When the contract is permit any, the direction between consumer and provider become irrelevant. On the color and label, it has been a while since I used it so I would go with whatever your findings are in your lab. I personally like to keep contract as simple as possible.

Thanks for the reply. I have two issues:

- in the L3OUT videos, i wasn't sure why EPG WEB was able to access (with ICMP) the internet, when it was configured as the provider of the contract and the external EPG was the consumer; then i thought it should work only for ICMP; i did a quick lab and noticed that if you use ANY in the subject, the provider can initiate traffic towards the consumer. I noticed that if you leave the EtherType as Unspecified you cannot select Statefull, so it will accept connections coming from the provider.

- in the advanced contract video, you mention that the color of the label is important and not the label name; i did a lab ( 5.2) and i noticed it was the other way around; i used black for all the EPGs and two label names; i'll try again today just to be sure.

Thanks,
Razvan

Does anyone have the missing configuration files referenced in the LabMinutes videos?

What are you trying to accomplish?

I can't see how using 10G interfaces on an ISE appliance would affect a use of certificate so you should be fine.