Category Archives: CCIE Security

Troubleshooting Basic IPSec VPNs on the Cisco ASA

CCIE Security, , , , ,

As I prepare for my next (and final) attempt at the CCIE Security lab exam, I am making lists to help speed and accuracy when troubleshooting involved configurations like VPNs. Here is an example list for a basic VPN on the Cisco ASA:

hke03515

Step 1 – Is ISAKMP enabled on the correct interface? crypto isakmp enable OUTSIDE

Step 2 – Check the ISAKMP policy.

Step 3 – Check the tunnel-group for correct pre-shared key.

Step 4 – Check the transform set.

Step 5 – Check the access-list for interesting traffic definition.

Step 6 – Check the crypto map.

Step 7 – Check the application of the crypto map.

In the heat of battle you can find that having a plan sure beats not having a plan at all. 🙂

CCIE Security Version 4 – The ASAs

CCIE Security, , , , , ,

My study of the ASAs is drawing to a close. My plan was to do a lot of posts regarding these studies, but as you might guess, it is too difficult to study and do a lot of blogging on the process when you are dealing with a fixed amount of time for actual study. Here is a recap of prep required on the ASAs.

hke03515

The Hardware:

  • Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances
    • Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x
  • We can expect 4 of these devices

The Study Checklist:

  • Initializing the Basic Cisco ASA Firewall (IP Address, Mask, Default Route, etc.)
  • Understanding Security Levels (Same Security Interface)
  • Understanding Single vs. Multimode
  • Understanding Firewall vs. Transparent Mode
  • Understanding Multiple Security Contexts Continue reading CCIE Security Version 4 – The ASAs