Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | chavara-matekwe |
View: | 222 times |
Download: | 0 times |
of 24
8/3/2019 Security Rack FAQ
1/24
Network Learning Inc
www.ccbootcamp.com
Security
REMOTE RACK ACCESS FAQ v3.5.0
05-01-2009
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
2/24
2
Table of Contents
Read Me First...............................................................................................................................................Usage Information for R&S/Security/SP Racks 1-10....................................................................................Fixed Frame-Relay Configuration Information..............................................................................................
Actual Frame Relay Router Configuration ................................................................................................Remote Power Cycle Instructions for Racks 1-10 ...................................................................................... 1FAQ for Most Common Remote Rack Usage Problems ............................................................................ 1RACK Cabling Diagram.............................................................................................................................. 1CCIE Security Rack Specific Information ................................................................................................... 1
RDP and VNC......................................................................................................................................... 1ACS / CA Access.................................................................................................................................... 1
CCIE Security Rack Connectivity Example ................................................................................................ 1Accessing the test PC............................................................................................................................. 2IPS Layout and Management ................................................................................................................. 2ASA Management................................................................................................................................... 2
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
3/24
3
Read Me First
Even before your virtual rack session starts, please make sure to read this document THOROUGHLY!
** If no one was on your rack in the prior session, you probably need to power on your devices. You cando so using the connection from your access-server to your APC power controller performing the stepssted in the remote power cycle instructions, or you can use our rack automation control page (preferred)
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
4/24
4
Usage Information for R&S/Security/SP Racks 1-10
. If you must use passwords on your routers please use "cisco" in case you forget to erase yourconfigurations. This saves us from having to password break the routers before the next student starts.Very important!
2. Your 8 hour session will be terminated exactly on time so please plan ahead and save your
configurations and erase the routers.
3. Your 8 hour session may start up to 5 minutes late as we terminate the previous customer and seteverything up for your session.
4. Hardware or access problems with the remote racks can be solved by reaching us here:http://www.ccbootcamp.com/rackhelp.html
5. Customers are expected to erase all the configurations at the end of their session.
6. This rack is available in three time blocks.
Racks have fixed start times (PST)Session 1 00:00-08:00Session 2 08:00-16:00Session 3 16:00-24:00
7. Remote rack reservations must be paid in advance before they are secured. Refunds are not providedor scheduled lab access. You can reschedule up to 2 hours prior to your timeslot if it is an emergency anyou can not make your session.
All racks have a dedicated Cisco 2611 for reverse telnet. This router will only be configured for reverse
elnet and will not be used for anything else in the practice labs.
Racks have a fixed physical configuration. We have setup a very flexible configuration with all the FastEthernet interfaces plugged into the Catalyst. Use VLANs as necessary to place interfaces as necessarynto broadcast domains.
The frame switches on the racks have a fixed configuration! This fixed configuration is a full mesh. FrameRelay configuration is on the following pages.
When you telnet to the racks you will not have access to enable mode. Your prompt will appear as below
example given for rack#1):
Rack-1>
Below are the only commands you will have access to:
access-enableclear Resetconnect
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
5/24
5
disconnectenable (your password won't work here, you don't have access to enable mode)exitoginogoutesume
showclear linesystat
You can access the other devices on the access-server in your rack with the hostnames below:
Device Hostname
2811 Router 1 r1
2811 Router 2 r2
2811 Router 3 r3
2811 Router 4 r4
2811 Router 5 r5
2811 Router 6 r62811 Router 7 r7
2811 Router 8 r8
2811 Backbone Router 1 bb1
2811 Backbone Router 2 bb2
3640 Backbone Router 3 bb3
Catalyst 3560 Switch 1 cat1 orsw1
Catalyst 3560 Switch 2 cat2 orsw2
Catalyst 3560 Switch 3 cat3 orsw3
Catalyst 3560 Switch 4 cat4 orsw4
IDS-4235 ips
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
6/24
6
Fixed Frame-Relay Configuration Information
