Re: Anthony Sequeira's CCIE Security Lab Challenge

Yeah - great stuff.

Notepad can be worth its weight in gold here.

This is what I plan on doing next time.

Grab the "perfect practice" configuration example from the DOC-CD and place
it in Notepad. Then grab the configurations from the devices and place them
in Notepad. Organize side by side with the Doc-CD and several of Cisco's
misconfigurations are going to stick out like a sore thumb.

Now that is the easy part. Once complete, you need to read the task very
carefully and modify the configurations so they accomplish the desired
objective. Here is where the "rubber meets the road" for your knowledge of
VPNs.

Anthony Sequeira, CCIE, CCSI, VCP
http://www.stormwind.com
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

From: Jay McMickle <jay.mcmickle_at_yahoo.com>
Reply-To: Jay McMickle <jay.mcmickle_at_yahoo.com>
Date: Saturday, October 27, 2012 7:38 PM
To: marc abel <marcabel_at_gmail.com>
Cc: Steve Di Bias <sdibias_at_gmail.com>, ccie99999 <ccie99999_at_gmail.com>,
Anthony Sequeira <terry.francona_at_gmail.com>, "ccielab_at_groupstudy.com
certification" <ccielab_at_groupstudy.com>
Subject: Re: Anthony Sequeira's CCIE Security Lab Challenge

Good questiono Marc. Anthony and I talked about this on the phone earlier
this week and how important it is to KNOW, I mean really know the DocCD for
any lab. You and I (Marc) know these links front and back for the RS lab.
For Security however, it's actually one of the worst navigation paths to try
to find. It's almost like the DocCD was written for R&S and Voice, with all
other technologies mixed in. The fact that "Security" can live in different
platforms is the reason for this. Cisco Security documentation on the DocCD
LIVES in most of the ASA links. But, with the Security lab, you must be
able to perform it on just about anything. Even your Mom's toaster (it
seemed like, at least). ;)

If you haven't found it, about 40% of the Security documentation (that I
used) is found in the same place that you and I used for R&S.
Cisco.com, documentation, Products, IOS..., IOS, 12.4, 12.4T, Configuration
guides, scroll to Security-
http://www.cisco.com/en/US/products/ps6441/products_installation_and_configu
ration_guides_list.html

Clicking on "Secure Connectivity...." is where I lived for most of my VPN
issues, but that's only for an example guideline.
http://www.cisco.com/en/US/docs/ios-xml/ios/security/config_library/12-4t/se
con-12-4t-library.html

For technologies I wasn't well versed in, I would compare a working example
to see where something was missing. This is NOT the advised approach as it
took me waaaaay too long for a simple issue (that was self imposed). Don't
forget to live in the simple stuff. As IE's, we tend to live where we look
for the complex. However, that's where I get hung because I forget to look
for the easy fruit!

Now for the kicker-
The most common VPN troubleshooting link is found in the ASA section.
However, for routers, this will only partially help you.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0ac
a.shtml

For straight IPSEC troubleshooting, I use this one at work on a daily basis-
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080
0949c5.shtml

If you need something further, give me a call, Marc.

Cheers.

Regards,
Jay McMickle- 3x CCNP (R&S,Security,Design), CCIE #35355 (R&S)

From: marc abel <marcabel_at_gmail.com>
To: Jay McMickle <jay.mcmickle_at_yahoo.com>
Cc: Steve Di Bias <sdibias_at_gmail.com>; ccie99999 <ccie99999_at_gmail.com>;
Anthony Sequeira <terry.francona_at_gmail.com>; "ccielab_at_groupstudy.com
certification" <ccielab_at_groupstudy.com>
Sent: Saturday, October 27, 2012 5:13 PM
Subject: Re: Anthony Sequeira's CCIE Security Lab Challenge

Jay or Anthony,

Do either of you have a good read on troubleshooting VPN's? I get by, but
I would like to get better.

