Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

7 Neutral

About cursplatt

  • Rank
    Junior Member

Recent Profile Visitors

33 profile views
  1. 300-208 Cisco Press book has the subject depth and covers all the exam objectives and has decent examples. I like K. Barker usually, but his CBT Nuggets for CCNP Security are over-simplified. Beware the 300-208 course completely skips wireless configuration in regards to ISE or 802.1X - he refers you to his CCNA wireless course, but that doesn't cover anything outside of setting up a RADIUS server for authentication on a controller. This Nuggets course is far from enough to get you prepared for the test. Haven't seen the 300-209 book yet, but likely worth it. The CBT Nuggets (you need to view both 300-209 and the old VPN 642-648 course) aren't bad - better than the IP Expert course. One thing to beware of: you need to know how to setup VPNs on the ASA via the command line for BOTH ASA and IOS routers. All of K. Barkers demos use the GUI (or even the wizard - ack! ) when it comes to ASAs. I'm still trying to find decent material for the 300-207 test. The only thing I've found is the IP Expert course. I'm not very impressed with the security track, so you might think about doing data center instead - it may be more useful to you. The security track is already kind of old (no firepower stuff) and very proprietary outside of 300-209 - IPSec and SSL VPNs, and the stuff in 300-206 (which is all pretty much review from the CCNA security course). There are general concepts that might help, but it feels I'm getting testing more on how Cisco's software works (old versions of it at that!), than anything. I suppose you could say the same thing about data center, but UCS is really gaining market share and there are fewer players there (pretty much HP and Cisco from what I've seen). There are tons of firewall, VPN appliances, IPS appliances, on the market, and some of them are better than Cisco's products (Palo Alto, etc) so unless you end up in a Cisco shop, it's unlikely you'll find companies using ISE and not Aruba ClearPass, etc
  2. Can someone share again - it's already gone. Thx.
  3. Here's the tutorial: [Hidden Content] Here's crack: [hide][Hidden Content]]
  4. This course has a great walkthrough on setting up APs with vWLCs. I came across some additional challenges concerning certificates, but nothing more too difficult to surmount. [Hidden Content]
  5. those 3 commands are all you need, but make sure last one is like: http inside This would allow any browser coming with an address in the range to access ASDM, assuming this same network is assigned to the interface named "inside" on the ASA. To eliminate the guess work, you can also use: http 0 inside
  6. Going rogue huh...or implementing some new shadow IT? Since you have physical access to the switches you could simply do the password recovery method to change the console password.... What's the purpose of the new server? File sharing? Application server? Why does it need to be onsite? Depending on the answers, there are oodles of cloud services ready to help you implement any layer of your shadow IT project and subvert your parent company's IT dept. For example, if you need your own server to run a custom app, use an infrastructure as a service provider like Amazon or Azure. If you need file sharing or document collaboration, there's lots of options there too as I'm sure you're aware: box, Google Drive, Office 365 (Sharepoint), etc, etc. If you want to have something onsite, get a box to run ESXi or HyperV, Xen, whatever. Buy a used ASA 5505, generate a key, setup NAT and if you're paranoid and depending on what the VMs are running, use Clientless SSL VPN to access the servers from the workstations or install Anyconnect on the users' machines to VPN into the VM's. You'll have some challenges getting access to this onsite server from outside your company, and you'll have challenges since you likely don't control DNS, but with just 4-5 users, you can add names to their host files, for example, and you could add a cheap internet connection to the ASA. But remember to think about backup/restore for whatever you're doing, and prevent losing everyone's work, otherwise you and your GM aren't doing anyone a favor.
  7. I've noticed that whenever I restart the virtual controller, the evaluation license countdown seems to reset??
  8. Altho the same flexlm crack for ISE works for ACS as well (haven't tried 5.7 yet), but no keygen or license file.
  9. Sure, did you fix the addresses in the keyrings?
  10. Those additional commands are not needed, since it's quite unlikely someone will be unplugging your vmware cluster NICs and plugging in a rogue switch. The last two commands are for quality of service, which will require a lot more commands to work as desired, so also not needed. Depending on the switches you're using and if they support ISL you may also need "switchport trunk encapsulation dot1q" . And yes, use "spanning-tree portfast trunk" if the spanning tree mode on the switch is set to the default per-vlan spanning tree and not rapid spanning tree. And remove the storm-control commands, as flavakid says, those are just going to create trouble for you.
  11. The basics (hostname, IP address of the server, gateway, domain name, dns server, ntp server) are at the console. Just do a "show running-config" to see the current settings and change them with the IOS router style "no" to remove them. Some settings may require the ISE application to restart, some may require a reboot.
  12. As a troubleshooting step remove the encryption from the tunnel by removing tunnel protection ipsec profile default on both tunnel interfaces. Check if you can ping the other tunnel interface address now. If you can, then you know routing is working and it is the negotiation of the IKEv2 tunnel or child tunnel. But it's probably not routing because you have typos in your keyrings, 209.161.201.x should be 209.165.201.x.
  • Create New...