We all know the architecture of the (cd)FMC-managed FTD prevents you from making local device changes via the CLI – or does it? Technically, yes, however where there is a will, there’s a way. This is one way I have used to consistently add configuration changes to the FTD via CLI. The basics rely on…… Continue reading Entering Commands Through the FTD CLI
Category: technical
Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0
One of the first steps to designing and deploying ISE (or any NAC solution) is to gain visibility and understand what is actually out there connecting to your network, so you can design your policy and understand the impact of enacting it.For some types of endpoints, this is relatively easy (i.e. Windows laptops), but for…… Continue reading Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0
Study Notes – DHCP Server, Relay, and Snooping
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————————–! ! IOS DHCP server, Relay Agent ! ! and DHCP Snooping ! !——————————–! ! !In this topology we will configure R5 to act as a DHCP server for two networks: ! 10.10.100.0/24…… Continue reading Study Notes – DHCP Server, Relay, and Snooping
Study Notes – IOS Zone-Based Firewall
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. ZBFW troubleshooting – https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/117721-technote-iosfirewall-00.html Note about self-zone – https://community.cisco.com/t5/security-knowledge-base/zbfw-self-zone-integration/ta-p/3154572 !—————————–! ! IOS Zone-based Firewall ! !—————————–! ! ! Lets configure a ZBFW with the following arbitrary requirements: ! !1. all inside hosts must…… Continue reading Study Notes – IOS Zone-Based Firewall
Study Notes – IKEv1 Tunnel Through an ASA with NAT-Traversal
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————! ! IKEv1 tunnel Through ! ! an ASA with NAT-T ! !—————————! ! !here we will configure a basic GREoIPSec tunnel between two routers through an ASA, but one of the routers…… Continue reading Study Notes – IKEv1 Tunnel Through an ASA with NAT-Traversal
Study Notes – IOS-to-IOS VPN Through an ASA
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !———————————! ! IOS Router VPN through an ASA ! !———————————! ! !in this setup we will configure an IOS to IOS VPN which must pass THROUGH an ASA without NAT, where we need…… Continue reading Study Notes – IOS-to-IOS VPN Through an ASA
Study Notes – ASA to IOS IKEv2 Policy-based VPN with Manual NAT Exemption
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !———————————————-! ! Policy-based IKEv2 VPN between ASA and IOS ! ! With Manual NAT Exemption ! !———————————————-! ! !in this setup we will stand up an IKEv2 based tunnel between an ASA and…… Continue reading Study Notes – ASA to IOS IKEv2 Policy-based VPN with Manual NAT Exemption
Study Notes – ASA to IOS Policy-Based IKEv1 VPN with Manual NAT Exemption
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !———————————————-! ! Policy-based IKEv1 VPN between ASA and IOS ! ! With Manual NAT Exemption ! !———————————————-! ! !in this setup we will stand up an IKEv1 based tunnel between an ASA and…… Continue reading Study Notes – ASA to IOS Policy-Based IKEv1 VPN with Manual NAT Exemption
Study Notes – Basic ASA to IOS IKEv1 Policy-Based VPN
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !———————————————-! ! Policy-based IKEv1 VPN between ASA and IOS ! !———————————————-! ! !in this setup we will stand up an IKEv1 based tunnel between an ASA and an IOS router based on interesting…… Continue reading Study Notes – Basic ASA to IOS IKEv1 Policy-Based VPN
Study Notes – Basic Active-Active ASA HA Pair Config
This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————————————! ! Basic Active-Active ASA HA Pair Config ! !——————————————! ! !we can take the concept of Active/Standby hardware HA as well as multiple contexts and create, effectively, multiple logical HA pairs where…… Continue reading Study Notes – Basic Active-Active ASA HA Pair Config
CCIE #TBD 