Cisco Updates SAFE Design Guides    |    Posted to Security

I'm a little behind on this (occured a couple months back)...but Cisco has updated their famous SAFE design guides. Excellent resource:

Cisco SAFE on Cisco.com

Download complete PDF from CiscoBlog

Posted by JC at 8:53 AM | Comments (2) | TrackBack (0)

RFC 2795: Infinite Monkey Protocol Suite (IMPS)    |    Posted to Off-Topic

So...if infinite monkeys were typing on infinite typewriters, would they really reproduce the complete works of Shakespeare? Either way, a protocol standard is created to handle such an event:

http://www.ietf.org/rfc/rfc2795.txt

Posted by JC at 1:49 PM | Comments (9) | TrackBack (0)

Base Config: ASA WebVPN    |    Posted to Configurations | Configurations

This is becoming a common configuration for me. Here's a base template I use:

ip local pool WebVPNPool 192.168.251.10-192.168.251.100 mask 255.255.255.0

webvpn
enable outside
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 2
svc enable
tunnel-group-list enable

group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
dns-server value X.X.X.X
vpn-tunnel-protocol svc
group-lock value WebVPNAccessProfile
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain value business.local
address-pools value WebVPNPool
webvpn
svc ask none default svc
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable

tunnel-group WebVPNAccessProfile type remote-access
tunnel-group WebVPNAccessProfile general-attributes
default-group-policy WebVPNPolicy
tunnel-group WebVPNAccessProfile webvpn-attributes
group-alias WebVPN enable

Posted by JC at 10:49 AM | Comments (5) | TrackBack (0)

Cisco ASA...In VMWare?!?    |    Posted to PIX

Now this is cool. Someone from the Phoenix Cisco Users Group gave me a link to a group who has virtualized the ASA platform. You can download a VMWare image (or self booting CD) that runs the full Cisco ASA software (fully functional).

Click here to check it out!

Posted by JC at 6:29 AM | Comments (2) | TrackBack (0)

CCIE R&S Becomes More "Real World"?    |    Posted to CCIE

Interesting statement...but one that's direct from Cisco. In October, CCIE R&S undergoes a "real world" revision to make the skills more applicable to day-to-day jobs. Interesting quote from Maurilio Gorito (he was my proctor "back in the day"):

Q: Will it be harder to pass when the new exams go live?

A - MG: Since the focus of CCIE R&S certification has shifted to job readiness, candidates with less job experience may find the exams more difficult . On the other hand, some candidates may find the written exam easier since it is less focused on equipment specs and more on the real-world job tasks of networking experts.

The full scoop can be found here.

Posted by JC at 8:06 AM | Comments (5) | TrackBack (0)

Base Config: ASA Site-to-Site VPN    |    Posted to Configurations

It doesn't matter how many times I've done this, I always forget one piece. Here's a template for the future:

Assume local subnet 192.168.15.0/24, remote subnet 192.168.16.0/24. Remote public IP 11.11.11.11.

crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 1
 lifetime 28800

access-list REMOTE_SITE ex permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 11.11.11.11
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside

nat (inside) 0 access-list REMOTE_SITE

tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
 pre-shared-key ***

Posted by JC at 5:05 AM | Comments (19) | TrackBack (0)

Bulk April Update    |    Posted to Off-Topic

You may have noticed that my posting has dropped off lately...things have gotten really busy of late, so - rather than individual postings, here's my "Bulk April Update" of the miscellaneous cool items I've found:


  • In studying for my CCIE Voice, I've found that the CCIE Voice is actually the most "desired" CCIE right now (based on a 2007 survey). Wow! That's good news
  • I was recently at a Phoenix Cisco User Group meeting and needed WIFI access. The receptionist asked me for my info (name, company, etc...), typed it into a webpage, and printed out a paper that showed my personalized, 24-hour key for the guest SSID at Cisco. How cool is that?!? Apparently Cisco 2100 Wireless Controllers let you do this...must research more.
  • I'm really interested in watching Solarwind's presentation on the "Black Art of Log Management" ... why can't there be 50 hours in a day?!?
  • Found an interesting article on managing the VLAN.dat file on Catalyst switches.
  • Juniper extended their Fast Track program to suck Cisco people to the Juniper side till December 2009. Maybe this year I'll be inspired to try it.
  • Yet another cool, free tool from Solarwinds: IP SLA Monitor - measure QoS over your WAN links. 
  • Stumbled on a "free tools galore" link: The Free Country - I so love free stuff. Played with the PING imaging utility - awesome "ghost-like" imaging for free!
  • My friend Mike Storm gave me this insane data center design PDF (banner sized) that I could explore for hours.
  • Found out that Cisco is finally reducing the price on the hardware and licensing for the UC500 series! Hurrah - finally this killer box might start beating the competition's pricing.
  • Finally, I found enough Simpson's sounds to entertain me for the rest of the year...mmmmmmm....Simpsons sounds.

Posted by JC at 8:22 AM | Comments (9) | TrackBack (0)

9 Cool Geek Tips    |    Posted to Random Cool Tools

If I love posts like this, does it make me a geek?

http://www.networkworld.com/community/node/38197

Ahhh...cool tools to waste hours with. Just what I need.

Posted by JC at 3:53 PM | Comments (4) | TrackBack (0)

Cisco Design Guides...In Style!    |    Posted to Direct from Cisco

I stumbled across this link when I was looking for CCIE Voice study information. Pretty nice way of delivering design guides while giving a visual look at some solid network builds! Those Cisco folks are such studs...

Cisco Validated Designs: The Integrated Network

Posted by JC at 3:58 PM | Comments (12) | TrackBack (0)

CCIE Voice...Let the Adventure Begin    |    Posted to CCIE

Well, my next CCIE R&S renewal date is coming up in May, so I've decided to start my trek through the CCIE Voice. For now, I'll be focusing on the CCIE Voice Written to meet the immediate need of not allowing my CCIE to expire. Maybe I'll look at the lab exam after that... Although, I didn't have any kids when I got my CCIE R&S...this may take a little longer...

So - here's what I'm finding for CCIE Voice study (not much):

CCIE Voice Exam Quick Reference Sheets (Cisco Press)

CCIE Voice Book List (Cisco)

CCIE Voice Written Exam Blueprint (Cisco)

CCIE Voice Ask-the-Expert Forum (Cisco)

"How to Pass the CCIE Voice Written" (Network World)

Cisco IPCC Express Edition SRND (Cisco)

Cisco CME SRND (Cisco)


This list will grow as I find more stuff, but this should be a good start. If you have any experience / things to add - please do! I'll add them to the list as they come in.

PS - Any braindump comments will be deleted, so please don't waste your time - thanks!

Posted by JC at 3:40 PM | Comments (10) | TrackBack (0)

Cisco Becoming a Server Vendor?    |    Posted to General

While skimming through my pile of Network World magazines, I came across this interesting article. Apparently, Cisco is going to begin manufacturing servers, starting with one codenamed "California Server." This will tromp all over the partner relationship they have with HP and IBM...but why not? I'd buy it just for the Cisco logo.

I'm anxious to see what advantages Cisco will integrate into the server. I'm sure many sweet proprietary solutions could be had with a Cisco server integrating into a Cisco switch/router platform.

When's the Cisco laptop come out?

Posted by JC at 12:04 PM | Comments (16) | TrackBack (0)

The New, Improved, Vibrating Cisco WAP!    |    Posted to Wireless

While skimming the latest TAC update, I stumbled across this one:

Field Notice: FN # 63177 - Cisco Aironet 1250 Access Point Buzzing, Vibrating, and Making Noise

What a hilarious way to start the week! If I can find one of these vibrating WAPs on Ebay...I'm buying it.

Posted by JC at 8:09 AM | Comments (10) | TrackBack (0)

New Cisco Visio Stencil    |    Posted to Direct from Cisco

Cisco has made the Powerpoint Icons into a Visio Stencil format. Hurrah! No more cut-and-paste from Powerpoint to Visio. Very nice all-in-one stencil.

Click here to download

Posted by JC at 8:12 AM | Comments (5) | TrackBack (0)