Category Archives: CCNA Security

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | 6 Comments

Discard Routing for RFC1918 Addresses

While working with firewalls for the last few years, I’ve seen many logs polluted with scanning traffic. Obviously this is the type of thing that I want to see when someone is legitimately scanning, or attempting to scan, through the firewall. However, … Continue reading

Posted in CCIE Security, CCNA Security, Certification, General, Network, Technology | Tagged , | 2 Comments

My #FAIL at #CLUS and Cisco Testing RANT

I’m about to publicly humiliate myself by sharing today’s private humiliation. To make a long story short, I took 640-554 (CCNA Security) and got the “We Regret to Inform you, blah, blah, blah…” Actually after I’d seen the first 10 questions … Continue reading

Posted in CCNA Security, Certification, Cisco Live, Events, Security, Technology | Tagged , , , , | 4 Comments

Don’t Forget about the ASA’s “show conn” Command

I often find myself troubleshooting connections through an ASA. As a firewall, the ASA is often blamed for network connectivity issues. Therefore, we often just want to determine if the issue is upstream or downstream from the firewall. One of … Continue reading

Posted in CCNA Security, Certification, Security, Technology | Tagged , , , | 5 Comments

Source and Destination NAT with IOS VPN

Last week’s article, IOS VPN and Overlapping IP addresses, looked at the art of dealing with address overlap by leveraging our knowledge of source NAT. That article demonstrated a solution when the parties responsible for both VPN devices have the … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Technology | Tagged , , | 8 Comments

Cisco ASA — Minimizing Challenges with VPN and Management Traffic

The ASA appliance is a very popular choice for the branch office environment. It provides flexible security and is a good termination point for a VPN connection back to a headquarter location. One challenge that technicians often run into is … Continue reading

Posted in CCNA Security, Certification, Network, Security, Technology | Tagged , , , , | 1 Comment

Cisco VIRL – The Virtual Internet Routing Lab

Cisco has been talking for some time about a product that I’m really excited about. This product is known as “VIRL”, pronounced like “viral”. VIRL is short for Virtual Internet Routing Lab. The promise is this will use IOU, short … Continue reading

Posted in Blogroll, Career, CCIE Security, CCNA, CCNA Security, Certification, Cisco Live, Events, General, Network, Technology | Tagged , , | 1 Comment

Using Notepad++ to Mirror Cisco ACLs

Having an occasional need to create mirrored access-list entries, I was seriously considering writing a PERL script to automate this process. Before I really got started on it, I stumbled on a pretty cool feature in Notepad++. This feature basically … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

Logging Cisco Router Administration

Sometimes we notice configuration changes in our network gear. Often we may ask ourselves who made the change and when it occurred. Maybe the reason for answering these questions is to understand why the change was necessary. Alternatively, there may … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , | Comments Off on Logging Cisco Router Administration

Cisco ASA 8.4 VPN — Dealing with Internet Hairpin Traffic

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Earlier, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical ASA environment. In another … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 2 Comments

Hairpinning VPN and Internet With NAT In ASA 8.2

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Some time back, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 5 Comments

Acronyms of the CCNA Security Part 5 — VPN Terms

This article is part 5 and the final installment of a series that describe the the acronyms that are likely found in a student’s CCNA Security studies. This article addresses the acronyms that are relevant to Virtual Private Networks.  3DES … Continue reading

Posted in CCNA Security, Certification, Security, Technology | Tagged , | Comments Off on Acronyms of the CCNA Security Part 5 — VPN Terms