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
7/24
7
ActualFrame Relay Router Configurationostname Frame_FullMesh
rame-relay switching
nterface Serial1o ip addressncapsulation frame-relaylockrate 64000
rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 102 interface Serial2 201rame-relay route 103 interface Serial3 301rame-relay route 104 interface Serial4 401rame-relay route 105 interface Serial5 501rame-relay route 106 interface Serial6 601rame-relay route 107 interface Serial7 701rame-relay route 108 interface Serial8 801rame-relay route 109 interface Serial9 901rame-relay route 110 interface Serial0 1001o sh
nterface Serial2o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 201 interface Serial1 102rame-relay route 203 interface Serial3 302rame-relay route 204 interface Serial4 402rame-relay route 205 interface Serial5 502rame-relay route 206 interface Serial6 602rame-relay route 207 interface Serial7 702rame-relay route 208 interface Serial8 802
rame-relay route 209 interface Serial9 902rame-relay route 210 interface Serial0 1002o sh
nterface Serial3o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 301 interface Serial1 103rame-relay route 302 interface Serial2 203rame-relay route 304 interface Serial4 403rame-relay route 305 interface Serial5 503rame-relay route 306 interface Serial6 603rame-relay route 307 interface Serial7 703rame-relay route 308 interface Serial8 803rame-relay route 309 interface Serial9 903rame-relay route 310 interface Serial0 1003o sh
nterface Serial4o ip addressncapsulation frame-relaylockrate 64000
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
8/24
8
rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 401 interface Serial1 104rame-relay route 402 interface Serial2 204rame-relay route 403 interface Serial3 304rame-relay route 405 interface Serial5 504rame-relay route 406 interface Serial6 604rame-relay route 407 interface Serial7 704rame-relay route 408 interface Serial8 804rame-relay route 409 interface Serial9 904
rame-relay route 410 interface Serial0 1004o sh
nterface Serial5o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 501 interface Serial1 105rame-relay route 502 interface Serial2 205rame-relay route 503 interface Serial3 305rame-relay route 504 interface Serial4 405rame-relay route 506 interface Serial6 605
rame-relay route 507 interface Serial7 705rame-relay route 508 interface Serial8 805rame-relay route 509 interface Serial9 905rame-relay route 510 interface Serial0 1005o sh
nterface Serial6o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 601 interface Serial1 106
rame-relay route 602 interface Serial2 206rame-relay route 603 interface Serial3 306rame-relay route 604 interface Serial4 406rame-relay route 605 interface Serial5 506rame-relay route 607 interface Serial7 706rame-relay route 608 interface Serial8 806rame-relay route 609 interface Serial9 906rame-relay route 610 interface Serial0 1006o sh
nterface Serial7o ip addressncapsulation frame-relay
lockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 701 interface Serial1 107rame-relay route 702 interface Serial2 207rame-relay route 703 interface Serial3 307rame-relay route 704 interface Serial4 407rame-relay route 705 interface Serial5 507rame-relay route 706 interface Serial6 607rame-relay route 708 interface Serial8 807rame-relay route 709 interface Serial9 907rame-relay route 710 interface Serial0 177
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
9/24
9
o sh
nterface Serial8o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 801 interface Serial1 108rame-relay route 802 interface Serial2 208
rame-relay route 803 interface Serial3 308rame-relay route 804 interface Serial4 408rame-relay route 805 interface Serial5 508rame-relay route 806 interface Serial6 608rame-relay route 807 interface Serial7 708rame-relay route 809 interface Serial9 908rame-relay route 810 interface Serial0 188o sh
nterface Serial9o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansi
rame-relay intf-type dcerame-relay route 901 interface Serial1 109rame-relay route 902 interface Serial2 209rame-relay route 903 interface Serial3 309rame-relay route 904 interface Serial4 409rame-relay route 905 interface Serial5 509rame-relay route 906 interface Serial6 609rame-relay route 907 interface Serial7 709rame-relay route 908 interface Serial8 809rame-relay route 910 interface Serial0 199o sh
nterface Serial0
o ip addressncapsulation frame-relaylockrate 64000rame-relay lmi-type ansirame-relay intf-type dcerame-relay route 1001 interface Serial1 110rame-relay route 1002 interface Serial2 210rame-relay route 1003 interface Serial3 310rame-relay route 1004 interface Serial4 410rame-relay route 1005 interface Serial5 510rame-relay route 1006 interface Serial6 610rame-relay route 177 interface Serial7 710rame-relay route 188 interface Serial8 810
rame-relay route 199 interface Serial0 910o sh
ne con 0ransport input nonene aux 0ne vty 0 4
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
10/24
10
Remote Power Cycle Instructions for Racks 1-10
. Racks don't allow access to enable mode on the Cisco 2511 used for reverse telnet access to the othedevices in the racks. You will be at the "Rack-X>" prompt.
2. To access the power cycle unit from the terminal server, type "apc" then enter "apcX" for the usernameand "powerX" for the password. X is the rack# you are on. So for example for rack#1, your username
would be apc1 and your password would be power1 .
