Jump to content

hoadqtk4

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

6 Neutral

About hoadqtk4

  • Rank
    Member

Contact Methods

  • ICQ
    0
  • Yahoo
    hoadq_tk4

Profile Information

  • Gender
    Male
  • Location
    Viet Nam
  • Interests
    Cisco networking and security
  1. Hi, You can see this slide below for Cisco Nexus 1000 Series Overview. I will have an overview about Cisco Nexus 7000 for later post. Thanks. Introducing the N1K.rar
  2. i can't down from those source sites, any body kindly upload to mediafire or 4shared, thanks so much
  3. i'm searching it, too... does anyone pass this exam, plz share p4s, testking. thanks so much
  4. hi copycat221, I think u have to create 2 classes and insert them to only 1 policy then apply to in/out side maybe the same here: ASA# write terminal : Saved : ASA Version 8.0(2) ! hostname ASA enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 10.4.16.101 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Ethernet0/4 shutdown no nameif no security-level no ip address ! interface Ethernet0/5 shutdown no nameif no security-level no ip address ! passwd 2KFQnbNIdI.2KYOU encrypted boot system disk0:/asa831-k8.bin ftp mode passive dns domain-lookup outside dns server-group DefaultDNS name-server 10.0.0.1 name-server 208.67.222.222 name-server 208.67.220.220 access-list in_out extended permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-602.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 192.168.1.0 255.255.255.0 access-group in_out in interface outside route outside 0.0.0.0 0.0.0.0 10.4.16.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no crypto isakmp nat-traversal telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list ! class-map type inspect im match-all clm_t_i_i match protocol yahoo-im match ip-address 192.168.1.100 255.255.255.255 class-map clm match port tcp range 1 65535 class-map inspection_default match default-inspection-traffic class-map type inspect im match-all clm_t_i_i1 match protocol msn-im match ip-address 192.168.1.101 255.255.255.255 ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp policy-map type inspect im plm_t_i_i parameters class clm_t_i_i drop-connection log class clm_t_i_i1 drop-connection log policy-map plm class clm inspect im plm_t_i_i ! service-policy global_policy global service-policy plm interface inside prompt hostname context Cryptochecksum:8eaef01fbfca93d7a90c0fcc5a290267 : end [OK] ASA# I filtered msn at PC (192.168.1.101) and yahoo at PC (192.168.1.100) and test successfully with them. Cheers
  5. Hi, i think it still works correctly but in lab below, i want to do formally. if following you do, everyone can't distinguish "match any" & "match all" they 're only in class-map for ex: thanks for sharing...
  6. Hi all, who did anyone simulate ASA v8.3(x) in GNS3 or VMware? canbe share it? i tried with unpack tool in [Hidden Content] but not successfully i excuted successfully with ASA 8.0(2) with that way. help me plz... thanks so much.
  7. In GNS3, capture command only works with interface Serial, not works with other interface (ex: ether, fast ether...)
  8. LAB filter IM (Yahoo messenger) with this lab, you can filter im by im-id, ip address, protocol, etc... Topo: and then, you can check it, so here: thanks and best regards
  9. have just passed SNRS today, and finished CCSP. P4S 127QAs 's still valid
  10. Dear all, Today, i 'll introduct to everybody Public website over ASA LAB. Interface connected to Internet is Ethernet 0, Outside interface. Interface connected to User is Ethernet 1, Inside interface. Interface connected to Web server is Ethernet 2, DMZ interface. This is Configuration file : ASA# write terminal : Saved : PIX Version 7.2(3) ! hostname ASA enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface Ethernet0 nameif outside security-level 0 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet1 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 ! interface Ethernet2 nameif dmz security-level 50 ip address 172.16.1.1 255.255.255.0 ! interface Ethernet3 shutdown no nameif no security-level no ip address ! interface Ethernet4 shutdown no nameif no security-level no ip address ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive [b] access-list in_acl extended permit icmp any any access-list in_acl extended permit tcp any host 192.168.1.10 eq www [/b] pager lines 24 mtu outside 1500 mtu inside 1500 mtu dmz 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 [b] global (outside) 1 192.168.1.5-192.168.1.6 global (outside) 2 192.168.1.7-192.168.1.8 global (dmz) 1 172.16.1.5-172.16.1.6 nat (inside) 1 10.1.1.0 255.255.255.0 nat (dmz) 2 172.16.1.0 255.255.255.0 static (dmz,outside) 192.168.1.10 172.16.1.2 netmask 255.255.255.255 access-group in_acl in interface outside[/b] timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0 ! ! prompt hostname context Cryptochecksum:00000000000000000000000000000000 : end [OK] and this was test process in Inside - PC: and test process in Outside - PC: Wish everybody successfully. Thanks and BRs -------------------- Doan Quang Hoa adverts removed
