February 6, 2012

Posts Comments

You are here: Home / 2008 / Archives for October 2008

Studies in VPN: Part 2

October 22, 2008 By Leave a Comment

IOS to IOS with PSK thru an ASA without NAT

The topology:

Picture 8
Uploaded with plasq‘s Skitch!

Allow ESP and ISAKMP thru the ASA: 

ciscoasa(config-router)# conf t
ciscoasa(config)# access-l outside_in permit esp any any
ciscoasa(config)# access-l outside_in permit udp any any eq isakmp
ciscoasa(config)# access-g outside_in in int outside
ciscoasa(config)#
Over on R2 I create a loopback to encrypt traffic to R1: 
r2(config)#int lo0
r2(config-if)#ip add 150.1.2.2 255.255.255.0
r2(config-if)#
Next create and isakmp policy: [Read more...]

Filed Under: CCIE Security, IE Labs, Studies In VPN

Studies in VPN: Part 1

October 22, 2008 By Leave a Comment

DISCLAIMER***

The first note I want to make as regards to the VPN topics that I will be blogging is that these are actually my personal notes from Internetwork Experts Volume 1 and 2 Lab Guide and the IPexpert Security Lab Workbook. There are a few topologies that I will be exploring, and I dont plan on taking you through each step of the Lab guide, rather I will be making notes on the tangents I take. If you want to do their labs dont rely on these posts, go buy their workbooks. Its worth every penny.

Site-to-Site between routers with a PIX in the middle

The First VPN configuration is based on one of the IPexpert Security Workbook Labs. It requires that I configure a VPN between two routers, with the VPN traffic passing through a PIX.

The first step was to load the default configs. There were no default for the switches so I had to create them on the fly. You can find the initial configurations here:

Switch1 Switch2 R1 R2 R4 R5 PIX

The next step was to statically map R5 and make sure that IPSec traffic could pass thru the PIX: [Read more...]

Filed Under: CCIE Security, IPExpert Labs, Studies In VPN

Vacation is over.

October 19, 2008 By 2 Comments

Some of you know that I just went to San Jose for my second Security Lab attempt.  While I did better than the first attempt I will be taking it one more time.  Yes, one more time.  I know some areas that I really want to nail down.  I think that VPN is taking me too long.  It’s not that I can’t do it, its just that I should do it faster.

So here is the Game Plan:

On the right side of this blog I have placed a countdown timer to my third lab date.  This is the one I am going to pass. (It’s ok, I can delete this post if I fail again)

Between now and then I am resolved to go back through the Internetwork Expert Volume 1 Lab guide and do every VPN lab in it until I can see the configs in my sleep.  Then, I want to firm up the MPF on the PIX and ASA.  Mostly just the ones that use regex in them.  I want to be able to burn through those configs.  Finally, Network Attacks I think I should work on.  What I may end up doing between now and then is ALL of Volume 1 and Volume 2 again.

I am also scheduled for the ipexpert bootcamp.  If work doesn’t hassle me that should put me over the top.

There is however one little catch.  I have a CCNA Wireless Quick Reference Sheet due into Cisco Press by November 1st.  I better go wrap that up.

Filed Under: CCIE Security, IE Labs Tagged With: , ,
« Older Posts
Newer Posts »