CCIE Security v5 LAB

Moderator: mike

Uldis (UD)
Posts: 5148
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: CCIE Security v5 LAB

Post by Uldis (UD) » Tue Jan 09, 2018 9:48 am

You can but result will be very bad, slow.
Specially if use slow SATA like 7.2K RPM

cciessj4
Posts: 4
Joined: Tue Oct 31, 2017 7:06 pm

Re: CCIE Security v5 LAB

Post by cciessj4 » Mon Jan 29, 2018 1:16 pm

Hello guys it´s possible to run multicontext on ASAV or ASA? I´m getting problem as it appears to have license problem. Thanks

Uldis (UD)
Posts: 5148
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: CCIE Security v5 LAB

Post by Uldis (UD) » Mon Jan 29, 2018 8:38 pm

asav does not support multiconetxt at all.

but mcontext active/active works fine on asa 8.4.2 or 9.1.5

cciessj4
Posts: 4
Joined: Tue Oct 31, 2017 7:06 pm

Re: CCIE Security v5 LAB

Post by cciessj4 » Fri Feb 02, 2018 1:17 pm

Ok Thansk for reply. Another question is, i´ve tried to add ACS accoridng to the tutorial provided, but when i start it in the lab and connect via console(telnet) nothing is showing... But if i start the VM in the VMWare it appears the setup, so i think the vm is ok...

I did the steps:

1) downloaded .iso from cisco
2) created and installed vm
3) exported ovf and got vmdk file
4) send it to eve via filezila
5) converted according commands provided
6) add the acs to topology and telnet to it, but nothing is showing on console.

Thanks for helping.

cciessj4
Posts: 4
Joined: Tue Oct 31, 2017 7:06 pm

Re: CCIE Security v5 LAB

Post by cciessj4 » Fri Feb 02, 2018 1:25 pm

Guys jut found the problem, in the tutorial the command is missing the number 2 here: /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ACS-disk1.vmdk hda.qcow <----
I add it and converted again, now its working. correct command: /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ACS-disk1.vmdk hda.qcow2 <----------

locals919@gmail.com
Posts: 6
Joined: Sat Jan 06, 2018 9:06 am

Re: CCIE Security v5 LAB

Post by locals919@gmail.com » Fri Feb 09, 2018 8:23 am

Hi All,

Any idea why i am getting this error when i give a command " crypto ikev1 enable outside ". I am condigurinig IPSec Site to Site VPN on ASA to ASA, version 9.15.

ERROR: CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed


Regards
Az

dan
Posts: 6
Joined: Sat Jan 27, 2018 11:30 pm

Re: CCIE Security v5 LAB

Post by dan » Sat Feb 10, 2018 4:18 am

@ cciessj4 : It might be worth noting that the 'word on the street' from current CCIE Security candidates is that ACS is not present in the Lab. The Focus is on ISE. Given that, it might not be worth trying to get ACS installed and demo licenced.

cciessj4
Posts: 4
Joined: Tue Oct 31, 2017 7:06 pm

Re: CCIE Security v5 LAB

Post by cciessj4 » Sat Feb 10, 2018 6:53 pm

Hello guys, I´m trying to do some ACL logging on the lab, but it´s not showing tcp/udp ports on that. In the past i was able to see when a packte was drop by acl, now I don´t no why it´s not showing. Any one have experienced that? It´s important for tshoot purpouses... Look, it appears as port zero. I´ve tried to do a telnet by the way. See:

Router(config)#
*Feb 10 16:33:13.652: %SEC-6-IPACCESSLOGP: list 100 denied tcp 10.3.0.1(0) -> 10.3.0.40(0), 1 packet
Router(config)#
*Feb 10 16:39:12.885: %SEC-6-IPACCESSLOGP: list 100 denied tcp 10.3.0.1(0) -> 10.3.0.40(0), 1 packet
Router(config)#
*Feb 10 16:39:43.130: %SEC-6-IPACCESSLOGP: list 100 denied udp 10.3.0.101(0) -> 10.3.0.255(0), 1 packet

I´ve changed the iol versions and tried on l2/l3 images, but got the same.

Thanks.

uita99
Posts: 1
Joined: Fri Mar 02, 2018 1:56 pm

Re: CCIE Security v5 LAB

Post by uita99 » Fri Mar 02, 2018 1:57 pm

thank you

locals919@gmail.com
Posts: 6
Joined: Sat Jan 06, 2018 9:06 am

Re: CCIE Security v5 LAB

Post by locals919@gmail.com » Sat Mar 10, 2018 9:15 am

Hi Ramindia,

Can you please guide us how to integrate real switch with your lab. I have a ready setup with everything which is required to start this lab.

Best Regards,
vbo

Locked