IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.

Search

Page 1 of 3 (26 items) 1 2 3 Next >
  • Re: Issue with ASA 5510 IOS 7.0(8) unable to run verify command for md5 check

    The verify command was introduced in 7.2.1. I think the best you can do is md5 sum the image prior to uploading it to the device. That will prove it to be authentic. Then after it has been rebooted on to the new code, then you can verify the image to be comfortable that there has been no corruption in transit from the pc to appliance. I know it is a
    Posted to CCIE Security Technical (Forum) by pestewart on 05-07-2010
  • Re: ios static nat

    In IOS, it just need to not match a dynamic nat or other static nat entry. You don't need a similar command in IOS.
    Posted to CCIE Security Technical (Forum) by pestewart on 05-07-2010
  • Re: ASA NAT problem

    Is the DNS server on the inside, or outside? If it is on the outside, it should have the 'a' record that is the outside reachable IP. If it is inside, the 'a' record in the zone file should be that of the internal address. To test, issue a dns query through it to the dns server. For example: nslookup server <IPAddrOfDNSServer>
    Posted to CCIE Security Technical (Forum) by pestewart on 05-01-2010
  • Re: DMVPN Header

    I think I understand what you are asking now. The left most or outermost IP address information in transport or tunnel mode is the endpoints of the IPSEC SA. This is derived from the tunnel source and tunnel destination typically. In DMVPN, the tunnel destination is not specified so this is derived from NHRP. So to what you are asking, this is the public
    Posted to CCIE Security Technical (Forum) by pestewart on 04-24-2010
  • Re: DMVPN Header

    I think you have it correct. I'm not sure of the additional detail you desire, but I think the following is what I'd expect to see. In transport mode |IP|ESP|GRE|IP|DATA| In Tunnel Mode |IP|ESP|IP|GRE|IP|DATA| Since this is encrypted, it is a bit hard to prove with Wireshark. However, that would still be my recommendation if you want to prove
    Posted to CCIE Security Technical (Forum) by pestewart on 04-24-2010
  • Re: CRYPTO ISAKMP PROFILE config

    That error is only a problem if this device is in the responder role of the isakmp session. If this is in the initiator role, it just needs to be hooked to the crypto map entry as follows. crypto map MYMAP 10 ipsec-isakmp .... .... set isakmp-profile VPN-PROFILE ... When the device is initiating the connection, it uses the isakmp-profile bound to the
    Posted to CCIE Security Technical (Forum) by pestewart on 04-16-2010
  • Re: 802.1x and Tacacs+

    According to the doccd in regards to the "aaa authentication dot1x group" command-- "Though other keywords are visible in the command-line help strings, only the default and group radius keywords are supported." http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/command/reference/cli1.html#wp11886110
    Posted to CCIE Security Technical (Forum) by pestewart on 02-26-2010
  • Re: Call Admission Control for IKE

    I agree on the lack of clarity in this topic. I feel like the document was partially modified after the load command was added. I would like clarification as well.
    Posted to CCIE Security Technical (Forum) by pestewart on 01-11-2010
  • Re: Security Context and VPN IPSEC

    The only IPSEC that is permitted in multiple context is for device administration. Other than that VPN, Dynamic Routing Protocols and Multicast Routing is not permitted. Multicast bridging is supported. Additionally, all contexts must be in routed or transparent mode (a mixture is not permitted). I think the DocCD lists the limitations for multi-context
    Posted to CCIE Security Technical (Forum) by pestewart on 12-07-2009
  • Re: PVLAN

    PVLAN can span to different switches but does not support vtp. You simply trunk the the assocaited vlans. With pvlan, there are community, promiscuous and isolate ports. With PVLAN Edge, it is specific to a switch. So any port tagged with "switchport portected" cannot communicate with another switchport in the same VLAN tagged the same. However
    Posted to CCIE Security Technical (Forum) by pestewart on 12-05-2009
Page 1 of 3 (26 items) 1 2 3 Next >
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved