Cisco Updates SAFE Design Guides | Posted to Security
I'm a little behind on this (occured a couple months back)...but Cisco has updated their famous SAFE design guides. Excellent resource:
Download complete PDF from CiscoBlog
Posted by JC at 8:53 AM | Comments (2) | TrackBack (0)
RFC 2795: Infinite Monkey Protocol Suite (IMPS) | Posted to Off-Topic
So...if infinite monkeys were typing on infinite typewriters, would they really reproduce the complete works of Shakespeare? Either way, a protocol standard is created to handle such an event:
http://www.ietf.org/rfc/rfc2795.txt
Posted by JC at 1:49 PM | Comments (9) | TrackBack (0)
Base Config: ASA WebVPN | Posted to Configurations | Configurations
This is becoming a common configuration for me. Here's a base template I use:
ip local pool WebVPNPool 192.168.251.10-192.168.251.100 mask 255.255.255.0
webvpn
enable outside
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
dns-server value X.X.X.X
vpn-tunnel-protocol svc
group-lock value WebVPNAccessProfile
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain value business.local
address-pools value WebVPNPool
webvpn
svc ask none default svc
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable
tunnel-group WebVPNAccessProfile type remote-access
tunnel-group WebVPNAccessProfile general-attributes
default-group-policy WebVPNPolicy
tunnel-group WebVPNAccessProfile webvpn-attributes
group-alias WebVPN enable
Posted by JC at 10:49 AM | Comments (5) | TrackBack (0)
Cisco ASA...In VMWare?!? | Posted to PIX
Now this is cool. Someone from the Phoenix Cisco Users Group gave me a link to a group who has virtualized the ASA platform. You can download a VMWare image (or self booting CD) that runs the full Cisco ASA software (fully functional).
Posted by JC at 6:29 AM | Comments (2) | TrackBack (0)
CCIE R&S Becomes More "Real World"? | Posted to CCIE
Interesting statement...but one that's direct from Cisco. In October, CCIE R&S undergoes a "real world" revision to make the skills more applicable to day-to-day jobs. Interesting quote from Maurilio Gorito (he was my proctor "back in the day"):
Q: Will it be harder to pass when the new exams go live?
A - MG: Since the focus of CCIE R&S certification has shifted to job readiness, candidates with less job experience may find the exams more difficult . On the other hand, some candidates may find the written exam easier since it is less focused on equipment specs and more on the real-world job tasks of networking experts.
The full scoop can be found here.
Posted by JC at 8:06 AM | Comments (5) | TrackBack (0)
Base Config: ASA Site-to-Site VPN | Posted to Configurations
It doesn't matter how many times I've done this, I always forget one piece. Here's a template for the future:
Assume local subnet 192.168.15.0/24, remote subnet 192.168.16.0/24. Remote public IP 11.11.11.11.
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
access-list REMOTE_SITE ex permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 11.11.11.11
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside
nat (inside) 0 access-list REMOTE_SITE
tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
pre-shared-key ***
Posted by JC at 5:05 AM | Comments (19) | TrackBack (0)
Bulk April Update | Posted to Off-Topic
You may have noticed that my posting has dropped off lately...things have gotten really busy of late, so - rather than individual postings, here's my "Bulk April Update" of the miscellaneous cool items I've found:
- In studying for my CCIE Voice, I've found that the CCIE Voice is actually the most "desired" CCIE right now (based on a 2007 survey). Wow! That's good news
- I was recently at a Phoenix Cisco User Group meeting and needed WIFI access. The receptionist asked me for my info (name, company, etc...), typed it into a webpage, and printed out a paper that showed my personalized, 24-hour key for the guest SSID at Cisco. How cool is that?!? Apparently Cisco 2100 Wireless Controllers let you do this...must research more.
- I'm really interested in watching Solarwind's presentation on the "Black Art of Log Management" ... why can't there be 50 hours in a day?!?
- Found an interesting article on managing the VLAN.dat file on Catalyst switches.