  11. Dear all, today, i will introduct ASA Active/Standby Failover LAB, hope it can help you in works. Topology: and this is configuration on Primary ASA: ciscoasa# ciscoasa# conf t ciscoasa(config)# hostname pri pri(config)# interface e0/0 pri(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. pri(config-if)# no shutdown pri(config-if)# ip address 192.168.1.111 255.255.255.0 standby 192.168.1.222 pri(config-if)# exit pri(config)# interface e0/1 pri(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. pri(config-if)# ip address 192.168.111.1 255.255.255.0 standby 192.168.111.2 pri(config-if)# no shutdown pri(config-if)# exit pri(config)# interface e0/2 pri(config-if)# no shutdown pri(config-if)# exit pri(config)# failover lan unit primary pri(config)# failover lan interface test e0/2 INFO: Non-failover interface config is cleared on Ethernet0/2 and its sub-interfaces pri(config)# failover interface ip test 10.1.1.1 255.255.255.0 standby 10.1.1.2 pri(config)# failover pri(config)# . No Response from Mate Beginning configuration replication: Sending to mate. End Configuration Replication to mate pri(config)# show failover Failover On Failover unit Primary Failover LAN Interface: test Ethernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 8.0(2), Mate 8.0(2) Last Failover at: 00:13:58 UTC Nov 30 1999 This host: Primary - Active Active time: 17 (sec) slot 0: empty Interface outside (192.168.1.111): Normal (Waiting) Interface inside (192.168.111.1): Normal (Waiting) slot 1: empty Other host: Secondary - Standby Ready Active time: 0 (sec) slot 0: empty Interface outside (192.168.1.222): Normal (Waiting) Interface inside (192.168.111.2): Normal (Waiting) slot 1: empty Stateful Failover Logical Update Statistics Link : Unconfigured. pri(config)# show failover Failover On Failover unit Primary Failover LAN Interface: test Ethernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 8.0(2), Mate 8.0(2) Last Failover at: 00:13:58 UTC Nov 30 1999 This host: Primary - Active Active time: 53 (sec) slot 0: empty Interface outside (192.168.1.111): Normal Interface inside (192.168.111.1): Normal slot 1: empty Other host: Secondary - Standby Ready Active time: 0 (sec) slot 0: empty Interface outside (192.168.1.222): Normal Interface inside (192.168.111.2): Normal slot 1: empty Stateful Failover Logical Update Statistics Link : Unconfigured. then, this is Secondary ASA: ciscoasa> en Password: ciscoasa# conf t ciscoasa(config)# interface e0/2 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit ciscoasa(config)# failover lan unit secondary ciscoasa(config)# failover lan interface test e0/2 INFO: Non-failover interface config is cleared on Ethernet0/2 and its sub-interfaces ciscoasa(config)# failover interface ip test 10.1.1.1 255.255.255.0 standby 10.1.1.2 ciscoasa(config)# failover ciscoasa(config)# exit ciscoasa# fa.. Detected an Active mate Beginning configuration replication from mate. Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel WARNING: Config register and NV boot data structure damaged, it has been recreated. Failed to write offset 218 to IDPROM ARRAY slot 0,I2C addr 0x4, dev 0xb0, error 7ERROR: Password recovery was not changed, unable to access the configuration register. Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel Failed to change interface status: cannot get channel End configuration replication from mate. pri# show failover Failover On Failover unit Secondary Failover LAN Interface: test Ethernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 8.0(2), Mate 8.0(2) Last Failover at: 00:00:00 UTC Nov 30 1999 This host: Secondary - Standby Ready Active time: 0 (sec) slot 0: empty Interface outside (192.168.1.222): Normal (Waiting) Interface inside (192.168.111.2): Normal (Waiting) slot 1: empty Other host: Primary - Active Active time: 13 (sec) slot 0: empty Interface outside (192.168.1.111): Normal (Waiting) Interface inside (192.168.111.1): Normal (Waiting) slot 1: empty Stateful Failover Logical Update Statistics Link : Unconfigured. pri# pri# pri# show failover Failover On Failover unit Secondary Failover LAN Interface: test Ethernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 8.0(2), Mate 8.0(2) Last Failover at: 00:00:00 UTC Nov 30 1999 This host: Secondary - Standby Ready Active time: 0 (sec) slot 0: empty Interface outside (192.168.1.222): Normal Interface inside (192.168.111.2): Normal slot 1: empty Other host: Primary - Active Active time: 55 (sec) slot 0: empty Interface outside (192.168.1.111): Normal Interface inside (192.168.111.1): Normal slot 1: empty Stateful Failover Logical Update Statistics Link : Unconfigured. wish you successfully! Thanks and BRs --------------------- Doan Quang Hoa (Mr.) adverts removed
×
×
  • Create New...