CCIE #TBD

Study Notes – Basic IKEv2 Policy-Based VPN Config on IOS

March 16, 2023March 14, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————————————-! ! Basic IKEv2 Policy-based VPN on IOS ! !——————————————-! ! !with IKEv2 we gain some scalability benefits along with other security features like PRF and anti-replay !aside from the Phase 1 config…… Continue reading Study Notes – Basic IKEv2 Policy-Based VPN Config on IOS

Study Notes – VRF-Aware Policy-Based IKEv1 VPN

March 15, 2023March 13, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————————–! ! VRF-Aware Policy-Based IKEv1 VPN ! !—————————————–! ! !In this topology we have two VRFs, custa and custb, with duplicate IP space and a policy-based tunnel spun up dynamically to encrypt traffic…… Continue reading Study Notes – VRF-Aware Policy-Based IKEv1 VPN

Study Notes – fVRF IKEv1 and RSA-SIG Auth with sVTI and default iVRF

March 14, 2023March 14, 2023 Posted in Study Notes, technical1 Comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————————–! ! fVRF IKEv1 and RSA-SIG Auth with sVTI ! !—————————————–! ! !RSA-Sig (certificate) based authentication can be done for ISAKMP peers in fVRF setup by using the isakmp-profile to specify the match…… Continue reading Study Notes – fVRF IKEv1 and RSA-SIG Auth with sVTI and default iVRF

Study Notes – Basic Front-Door VRF with Non-Default iVRF (ISAKMP PSK, GRE)

March 13, 2023March 13, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !————————————————-! ! Basic Front-Door VRF with non-default LAN VRF ! !————————————————-! ! IKEv1 GREoIPSec L2L ! !————————————————-! ! !the purpose of Front Door VRF is to isolate the underlay and overlay networks, both…… Continue reading Study Notes – Basic Front-Door VRF with Non-Default iVRF (ISAKMP PSK, GRE)

Study Notes – Dual-Hub DMVPN Phase 1-3 w/ IPSec

March 10, 2023March 9, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————–! ! DMVPN Phase I ! !—————–! ! Hub (R1) ! !—————–! ! ! cry isakmp policy 5 hash sha256 authen pre-share group 19 encry aes 256 ! cry isakmp key P@ssw0rd! address…… Continue reading Study Notes – Dual-Hub DMVPN Phase 1-3 w/ IPSec

Study Notes – Basic IOS CA Server Configuration and Use in IKEv1/ISAKMP VPN

March 9, 2023March 9, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !————————————–! ! IOS CA Setup for IKEv1 VPN Auth ! !————————————–! ! CA Router (DMVPN Hub, usually) ! !————————————–! ! crypto key generate rsa modulus 2048 label Hub-CA-Keys ! ip http server !…… Continue reading Study Notes – Basic IOS CA Server Configuration and Use in IKEv1/ISAKMP VPN

Study Notes – Converting DMVPN Phase 1 to Phase 2 and 3

March 8, 2023March 8, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————–! ! Phase 2 DMVPN ! !——————–! ! HUB ! !——————–! !once Phase 1 is completely up and running, implement the following !change on the hub to allow spoke-to-spoke data plane forwarding !…… Continue reading Study Notes – Converting DMVPN Phase 1 to Phase 2 and 3

RFC and Standards Documents

November 13, 2022April 2, 2023 Posted in general, technical

In this post, I will keep a running tally of IETF RFC and/or IEEE Standards documents that are relevant to the CCIE Security v6 Lab exam and/or just useful references in general. This is in no particular order (for the time being) and should be considered a living document which I will update as things…… Continue reading RFC and Standards Documents

Closing the Gaps: My CCIE Study Roadmap

October 24, 2022October 25, 2022 Posted in general1 Comment

Over the past couple of weeks, I have been reading through Integrated Security Technologies and Solutions, Volumes I and II. At my current pace, I expect to finish Volume II within the next few days at around 50 hours of time invested since I picked things back up at the beginning of October – at…… Continue reading Closing the Gaps: My CCIE Study Roadmap

eBGP Multihop vs. eBGP TTL-Security

October 1, 2022October 4, 2022 Posted in general, technicalLeave a comment

The following is a really great article by Jon Langemak examining the differences in router behavior when using eBGP multihop vs. eBGP ttl-security. http://www.dasblinkenlichten.com/ebgp-multihop-vs-ttl-security/ Check it out, it is well worth the read. By default, eBGP packets are sent with a TTL = 1, because we assume a directly-connected peer. If the peer is a…… Continue reading eBGP Multihop vs. eBGP TTL-Security