Over the past couple of weeks, I have been reading through Integrated Security Technologies and Solutions, Volumes I and II. At my current pace, I expect to finish Volume II within the next few days at around 50 hours of time invested since I picked things back up at the beginning of October – at…… Continue reading Closing the Gaps: My CCIE Study Roadmap
Author: malb9001
eBGP Multihop vs. eBGP TTL-Security
The following is a really great article by Jon Langemak examining the differences in router behavior when using eBGP multihop vs. eBGP ttl-security. http://www.dasblinkenlichten.com/ebgp-multihop-vs-ttl-security/ Check it out, it is well worth the read. By default, eBGP packets are sent with a TTL = 1, because we assume a directly-connected peer. If the peer is a…… Continue reading eBGP Multihop vs. eBGP TTL-Security
Cisco IOS Route-Based VPN with IKEv1 PSK GREoIPsec and EIGRP
This article will look at a basic configuration for a route-based VPN between two Cisco IOS routers, using IKEv1 and IPsec for tunnel protection, and EIGRP for dynamic route advertisements based on the above topology. Workflow: Verify basic routing and reachabilityCreate and configure: LAN networksTunnel interfaceEIGRP processVerify basic GRE tunnel status and reachabilityCreate and configure:…… Continue reading Cisco IOS Route-Based VPN with IKEv1 PSK GREoIPsec and EIGRP
Home Lab Components
As I start things out by going through the CBT Nuggets SCOR course to refresh my mind on a lot of the topics I went through for the SCOR exam, I know the next thing around the corner is going to be really digging into the CCIE Security V6 blueprint, and doing lots of research…… Continue reading Home Lab Components
My Study Schedule
I am not somebody who has classically good study habits. I get distracted easily or go too deep on tangents easily, I historically suck at taking notes, and sometimes when I don’t have a clear direction and a plan I struggle to get started at all – I frequently say my whiteboard is the most…… Continue reading My Study Schedule
Reading List
Here is a list of the books I own which will be used as reference material during my CCIE studies. Some I will probably read cover to cover, others may get a cursory glance. This list is certainly not the only list like this out there, nor is it perfectly comprehensive, but it covers the…… Continue reading Reading List
Basic AnyConnect on Azure-hosted Meraki vMX
In this article, we’ll take a look at deploying a Meraki Virtual MX (vMX) in Microsoft Azure, and enabling a basic AnyConnect configuration on it for remote access VPN. This configuration includes a couple of specific steps required on the Azure side in order to properly allow inbound Anyconnect traffic to the vMX. Additional configurations…… Continue reading Basic AnyConnect on Azure-hosted Meraki vMX
Duo MFA for the ISE Admin GUI
So, you’ve adopted ISE: 802.1x everywhere, maybe some CTS/SDA, posture for remote VPN endpoints, even dabbling with Threat-Centric NAC and some pxGrid integrations – life is good! The network feels secure, you’ve got lots of visibility and control. SASE and ZTA feel like attainable goals. Then, it hits you: you’ve put MFA in front of…… Continue reading Duo MFA for the ISE Admin GUI
Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth
One of the foundational steps when configuring your Network Access Devices (NADs) in ISE is adding the NADs to relevant Network Device Groups (NDGs); NDGs allow you to create a descriptive and hierarchical attribute tree which you can apply to your NADs in order to streamline context visibility, reporting, Policy Set/rule match conditions, or simply…… Continue reading Location, location, location: Segmenting FlexConnect Authentications in ISE Without Overriding WLC Central-Auth
Shutting down the WebVPN Portal on FTD with FlexConfig
The Cisco ASA and FTD have a nice usability feature for client software distribution when running AnyConnect: by default, you can leverage the ASA/FTD itself as the AnyConnect software repository for your end-users. Navigating in a browser to your RAVPN URL will bring up the WebVPN login screen, which allows the end-user to authenticate and…… Continue reading Shutting down the WebVPN Portal on FTD with FlexConfig
CCIE #TBD 