Related Posts:

• CCIE Security Bootcamp Topology
• Recap of Changes and One Last Deal of the Year!!!
• New Video: Comparing Crypto Maps and VTI’s Part 1
• Bypassing NAT on Cisco ASA 8.2
• Interview with Scott Morris

Please visit the course page for more details.

Related Posts:

• Last Day to Enroll in 6-Week CCIE Security Evening Class.
• CCIE Security Adds Core Knowledge Questions
• New Video: Comparing Crypto Maps and VTI’s Part 1
• Bypassing NAT on Cisco ASA 8.2
• Recap of Changes and One Last Deal of the Year!!!

Related Posts:

• IKEv1 Aggressive Mode vs. IKEv1 Main Mode
• New Video: Comparing Crypto Maps and VTI’s Part 1
• Configuring Site-to-Site IPsec for IPv6 using Static VTI
• Configuring SSL VPN with Full Tunnel Access on Cisco ASA 8.2 Part 1
• Studies in VPN: Part 3

This one covers Crypto Map configurations for a site-to-site VPN between two routers.  In the second video I’ll cover the VTI configuration for comparison.

Useful Links:
Become a Member
How to Configure IPSec VPN’s (Cisco.com)

Related Posts:

• Last Day to Enroll in 6-Week CCIE Security Evening Class.
• CCIE Security Bootcamp Topology
• IKEv1 Aggressive Mode vs. IKEv1 Main Mode
• New Video: Comparing Crypto Maps and VTI’s Part 2
• Bypassing NAT on Cisco ASA 8.2

While the GlobalConfig.net Members area is growing in both members and content I felt like giving people an opportunity to get in on a special deal today. The standard Web Session Membership is $75.00 USD per month and this includes access to the following:

To purchase lifetime access to the “Video Only” members area for just $99.99 UDS click the “Buy Now” button.

*** This Offer Ended on Friday April 1st at 5pm PST. ***

Related Posts:

• No Related Posts

Lets begin with the switch configuration:

Rack1SW1# sh run int f0/1
Building configuration...


Current configuration : 109 bytes
!
interface FastEthernet0/1
 switchport access vlan 146
 switchport mode access
 channel-group 1 mode active
 spanning-tree portfast
end

Rack1SW1# sh run int f0/2
Building configuration...

Related Posts:

• IKEv1 Aggressive Mode vs. IKEv1 Main Mode
• Bypassing NAT on Cisco ASA 8.2
• Quick Tip: Preview Commands Before Sending!
• Join me for a (Twitter)chat.
• 5 ways to make sure Etherchannels work.

However, for most of us, this is not feasible. Because of the use of RFC 1918 addresses we are required to use NAT or PAT when we make connections to the Internet. Still situations may arise where you have NAT configured but for some reason you need to bypass it. Here are a few examples of how to do this along with the terminology that these methods are referred to in ASA 8.2.

Identity NAT

When you use Identity NAT the connections can only be originated by the address that’s covered in the statement. Of course, return traffic will be allowed, but you can’t originate an outside connection into the address in the NAT statement.

Here is how you configure it:

ASA1(config)# nat (inside) 0 10.1.1.0 255.255.255.0

In this code example you can initiate an outbound connection from addresses on the 10.1.1.0/24 subnet and it will not translate the source.

Static Identity NAT

A Static Identity NAT Translation is always active. This means that a connection can be initiated into this address, provided there is an ACL inbound on the lower security-level interface that permits the connection. You can also originate connections from the address defined in the statement for outbound connections and the ASA will not Translate the source.

Related Posts:

• Last Day to Enroll in 6-Week CCIE Security Evening Class.
• CCIE Security Bootcamp Topology
• IKEv1 Aggressive Mode vs. IKEv1 Main Mode
• New Video: Comparing Crypto Maps and VTI’s Part 1
• Configuring Etherchannel on Cisco ASA 8.4

So the scenario goes a little something like this. Originally we had two servers with IP addresses 172.18.0.99 and 172.18.0.100 that are hard coded into a few thousand clients. The servers were consolidated into one server and the IP address is now in a different address space. Rather than changing the static assignment on so many clients, can we just configure the ASA so that when they go to the old hard coded addresses they will be destination NAT’d to the new server IP address? The answer is yes and here is how you do it.

