Recent content by khaiyang

I think so. I will be sitting for this paper soon, so i am afraid this. Personally, i think they will update the official student guides (current version 3.2) first before it'll reflect on the exam. :) United, We Stand

I took the single paper, but during my preparation, i study both. I find the singler paper in the overall easier but it covers less topic like "remote access", but you have to study into deeper for every chapter, of course. United, We Stand

i think you already have "sysopt connection permit-ipsec" , otherwise ur PING will not able to get thru vpn tunnel. Let us know your "interesting" traffic that is triggering the VPN, if you specify only ICMP/PING in the access-list, u cannot run VNC and any other application. I think there is...

I use "clear crypto isakmp sa", basically will clear the previous connection vpn. United, We Stand

Hi, I had the similar questions b4, please read : http://www.tek-tips.com/viewthread.cfm?qid=1037778&page=2 . Apparently if u wanna get from cisco, upgrade to the 128MB is the only option. United, We Stand

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml#authen_author

apart from TACACS+ and Radius, PIX also support local authentication. It means the username/password is stored locally inside pix configuration. Alternatively, u can download a 90days trial of Cisco Secure Access Control Server CSACS software from cisco website.

He may have reason to use 193.168.x.x instead of 192.168.x.x , but having : route outside 0.0.0.0 0.0.0.0 193.168.2.1 1 would sure give problem bcos pointing to pix itself means no traffic would able to route out. Since you're using pppoe, i guess u need : ip address outside pppoe setroute (the...

for the NAT [id] statement, u need another global [id] statement to take effect. So i think you miss out : global (outside) 1 interface (this will translate the internal ip to pix outside interface ip , which is 192.168.20.219) also you need to add this : access-list outside_in permit icmp any...

if ur vpn tunnel is a site-to-site (network to network), most probably you've already configured the whole network as the "interesting" traffic, and as long as the printer is treated as one host within the remote network, there should be any problem. pls let us know if u still face any...

perhaps you should provide more information so that people here can help to troubleshoot. By default, traffic from more secured interface can access the less secured interface without having specify any rules, all you need is the "nat" and "global" command to perform addression translation...

ya, many people recommended testking, so here i have the latest version with me. Planned to skip the boson software simulation exam questions though there are more than 1000 of them, but i am afraid some questions are really outdated. Will focus on the original test simulator come with...

ops, didn't realize it was a old post. :) Wish me luck, i am doing many simulation exams to prepare for it.

Yes, i tried it. :) And I have to go into monitor mode to load back the original 6.3(4) file. Placed my order for the 128MB RAM, will feedback once managed to upgrade it.

As I understand, the current 642-521 CSPFA paper is based on PIX Firewall version 6.3. I talked to a trainer that day and the official Cisco Student Guide they used is still at version 3.2 (as Cicso also recommend training course in their website - "....Candidates can prepare for this exam by...