-
-
Cisco ISE and Azure AD – Part 1
COVID times have been strange for all of us I’m sure. One of the strangest things to emerge from my customer base during these times was a desire to authenticate users in Azure Active Directory with ISE. Some for VPN authentication, and even a couple of requests for 802.1X authentication.…
-
Cisco IOS & SNMP: A backdoor into devices you can’t access.
We’ve all been there. You desparately need to get into a router or a switch, but every username and password you try doesn’t seem to work. Or even worse, you can ping the device, see it in CDP but SSH isn’t replying and telnet is disabled (presumably because the device…
-
FlexVPN: Spoke-2-Spoke PSK
So in my last post I covered configuring FlexVPN with dynamic spoke to spoke communication using certificates for authentication. What if you wanted to use pre-shared-keys though? We can do that, it’s not nearly as secure as certificate based authentication, but we can do that. We’ll be using the exact…
-
FlexVPN: Spoke-2-Spoke Tunnels
Let’s talk about FlexVPN, a prime contender as a DMVPN replacement and sometimes referred to as DMVPN phase 4. In this post, I’m going to explore the nuts and bolts of getting FlexVPN up and running between (3) routers and, for added flare, I’m going to also configure dynamic spoke-2-spoke…
-
CCIE Security: Troubleshooting (Ticket #1) – Solution
Alright it’s been a couple of days since the original post, so after much fanfare and exactly 0 people attempting to solve, let’s break this one down. SPOILER ALERT Issue #1 Since BGP is relying on OSPF for connectivity between peering interfaces (Loopback1), this seems like a natural place to…
-
CCIE Security: Troubleshooting (Ticket #1)
So in getting ready for the CCIE Security lab this year, I’ve been spending some time trying to come up with my own troubleshooting scenarios. The process for this, if you’re curious, is normally born from practicing config and noting issues that come up when I misconfigure something. Then I’ll…
-
Firepower Threat Defense AVC and SmartCLI
Congratulations, you’ve purchased one of Cisco’s shiny new Next-Generation Firewalls. It’s going inspect more packets, push bits at blazing speed, and finally lockdown your disgraceful network. You’ve built your access control policy and added a ton of rules allowing traffic outside to your inside zone. Maybe you even took this…
-
We need to talk about GETVPN
We really have to talk about GETVPN. Despite its drawbacks, I can’t seem to get it out of my head now and I’m constantly running through scenarios where using it might make sense. If you’re not too familiar with GETVPN, let me offer this high-level summary of the technology. GETVPN…
-
Cisco Firepower Threat Defense (FTD) in GNS3 part 2
Video Only Post In this quick part two video, I cover some basic recommendations for organizing your access control policy and add a couple base rules in. I’ll also cover how we can create IPS policies, and apply them to access control entries, within our access control policy (ACP). As…