First, We can take a look at the old Topology. Here we note the addresses that are hard coded to the clients on the left.

Related Posts:

• Bypassing NAT on Cisco ASA 8.2
• Configuring SSL VPN with Full Tunnel Access on Cisco ASA 8.2 Part 1

The Podcast

The podcast is a resource to help people understand methods in preparation and with some recent interviews it will provide valuable tips for finding employment and handling interviews.

The Community Lab

I announced a community lab, much in the style of Jeremy Stretch at Packetlife.net. This lab should be ready for access sometime on February and will be free of charge. The lab bandwidth and much of the equipment is provided by Ascolta.

The Members Area

We’ve had great response to the 4-hour CCIE Security ASA Web Session that will be running tomorrow, December 30th, however, you may be wondering what you get with the web session. Basically you get me for four hours teaching everything I can, minus VPN, about the ASA. Will that be enough time to cover everything there is to cover for the ASA? Not likely. That’s where the members area comes in.

I decided that while I can’t run live web sessions every day I can record shorter sessions and make them available online. These videos will rage from VPN configurations on the ASA to NAT to Failover and more. But they don’t stop there. The videos will also cover other aspects of the CCIE Security Lab Exam blueprint topics such as Zone Based Firewalls, Flexible Packet Matching, IOS CA Servers, AAA, 802.1x, and so on.

So, the web session itself is priced at 40 bucks. The membership to the site is 75 bucks monthly. What do you get for 75 bucks? You get enrolled in every live session I do beginning with the first session following your registration, plus access to every video I post and all topics of the blueprint.

The Bootcamps

Finally, I’ve just launched a Bootcamps section where you can purchase a 12 day bootcamp here in Irvine, Ca, which will run in March of 2011. This bootcamp will be lab focused and designed to prepare you in each aspect of the lab exam blueprint. It will help you identify any weak areas you may have and you’ll get specific attention on those areas. You’ll get a number of labs to work on during the 12 days as well as your own rack of equipment to work on. The 12 day bootcamp is currently priced at 4500.00 but will go up after the 1st of the year. If you get in early you score the lower price.

The Last Deal of the Year!

I promised one last deal of the year. Actually I’m going to give you two deals to take advantage of.

Deal #1: Sign up for the CCIE ASA web session and get a 2 month membership for free

If you enroll in the CCIE ASA web session using the “Buy Now” button just above this line, you’ll get a two month membership to all sessions and videos. The cost of the CCIE ASA Web Session is $40.00.

Deal #2: Sign up for the bootcamp and get a lifetime membership along with it.

CCIE Security Bootcamp with Free Lifetime Membership Cost: $4500.00

Enroll in the bootcamp using the button above, before January 1st, 2011, and I’ll throw in a lifetime membership to the web sessions and videos. Of course, if you’d like to use one of the flexible payment options you are welcome to, however this deal applies only to bootcamps paid in full prior to January 1st, 2011.

So what’s in the Pipeline

We’re not stopping there. I’m currently writing technology specific labs for CCIE Security candidates and plan to release them early next year. Additionally members will receive an exclusive discount program on Cisco Training in other areas.

Also, there are more technical blog posts to come as well!

Related Posts:

• Last Day to Enroll in 6-Week CCIE Security Evening Class.
• CCIE Security Bootcamp Topology
• Free CCIE Security Web Sessions!
• New and Exciting Announcement!
• Posted Topology and Outline for ASA Web Session!

Related Posts:

• Recap of Changes and One Last Deal of the Year!!!
• Posted Topology and Outline for ASA Web Session!