Author Archives: Paul Stewart, CCIE 26009 (Security)

About Paul Stewart, CCIE 26009 (Security)

Network and Security Consultant, Trainer and Blogger who enjoys understanding how things really work. Troubleshooting and problem resolution is fun, especially if it involves packet. What's on your wire[s]?

GNS3 with Tabbed Terminal in Mac OSX Lion

Posted on May 15, 2012 by Paul Stewart, CCIE 26009 (Security)

I have used GNS3 off and on for a long time. Over time, I struggled with the stability of the product. Prior to switching to the Mac, a fellow Ascolta Instructor–Patrick Geschwindner, clued me in on something. He had experimented … Continue reading

Posted in Uncategorized | 4 Comments

Multiple Protocols over IPSec

Posted on May 8, 2012 by Paul Stewart, CCIE 26009 (Security)

Last week we examined a Cisco VPN construct called SVTI. This is basically using a “tunnel interface” in conjunction with an IPSec Protection profile. One of the limitations I mentioned was that, in comparison to GRE based tunnel interfaces, VTI … Continue reading

Posted in Uncategorized | Leave a comment

Avantages of Using SVTI Based VPNs

Posted on May 1, 2012 by Paul Stewart, CCIE 26009 (Security)

Starting in version 12.3T (which is some time ago), Cisco started offering an alternative for configuring IOS based VPN’s. This method is called SVTI, or static virtual tunnel interfaces. SVTI is one category of VTI that is basically a configuration … Continue reading

Posted in network, security | Tagged | 4 Comments

Congrats to Kevin Wallace — CCIE x2

Posted on April 26, 2012 by Paul Stewart, CCIE 26009 (Security)

Just a few weeks ago, fellow Kentuckian Kevin Wallace passed his Voice CCIE Lab. That means that our rural state now has at least two individuals who have multiple CCIE’s. The other CCIE in Kentucky is Scott Morris, who has … Continue reading

Posted in career | 3 Comments

Protecting Insecure Protocols

Posted on April 24, 2012 by Paul Stewart, CCIE 26009 (Security)

Last week I wrote an article that demonstrated the grievous security oversight in the Telnet protocol. Telnet, being a clear text protocol, exposes the entire contents of any session to anyone who can gain access to the traffic. Telnet is … Continue reading

Posted in career | Leave a comment

What’s Wrong With Telnet?

Posted on April 17, 2012 by Paul Stewart, CCIE 26009 (Security)

We have all heard that telnet is bad. We have heard that it is an insecure protocol that sends information in clear text. Conceptually, that sounds simple. However, let’s take a look at what this really means. To demonstrate what … Continue reading

Posted in Uncategorized | Leave a comment

Certifications for the SMB Network Technician

Posted on April 10, 2012 by Paul Stewart, CCIE 26009 (Security)

Small to Medium Businesses (SMB) have unique challenges from the perspective of technical expertise. The challenges are more related to the limited number of employees that work for or service businesses that meet this criteria. I often find organizations with … Continue reading

Posted in career | Leave a comment

» Cisco Live Attendee Expectations — FryGuy’s Blog

Posted on April 6, 2012 by Paul Stewart, CCIE 26009 (Security)

I’ve had a request or two regarding what to expect at Cisco Live. If you are planning to attend Cisco Live 2012 and this is your first time to Cisco Live (formerly known as networkers, the article below is for … Continue reading

Posted in Uncategorized | Leave a comment

Span Port on the ASA 5505

Posted on April 3, 2012 by Paul Stewart, CCIE 26009 (Security)

There are a few ASA features that are specific to the 5505. This small business version of the Cisco firewall works a little different than the higher performance models. The ASA 5505 is basically an 8 port switch with the … Continue reading

Posted in security | Tagged | 1 Comment

IP Helper Address on the ASA

Posted on March 27, 2012 by Paul Stewart, CCIE 26009 (Security)

In a branch office environment, it is often desirable to backhaul DHCP requests to a centralized DHCP server. DHCP request are initially sent to a broadcast address and therefore do not typically get forwarded through a router or other layer … Continue reading

Posted in Uncategorized | 10 Comments

IP Fragmentation and MTU

Posted on March 20, 2012 by Paul Stewart, CCIE 26009 (Security)

Earlier this week, someone asked me a simple question about the “Fragment Offset” in an IP Packet Header. I have to admit that my understanding this field was slightly incorrect. Before I come clean with my misinterpretation, I wanted to … Continue reading

Posted in network | Tagged | Leave a comment

Classifying IPSec Traffic for Hierarchical Priority Queuing with the ASA

Posted on March 13, 2012 by Paul Stewart, CCIE 26009 (Security)

This past weekend I wrote an article that demonstrated the use of hierarchical priority queuing with the ASA. The last example in that article showed that this qos method properly with the IPSec encapsulated traffic as well. Today’s article started … Continue reading

Posted in security | Tagged , , | Leave a comment