Globalconfig.net

Most of my posts are about labs, CCIE news, CCIE training vendors, and tips/recommendations for the classes I teach as a Cisco Certified Instructor.  My company does not advertise.  So I’m wondering how much you know about the company that I work for.  Have any of you, my students excluded, ever heard of Ascolta? 

If you answered “No” let me ask this, do you know of GlobalKnowledge?  If you have taken any Cisco Certified Training you probably have answered yes.  Global Knowledge is probably our larges competitor.  We sell Cisco Certified Training for the CCNA, CCNP, CCSP, CCVP, and CCIP.  There are probably more but I cant think of them off hand.  Ascolta also does custom course development, private on-site training, and actual development if some of the Cisco Certified Courseware.  In fact, we wrote the telepresence training.  Last year Ascolta was named Cisco Learning Partner of the Year in the US/Canada theater.

But why am I bringing this up?  Because I am trying to get the company with the times!  Ascolta is now on twitter, http://www.twitter.com/ascolta, and they also have a facebook page.  If you are doing any sort for Professional Level or Associate Level training you might want to follow them for some of the deals they are offering, industry news, and free online tech-sessions that will begin next year. 

Ascolta does not compete in the CCIE arena, although we do have CCIE instructors.  When students ask my personal recommendations on CCIE training I point them to IPexpert and InternetworkExpert as they are the two vendors I am currently using.  There are pros-and-cons to each but thats besides the point.  They are the best in their area.

If you would like to know more about Ascolta please reach out to me using my contact form on this blog, or via email.  You can also check out the Ascolta web site at http://www.ascolta.com or search for Ascolta on Facebook. 

There are many changes coming around the beginning of the year and I am sure that it is going to be an exciting time!

IPexpert claimed an announcement to be made today.  Many of us are waiting!  Lets have it!

Read the Announcement.

Spinning my wheels for two lab sessions with this now.  The first time I labbed this it worked.  next two times it bombs.  Dont know what Im doing wrong.  Here is the config:

asa1(config-username)# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname asa1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 136.1.123.12 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 136.1.121.12 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list split_tunnel standard permit 136.1.121.0 255.255.255.0
access-list OUTSIDE_IN extended permit udp any any eq isakmp
access-list OUTSIDE_IN extended permit udp any any eq 4500
access-list OUTSIDE_IN extended permit esp any any
pager lines 24
logging enable
logging console debugging
mtu outside 1500
mtu inside 1500
ip local pool mypool 20.0.0.1-20.0.0.254
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
access-group OUTSIDE_IN in interface outside
!
router rip
network 136.1.0.0
redistribute static metric 1
version 2
no auto-summary
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server aaa protocol radius
aaa-server aaa (outside) host 10.0.0.100
key CISCO
radius-common-pw CISCO
group-policy ezvpn external server-group aaa password CISCO
username bcarroll password 8QAYyQeRI6l.X61w encrypted
username bcarroll attributes
vpn-group-policy ezvpn
username cisoc password Bn4.yL6RmqN0ezJL encrypted
username cisco password aKPiPFm6dYuj.C5/ encrypted
username cisco attributes
vpn-group-policy ezvpn
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set 3des_md5 esp-3des esp-md5-hmac
crypto dynamic-map dynamic 10 set transform-set 3des_md5
crypto dynamic-map dynamic 10 set reverse-route
crypto map vpn 10 ipsec-isakmp dynamic dynamic
crypto map vpn interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group ezvpn type ipsec-ra
tunnel-group ezvpn general-attributes
address-pool mypool
default-group-policy ezvpn
tunnel-group ezvpn ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9b2252bb685ae17c9b748c4034fbede9
: end
%ASA-7-111009: User 'enable_15' executed cmd: show running-config
asa1(config-username)#

Here is the error:

%ASA-7-715047: Group = ezvpn, Username = bcarroll, IP = 136.1.100.200, processing notify payload
%Dec 02 06:26:33 [IKEAv1]: Group = ezvpn, Username = bcarroll, IP = 136.1.100.200S, Removing peer from peer table failed, no match!

Here is the ACS Server- the group authenticates fine according to the passed authention logs:

Any one see what I am doing wrong?  Thanks in advance to anyone that throws their thoughts in.