Tag Archives: ccie security

Joining the Cisco Team

Today was a bittersweet day for me. It was my final day working with a great group of people at a prominent community bank. I have nothing but good things to say about the people, the organization, and the interesting projects I’ve been involved in. … Continue reading

Posted in Career, Technology | Tagged | 3 Comments

ASA HTTP Filtering by Domain with Host Headers

One of the questions that regularly comes up with firewalls is how to filter based on domain name. Access Control Lists, or ACLs, are designed to filter based on IP addresses and networks. One of the things that many would … Continue reading

Posted in CCIE Security, Certification, Security, Technology | Tagged , , , | 4 Comments

Combining GRE and IPSec with a Front Side VRF

The article last week focused on the process of taking a typical GRE configuration and reconfiguring it so the transport network was in a separate VRF. This type of VRF is called a FVRF or front-end vrf. While this provides … Continue reading

Posted in Network, Technology | Tagged , , , , | 8 Comments

Using a GRE Tunnel VRF to Separate the Physical Interface

Whether we like it our not, production networks often have particular use cases that require the implementation of tunnels. This may be an effort to extend a dynamic routing protocol across a service provider segment or an effort to overcome … Continue reading

Posted in Network, Technology | Tagged , , | 10 Comments

Using Notepad++ to Mirror Cisco ACLs

Having an occasional need to create mirrored access-list entries, I was seriously considering writing a PERL script to automate this process. Before I really got started on it, I stumbled on a pretty cool feature in Notepad++. This feature basically … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

Cisco ASA 8.4 VPN — Dealing with Internet Hairpin Traffic

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Earlier, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical ASA environment. In another … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 2 Comments

Hairpinning VPN and Internet With NAT In ASA 8.2

Over the past few months, I have received a few requests regarding hairpin scenarios and the ASA. Some time back, I provided a scenario that deals with hairpinning (also known as U-Turn) traffic between two VPN spokes in a typical … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , , , , | 5 Comments

ASA Guest Network With Limited Inside Access

Several months ago, I published an article called Using an ASA to Establish a Guest Network. While this article covered the simple concept of using a DMZ interface to create a simple Guest Network, it did not address one issue that … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | Tagged , , | 9 Comments

Old School Method of IOS Static NAT Exemption

Last week, I wrote an article that demonstrated the challenges of static NAT when combined with VPNs using RFC1918 address space. We created exemptions using route-maps within the static nat statements. Cisco didn’t introduce route-maps for static translations until 12.2(4)T. … Continue reading

Posted in Network, Security | Tagged , , , , , , , | 1 Comment

Exempting Static Translations in IOS NAT

Last week I wrote an article that defined the need for NAT exemption. This article used the example of a single device that terminated a VPN to a network that used the RFC1918 private address on the remote side. Additionally, … Continue reading

Posted in Network, Security | Tagged , , , , , , , | 3 Comments

Defining the Need for NAT Exemption

It recently occurred to me that we have often discussed various configurations of NAT exemption. However, we have never really discussed the typical need or use case for requiring this type of configuration. This article is meant as a general … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Security, Technology | Tagged , , , , , , | 4 Comments

Multiple Protocols over IPSec

Last week we examined a Cisco VPN construct called SVTI. This is basically using a “tunnel interface” in conjunction with an IPSec Protection profile. One of the limitations I mentioned was that, in comparison to GRE based tunnel interfaces, VTI … Continue reading

Posted in CCIE Security, Certification, Network, Security, Technology | Tagged , , , , | 4 Comments