct
Hi Jeremy
Please try to retrieve the key (Known Hosts) - this way you'll figure out
what the values are. Then add it under Authorized Hosts, make sure the
switch is added to the mgmt ACL on the IPS and try to use SSH version 1 (ip
ssh version 1).
Regards,
Piotr Kaluzny : Sr Instructor
It is a newer way + admission allows you you to configure a consent
feature.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1.810.332.1444
:: Free Videos http://www.youtube.com/ipexpertinc
Along with the Consent feature :
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_auth/configuration/15-mt/sec-cons-feat-rtrs.html
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810
Joe
I guess the reason is you don't really let your customers know about your
physical ASA setup. Same stuff as the ability to hide physical interface
capabilities and even their names.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World
products are part of our “Next Generation” product portfolio, and are
available today!
Samples can be seen (links above).
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
Hi Jason
Good luck!
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free Training / Product Offerings https
Dan
Once again - congratulations. Fantastic job!
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free Training / Product
and Procedures, Best
Practices and Standards section of the blueprint.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free Training
Security The Complete Reference, Second Edition (fragments)
y) Information Security Risk Assessment Toolkit (fragments)
As far as Volume I is concerned it depends on your experience. Some people
may need 100 hours, some others may need more.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http
.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free Training / Product Offerings https://www.facebook.com/IPexpert
Yeah you've got a lot from my list. Stick to it, just skip FWSM.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
:: Free Videos http://www.youtube.com/ipexpertinc
:: Free
Did you try to assign it to another VS? Or leave it unassigned? I had a
similar problem but one solution finally worked.
Regards,
Piotr Kaluzny : Sr Instructor : iPexpert http://www.ipexpert.com
CCIE # 25665 :: Security
*:: World-Class Cisco Certification Training*
Direct: +1-810-326-1444
1 - 100 of 106 matches
Mail list logo