Category Archives: CCIE Security

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | 6 Comments

Discard Routing for RFC1918 Addresses

While working with firewalls for the last few years, I’ve seen many logs polluted with scanning traffic. Obviously this is the type of thing that I want to see when someone is legitimately scanning, or attempting to scan, through the firewall. However, … Continue reading

Posted in CCIE Security, CCNA Security, Certification, General, Network, Technology | Tagged , | 2 Comments

ASA HTTP Filtering by Domain with Host Headers

One of the questions that regularly comes up with firewalls is how to filter based on domain name. Access Control Lists, or ACLs, are designed to filter based on IP addresses and networks. One of the things that many would … Continue reading

Posted in CCIE Security, Certification, Security, Technology | Tagged , , , | 4 Comments

Source and Destination NAT with IOS VPN

Last week’s article, IOS VPN and Overlapping IP addresses, looked at the art of dealing with address overlap by leveraging our knowledge of source NAT. That article demonstrated a solution when the parties responsible for both VPN devices have the … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Technology | Tagged , , | 8 Comments

IOS VPN and Overlapping Addresses

In an ideal world, we’d not have to deal with IP address overlap. However, there are many factors that may require us to do so. These factors include things like acquisitions, mergers or partner relationships. When the need to address … Continue reading

Posted in CCIE Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

Cisco VIRL – The Virtual Internet Routing Lab

Cisco has been talking for some time about a product that I’m really excited about. This product is known as “VIRL”, pronounced like “viral”. VIRL is short for Virtual Internet Routing Lab. The promise is this will use IOU, short … Continue reading

Posted in Blogroll, Career, CCIE Security, CCNA, CCNA Security, Certification, Cisco Live, Events, General, Network, Technology | Tagged , , | 1 Comment

Cisco Live 2013, A Success For Me

As many of you know, I spent this week in Orlando, Florida with many others from the technical community. According to some of the totals I heard, I actually spent the week with about 20,000 of my friends in networking. … Continue reading

Posted in Career, CCIE Security, Certification, Cisco Live, Events, Technology | Tagged | 1 Comment

Using Notepad++ to Mirror Cisco ACLs

Having an occasional need to create mirrored access-list entries, I was seriously considering writing a PERL script to automate this process. Before I really got started on it, I stumbled on a pretty cool feature in Notepad++. This feature basically … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

Logging Cisco Router Administration

Sometimes we notice configuration changes in our network gear. Often we may ask ourselves who made the change and when it occurred. Maybe the reason for answering these questions is to understand why the change was necessary. Alternatively, there may … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , | Comments Off on Logging Cisco Router Administration

Cisco ASA 8.4 VPN — Dealing with Internet Hairpin Traffic

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Earlier, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical ASA environment. In another … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 2 Comments

Hairpinning VPN and Internet With NAT In ASA 8.2

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Some time back, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 5 Comments

Understanding the PVLAN Promiscuous Trunk Feature for Routing on a Stick

Private VLANs are a layer two construct that can be used to isolate traffic in a single broadcast domain. Routing is necessary and unchanged when packets need to be delivered into a different VLAN.  When routing is performed in a … Continue reading

Posted in CCIE Security, Certification, General, Security, Technology | Tagged , | 4 Comments