3. You will then have four menu options. The only menu options you have access to is number 1 and 4 "1Device Manager" and "4-logout"
4. Enter "1" and then you will be presented with a list of device you can manipulate. Always use capitaletters to confirm "YES"
5. Hit to get back to the top menu and hit "4" to logout. This will bring you back to the "Rack-X>"prompt.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
11/24
11
FAQ for Most Common Remote Rack Usage Problems
1. Are you accessing the correct rack? The easiest way to access our racks is by TELNETing to thefully qualified domain name (FQDN), rack1.ccbootcamp.com, rack2.ccbootcamp.com, etc.
2. Router FRS used as the frame switch is a Cisco 2522. It has a full mesh and is a fixedconfiguration. The configuration is in this file. You do not have console access to this device.
3. You are expected to erase the configurations on all devices on your rack when you are done withyour session.
4. If you must configure a password on any of the devices in the rack please use lower case "cisco".This will help the next user if you forget to erase your configurations.
5. Use the command "show controllers serial 0" to verify if a serial interface is DCE or DTE. The DCEside must have the clock rate command.
6. When you telnet to our racks you will access a Cisco 2611 configured for reverse telnet. You will nhave enable mode access to this router. Just type "show hosts" to see the hostnames for the
devices to access. To access the routers (R1, R2, R3, R4, R5, R6, R7, etc) via reverse telnet. Justtype the hostname (example R1) and you will be at the console port on R1.
7. Type ctrl-shift-6 then x to take you back to the Cisco 2611. If you go back to the Cisco 2611 afterthe ctrl-shift-6 x key stroke combination and press enter at the Rack-# you will be sent back to yourprevious session.
8. Type show sessions to see what sessions are already open. You can access them by number.
9. If one of your routers gets locked our racks have a remote power cycle unit so you can reboot thedevice. Also, if you login to a rack and none of the devices respond please check and make sure
they havent been powered off via the remote power cycle unit.
10. If you get an error similar to "[Connection to r4 closed by foreign host]" you will need to clear theline. In this example, clear line 4, for R4 will work. You may have to do it twice.
rack2>sw3Trying sw3 (1.1.1.1, 2051)...% Connection refused by remote host
rack2>clear line 51[confirm][OK]rack2>sw3Trying sw3 (1.1.1.1, 2051)... Open
switch#
11. Use CDP to verify your cable connections if necessary.
12. If you still need help after reading this document please send e-mail to the address below. If aproblem occurs between 9:00 a.m. and 5:00 p.m. Pacific time, you can call us at 702.968.5100. Foproblems outside these hours, please page us: http://www.ccbootcamp.com/rackhelp.html
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
12/24
12
13. If you want to check to see what our server time is, do show clockon your terminal server. This isthe same time that is set on our access control server.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
13/24
13
RACK Cabling Diagram
2811
R1
S0/0/0
S0/0/1
Fas0/0 Fas0/1
S0/1/0
S0/1/1
R2S0/0/1
DCE DCE
DCE DCE
R2S0/1/0
R3S0/1/1
FRS1
SW1Fas0/1
SW2Fas0/1
2811
R2Fas0/0 Fas0/1
R1
DCE
DCE DCE
R1
R4FRS2
SW1Fas0/2
SW2Fas0/2
2811
R4Fas0/0 Fas0/1
R3