- Juniper extended their Fast Track program to suck Cisco people to the Juniper side till December 2009. Maybe this year I'll be inspired to try it.
- Yet another cool, free tool from Solarwinds: IP SLA Monitor - measure QoS over your WAN links.
- Stumbled on a "free tools galore" link: The Free Country - I so love free stuff. Played with the PING imaging utility - awesome "ghost-like" imaging for free!
- My friend Mike Storm gave me this insane data center design PDF (banner sized) that I could explore for hours.
- Found out that Cisco is finally reducing the price on the hardware and licensing for the UC500 series! Hurrah - finally this killer box might start beating the competition's pricing.
- Finally, I found enough Simpson's sounds to entertain me for the rest of the year...mmmmmmm....Simpsons sounds.
Posted by JC at 8:22 AM | Comments (9) | TrackBack (0)
9 Cool Geek Tips | Posted to Random Cool Tools
If I love posts like this, does it make me a geek?
http://www.networkworld.com/community/node/38197
Ahhh...cool tools to waste hours with. Just what I need.
Posted by JC at 3:53 PM | Comments (4) | TrackBack (0)
Cisco Design Guides...In Style! | Posted to Direct from Cisco
I stumbled across this link when I was looking for CCIE Voice study information. Pretty nice way of delivering design guides while giving a visual look at some solid network builds! Those Cisco folks are such studs...
Cisco Validated Designs: The Integrated Network
Posted by JC at 3:58 PM | Comments (12) | TrackBack (0)
CCIE Voice...Let the Adventure Begin | Posted to CCIE
Well, my next CCIE R&S renewal date is coming up in May, so I've decided to start my trek through the CCIE Voice. For now, I'll be focusing on the CCIE Voice Written to meet the immediate need of not allowing my CCIE to expire. Maybe I'll look at the lab exam after that... Although, I didn't have any kids when I got my CCIE R&S...this may take a little longer...
So - here's what I'm finding for CCIE Voice study (not much):
CCIE Voice Exam Quick Reference Sheets (Cisco Press)
CCIE Voice Book List (Cisco)
CCIE Voice Written Exam Blueprint (Cisco)
CCIE Voice Ask-the-Expert Forum (Cisco)
"How to Pass the CCIE Voice Written" (Network World)
Cisco IPCC Express Edition SRND (Cisco)
Cisco CME SRND (Cisco)
This list will grow as I find more stuff, but this should be a good start. If you have any experience / things to add - please do! I'll add them to the list as they come in.
PS - Any braindump comments will be deleted, so please don't waste your time - thanks!
Posted by JC at 3:40 PM | Comments (10) | TrackBack (0)
Cisco Becoming a Server Vendor? | Posted to General
While skimming through my pile of Network World magazines, I came across this interesting article. Apparently, Cisco is going to begin manufacturing servers, starting with one codenamed "California Server." This will tromp all over the partner relationship they have with HP and IBM...but why not? I'd buy it just for the Cisco logo.
I'm anxious to see what advantages Cisco will integrate into the server. I'm sure many sweet proprietary solutions could be had with a Cisco server integrating into a Cisco switch/router platform.
When's the Cisco laptop come out?
Posted by JC at 12:04 PM | Comments (16) | TrackBack (0)
The New, Improved, Vibrating Cisco WAP! | Posted to Wireless
While skimming the latest TAC update, I stumbled across this one:
Field Notice: FN # 63177 - Cisco Aironet 1250 Access Point Buzzing, Vibrating, and Making Noise
What a hilarious way to start the week! If I can find one of these vibrating WAPs on Ebay...I'm buying it.
Posted by JC at 8:09 AM | Comments (10) | TrackBack (0)
New Cisco Visio Stencil | Posted to Direct from Cisco
Cisco has made the Powerpoint Icons into a Visio Stencil format. Hurrah! No more cut-and-paste from Powerpoint to Visio. Very nice all-in-one stencil.
Posted by JC at 8:12 AM | Comments (5) | TrackBack (0)