Change was in the air, and Bob knew it.   Bob had simply been ignoring the fact that the existing IPSec site to site tunnels that he inherited at his company were old school, and there were better options, especially when plans included bringing up dozens of new sites.   Since his company was going to be purchasing MPLS services, Bob was open to learning better ways of implementing secure tunnels.    In Bob’s studies, he read a article written by Petr Lapukhov on DMVPN and was very interested.    Bob’s glee was short lived when he learned that when the spokes of DMVPN had to build tunnels to other spokes, it was not quick enought for voice traffic.   Bob learned that the latency happens when setting up the IKE phase 1 and 2 tunnels between the spokes.    Then Bob chanced upon one of Anthony Sequeira’s blog posts regarding GET VPN, and learned that with GET (Group Encrypted Transport), there was no need to build the tunnels between spokes, and therefore less latency.   This would solve the latency issue for time sensitive traffic, and still have the benefits of encryption!  It sounded almost too good to be true....

[Read the rest of this entry -->]

Read Full Post »

After returning from vacation, Bob (the optimistic firewall technician) decided that he wanted to take some time and get a little bit more familiar with firewall configuration. He was able to get permission to use some spare equipment for practice....

[Read the rest of this entry -->]

Read Full Post »

No jokes here folks – just the Top Ten Qualities for a Successful Lab Attempt! Did I miss any? Let me know in the Comments below! I know many of you will take care of the jokes for me. ...

[Read the rest of this entry -->]

Read Full Post »

You have just been given a shiny, new router to configure.  As part of the configuration, you are asked to configure an outbound access list which will only permit traffic through to specific destinations.  Here are the requirements that you are given for your access-list:...

[Read the rest of this entry -->]

Read Full Post »

12-day CCIE R&S Bootcamp students often indicate that the most important day of the training is Day 3 of the 6-Day Mock Lab Workshop. This entire day is dedicated to a discussion about successful strategy for passing the CCIE Lab Exam. The strategy discussion begins with effective study techniques, and then guides students through everything from the night before the exam, to what is best to do during the lunch break!...

[Read the rest of this entry -->]

Read Full Post »

It was a dark, cold night in late December, and Bob, (the optimistic firewall technician), had a single ASA to deploy before going home for the holidays.  The requirements for the firewall were simple.   Bob read them slowly as follows:...

[Read the rest of this entry -->]

Read Full Post »

Join Keith Barker for “Module 1 ASA, Lesson A – ASA Initialization” in the upcoming CCIE Security Audio Bootcamp. This sample can be accessed in one of three ways:...

[Read the rest of this entry -->]

Read Full Post »

For Part 1 of this series, click here....

[Read the rest of this entry -->]

Read Full Post »

The following questions will be added to the Core Knowledge Simulation once the new version/engine is complete. Enjoy! Answers will be provided in the comments section....

[Read the rest of this entry -->]

Read Full Post »

Hi Everyone,...

[Read the rest of this entry -->]

Read Full Post »

Beginning in October 2009, students will be required to demonstrate mastery of the Cisco IOS Intrusion Prevention System (IPS) for the CCIE R/S track. This blog post introduces candidates to this relatively new security feature. Note this series of blog posts will focus on Tier 1 knowledge. This information allows mastery for the Core Knowledge section and builds a foundation for later mastery at the Command Line Interface....

[Read the rest of this entry -->]

Read Full Post »