DCE DCE
DCE DCE
R3
R2FRS4
SW1Fas0/4
SW2Fas0/4
2811
R5Fas0/0 Fas0/1
R6
DCE
DCE
FRS5
SW1Fas0/5
SW2Fas0/5
2811
R6Fas0/0 Fas0/1
R5
DCE
DCE
FRS6
SW1Fas0/6
SW2Fas0/6
2811
R7Fas0/0 Fas0/1
R8
DCE
DCE
FRFRS7
SW3Fas0/17
SW4Fas0/17
2811
R8Fas0/0 Fas0/1
R7
DCE
DCE
FRS8
SW3Fas0/18
SW4Fas0/18
2811
BB1Fas0/0 Fas0/1
BB2
DCE
DCE
FRS9
SW1Fas0/9
SW2Fas0/9
2811Fas0/0 Fas0/1
BB1
DCE
DCE
BB3
SW1Fas0/10
SW2Fas0/10
3640E0/0 E0/1
SW1Fas0/11
SW2Fas0/11
BB2 BB3
DCE
Fas0/20 Fas0/20
Fas0/19 Fas0/19
SW1 SW2
Frame Relay Cloud
DCE
S1
S2 S3 S4
S5
S6S7
S8S9
S0
R1S0/0/0
R2R3
R4
R5
R8
R6
R7
R7
BB1
Fas0/24
S0/1/0
S0/0/0 S0/0/0 S0/0/0
S0/0/0
S0/0/0
S0/0/0S0/0/0
S0/0/0Fas0/24
S0/0/0
S0/0/1 S0/1/0
S0/1/1
S0/0/1 S0/1/0
S0/1/1 S0/0/0
S0/0/1 S0/1/0
S0/1/1 S0/1/1
2811
R3Fas0/0 Fas0/1
R4
DCE
DCE DCE
R4
R1FRS3
SW1Fas0/3
SW2Fas0/3
DCES0/0/0
S0/0/1 S0/1/0
S0/1/1
S0/1/0
S0/1/1
S0/0/0
S0/0/1
S0/0/1
S0/0/0
S0/0/1
S0/0/1
S0/0/0
S0/0/1
S0/1/0 S0
S0/0/0
S0/0/1
S0/0/0
S0/0/0S0/0/1
S0/0/1
S0/0/0
S0/0/0
S0/0/1
S0/0/1 S0/0/1 S0/1/0
S0/0/1 S0/0/1
TFTP Server Address:
172.22.1.254 /24
BB2
DCES0/0S0/0/1
DCE
ACS/CA Server192.168.0.0 /16
PublicNet172.22.10X.0 /24
(DG: 172.22.10X.1)
LS1010ATM0/0/1
ATM1/0
SW3 SW4
Fas0/20 Fas0/20
Fas0/19 Fas0/19
Fas0/22
Fas0/22
Fas0/21
Fas0/21
Fas0/22
Fas0/22
Fas0/21
Fas0/21
Fas0/08
Fas0/08
Fas0/07
Fas0/07
Fas0/08Fa
s0/07
Fas0/08
Fas0/07
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
14/24
14
Security Specific RACK Cabling Diagram
FE2
SW2Fas0/12
FE0
SW1Fas0/12 FE1
SW1
Fas0/17
ASA5510#1
FE3
SW2Fas0/17
FE2
SW2Fas0/18
FE0
SW1Fas0/18 FE1
SW1
Fas0/23
ASA5510#2
FE3
SW2Fas0/2
ACS/CA Server
Public IP Address
64.89.238.134+X
NAT: 172.22.1.110+X
DG: 172.22.1.200SW1 0/24
192.168.2.10X
Fas0/20 Fas0/20
Fas0/19 Fas0/19
SW1 SW2
Fas0/24 Fas0/24
ACS/CA Server
192.168.0.0 /16
PublicNet
172.22.10X.0 /24
(DG: 172.22.10X.1)
SW3 SW4
Fas0/20 Fas0/20
Fas0/19 Fas0/19
Fas0/22
Fas0/22
Fas0/21
Fas0/21
Fas0/22
Fas0/22
Fas0/21
Fas0/21
Fas0/08
Fas0/08
Fas0/07
Fa
s0/07
Fas0/08
Fas0/07
Fas0/08
Fas0/07
IDS
G0/0
SW1Fas0/14
G0/1 SW2
Fas0/14
SW3SW3
SW3
SW3
Fas0/1
Fas0/2
Fas0/3 Fas0/4
Fas1/1
Fas1/3
Fas1/2
Fas1/0
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
15/24
15
RACK Hardware Configuration
Model Router Name Memory Dram/Flash Version
2611 Rack-1
2811 r1 256,256 12.4(15)T7
2811 r2 256,256 12.4(15)T7
2811 r3 256,64 12.4(15)T7
2811 r4 256,64 12.4(15)T7
2811 r5 256,64 12.4(15)T7
2811 r6 256,64 12.4(15)T7
2811 r7 256,64 12.4(15)T7
2811 r8 256,64 12.4(15)T7
2811 bb1 256,64 12.4(15)T7
2811 bb2 256,64 12.4(15)T7
3640 bb3 128,32 12.3(14)T6
Cat 3560 cat1 12.2-44.SE5
Cat 3560 cat2 12.2-44.SE5
Cat 3560 cat3 12.2-44.SE5
Cat 3560 cat4 12.2-44.SE5
asa-5510 asa1 8.x
asa-5510 asa2 8.xacs/ca (must use VNC or RDP) 4.x
IPS Sensor ips 6.x
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
16/24
16
CCIE Security Rack Specific Information
RDP and VNC
To connect to the ACS server, you will need to use either Microsoft RDP or VNC to connect to theappropriate server for your rack. However, before you can RDP or VNC to the server, you will need to
have your account validated with our PIX (cut-through proxy).
Example for Rack1:
Open up a browser window to:http://acsrack1.ccbootcamp.comEnter your rack login informationLogin (example): BEPassword (example): enable2355
After you have authenticated to the PIX, you can RDP or VNC to the server as indicated below:
The IP Addresses for the servers and login information is listed below.
