Jump to content
Sadikhov IT Certification forums

Aaron Hackney

  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Aaron Hackney

  • Rank
  1. Aaron Hackney

    Has anyone sat the 642-637

    I sat this exam yesterday. It was not too bad. I used the Cisco Press quick reference guide and Network Security Technologies and Solutions (CCIE Professional Development Series) as my prep material. I didn't get a stellar score (868) but passed it with a nice margin. It's a little nerve-wracking to take an exam that there is so little feedback about! I found that the Cisco Press quick guide basically listed the technologies with a few details, and then I read up in-depth on those details in the CCIE book and did labs using GNS3 to practice those technologies. Best of luck to you all!
  2. Hey all. I am preparing for my CCNA Security exam SECURE 642-637. The Cisco Press book isn't out yet. I have bought the Quick Reference PDF from Cisco press. I'm a little nervous about running into a new test. I can find like 0 feedback about this test in terms of difficulty or if there are simulations or what on the exam. Has anyone sat this test yet? What are your thoughts for preparation? TIA! =A
  3. Aaron Hackney

    ASA - ASP Drop Behavior

    Nope, it's in routed mode. I think what is happening is this: The webhead sends the packet to the ASA, who sends it to the DB. The DB responds and the ASA delivers it to the webhead segment but the TCP timer expires on the webhead who sends a duplicate before it receives the ack from the ASA. Incidentally, there is a load balancer between the webhead and the ASA, so there is another layer of latency that could cause this issue if the DB responds slowly. Thanks for the thoughts...
  4. Aaron Hackney

    ASA - ASP Drop Behavior

    Thanks for the reply. I really can't say, as I don't have the ability to move the webheads to the inside segment and reproducing the problm is difficult as this only occurs when the DB is under a load. I read up on the ASP DROP reason a little more and I'm wondering if anyone can help clarify it: TCP DUP and has been ACKed: This counter is incremented and the packet is dropped when appliance receives a retransmitted data packet and the data has been acknowledged by the peer TCP endpoint. So the original packet is sent to the ASA, the ASA sends it to the inside segment and it looks like the packet is ack'ed by the DB. So is it a problem that the original sender did not receive the ack? Would that not then be a problem on the web end? I am sure I am mis-reading or missing something here... TIA! -A
  5. Aaron Hackney

    ASA - ASP Drop Behavior

    Hey all. Just wanted some input on a situation I am currently observing. Have a DB server cluster on an inside Interface and a bunch of web servers on a DMZ segment making calls to the DB server. We are experiencing connection timeouts from the web application to the DB server under a heavy load. I did a packet capture on the ASA: capture asp-drop type asp-drop tcp-acked I see a lot of ASP-Drops due to duplicate frames that have already been ack's going from the Web-servers to the database servers. My thinking is that the DB server is overwhelmed with requests and is not responding fast enough, so the web servers are sending a duplicate frame and the ASA recognizes that it is a duplicate frame and drops it. Am I interpreting this correctly? Any input?