RDP Example for Rack 1:RDP Server: acsrack1.ccbootcamp.comLogin: enablemodePassword: enableme
VNC Example for Rack 1:VNC Server: acsrack1.ccbootcamp.comVNC Password: enableme
Login: enablemodePassword: enableme
RDP is Microsoft Remote Desktop Connection Software (you can download from www.microsoft.com)VNC is Virtual Network Computing (you can download a free VNC client from http://www.realvnc.com/)
The ACS/CA server is connected to your rack via Switch 1 port 0/24. If you need to connect an interfacehat is on Switch 2 to your ACS server, you will have to create a trunk between the two switches and setuyour VLANs accordingly.
Switch 2, port 0/24 is connected to a shared backbone for TFTP access (to save yourconfigurations if you like). While doing your lab, it is highly recommended to SHUT THIS PORTDOWN! If not, you may get duplicate IP address errors and other errors from other racks on thebackbone.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
17/24
17
ACS / CA Access
CCIE Security Rack Connectivity Example
STEP 1 Authenticate to our PIX using yourrack login information
After your successful authentication to our PIX, you will see this message below:
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
18/24
18
STEP 2 Connect via RDP or VNC to our server
Use the password of enableme for your VNC connection
STEP 3 Use the username of enablemode and the password enableme to access the serve
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
19/24
19
Now you can access the Cisco Secure ACS, CA, and IPS web functions.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
20/24
20
Accessing the test PC
Each rack also has a test PC that can be reached from the ACS server via VNC. Just click the vnc icon inhe tool bar. The vnc connection should default to the PC pertaining to the rack.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
21/24
21
Once OK is selected you will be taken to the following desktop.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
22/24
22
From the PC desktop you are able to change the IP address of the interface facing the rack by launchinghe IPChangeApp program.
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
23/24
23
IPS Layout and Management
Each IPS appliance has an Ether0 interface connected to Catalyst #1 port Fas0/14 and an Ether1 interfacconnected to Catalyst #2 port Fas0/14.
You should create a VLAN (actually a trunk between the two switches) connecting the Ether1 (Cat#2Fas0/14) to the ACS/CA Server on Catalyst #1 (Fas 0/24).
You can connect to the IPS web interface via the RDP/VNC server for your rack or access the IPS EventViewer (IEV) which is located on the RDP/VNC server for your rack.
Check the IP addressing below to determine which IP addresses you should be using. Donforget to create the appropriate VLANs!
You may need to add some static routes to your server - but DO NOT CHANGE THEDEFAULT ROUTE ON THE SERVER!
Rack 1 IDS
Eth1:
192.168.10.103
Rack 2 IDS
Eth1:
192.168.20.103
Rack 3 IDS
Eth1:
192.168.30.103
Rack 4 IDS
Eth1:
192.168.40.103
Rack 5 IDS
Eth1:
192.168.50.103
Rack 6 IDS
Eth1:
192.168.60.103
Rack 7 IDS
Eth1:
192.168.70.103
Rack 8 ID
Eth1:
192.168.80
The default username for the IPS sensor is cisco and the password is ccie5796. Please do not change thusernames or passwords.
f you power-down the IPS sensor, you may have to power it back up then do an immediate re-boot.
Directions:1. Power Up IPS Sensor2. Immediate Re-Boot (5 second delay)
*** DONT FORGET ***
SET YOUR VLANs CORRECTLY ON YOUR CATALYST SWITCHES!!!
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/8/3/2019 Security Rack FAQ
24/24
ASA Management) If the ASA unit is working in multiple context mode or as a transparent firewall, you will not be able to assign any IP addressor any of the system contexts interfaces or Transparent Firewalls interfaces.
You can fix this by changing your mode to single mode (the default behavior) using the following command from a globalonfiguration prompt (ASA(config)#mode single) or change your firewall to work in the router by using following command fromlobal configuration prompt (ASA(config)#firewall router).
) If there are configuration files left over in the ASAs flash disk from the previous user that a write erase will not remove, youmay use the following command to delete them:Ciscoasa# delete flash*.cfg
) If you have difficulties with the interface configuration over ASA box and there are a lot of missing commands, there are somteps you can take to overcome this.
When you get your rack access please make sure that you clear the ASAs configuration and it is working on single mode andrewall router using the commands below:
iscoasa(config)# wr eraseErase configuration in flash memory? [confirm]OK]
iscoasa(config)# firewall routeriscoasa(config)# sh firewall
Firewall mode: Routeriscoasa# sh mode
Security context mode: multiple
iscoasa# conf tiscoasa(config)# mode singleiscoasa# sh mode
Security context mode: single
www.CareerCert.info
http://www.careercert.info/http://www.careercert.info/