Thank you,

Marc

On Sat, Oct 27, 2012 at 1:06 PM, Jay McMickle <jay.mcmickle_at_yahoo.com>wrote:

> Rock on, Anthony. I'll be following and studying with you for Security v4.
>
> Regards,
> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
> Sent from my iPhone
>
> On Oct 27, 2012, at 10:42 AM, Steve Di Bias <sdibias_at_gmail.com> wrote:
>
> > Anthony i Echo CCIE99999 and I'm very proud of you. You gave it your all,
> > and you're a great inspiration to others Thanks for sharing!!
> >
> > On Saturday, October 27, 2012, ccie99999 wrote:
> >
> >> Wow. Such a great spirit man!
> >>
> >> @ccie99999
> >> Il giorno 27/ott/2012 15:26, "Anthony Sequeira" <
> terry.francona_at_gmail.com<javascript:;>
> >> ha scritto:
> >>
> >>> Hello everyone! Thank you so much for following my CCIE Security
> >> Challenge.
> >>> I sat the CCIE Security Lab Exam Version 3.0 in RTP North Carolina, USA
> >>> yesterday.
> >>> Overall - what an amazingly enjoyable experience. I hit the Angus Barn
> >> the
> >>> night before with David Blaire, the RTP proctor. What an amazingly
> >> awesome
> >>> person he is. You will be very fortunate if you test at RTP - VERY
> >>> FORTUNATE. He will make you feel relaxed and well cared for, and is
> very
> >> up
> >>> front and clear about the ways in which he can help you try and pass.
> My
> >>> only complaint was that the night before at Angus Barn - he made me try
> >>> ostrich. Those poor giant birds. Even they could not escape our hunger
> >> for
> >>> meat! I am complaining because the meat was really good. I am thinking
> >>> about
> >>> heading to the Lowry Park Zoo here in Tampa Florida with a really big
> >>> knife.
> >>> I figure I can get away with it since we are celebrating Halloween in
> the
> >>> USA this weekend.
> >>> So if you are reading this, it is at this point where you are probably
> >>> wondering if I am ever going to speak about my results...well - here
> >> goes:
> >>> I must have failed - by a few points - probably 8 to 10 points. I was
> not
> >>> able to complete three 6 point tasks, so my chances of passing are slim
> >> to
> >>> none. Yes, I fell into the classic case of needing just one more hour
> and
> >>> being able to pass the exam with relative ease! As you will see from my
> >>> rating scale below - it was indeed my technical knowledge (lack
> thereof)
> >>> that failed me.
> >>> So now I am on to my new challenge! I will be one of the first to pass
> >> the
> >>> new Version 4 blueprint. I am so incredibly excited. So excited in
> fact,
> >>> that I started studying on the flight back! (FlexVPN).
> >>> By the way - here is how my four Cornerstones of Success held up for
> me.
> >>> This is my self rating of how I did on those on a 10 point scale.
> >>> 1 - Technical Knowledge - 4 (yes, this was indeed my big issue)
> >>> 2 - Strategy - 8 (I almost passed the lab when I was truly ready
> >>> technically!)
> >>> 3 - Psychology - 9 (my head was "on straight" for this attempt - again
> it
> >>> drove me to almost pass)
> >>> 4 - Physical Wellness - 10 (I slept like a baby the night before - and
> >> felt
> >>> amazing throughout the exam!)
> >>> It was so flattering to be recognized for my Cornerstones of Success
> >>> lecture
> >>> at Cisco Live by many of the candidates in the lobby waiting to test!
> >>> Another candidate was thanking me vigorously for teaching him QoS. I
> >> never
> >>> cycled back with him after to see if he actually got those points! :)
> >>> So - you are going to watch me here at the blog (blog.ipexpert.com )
> as
> >> I
> >>> prepare for Version 4. And watch how technical we dive. Get your scuba
> >> gear
> >>> ready my friends! I am going to get crazy technical (for me) and
> present
> >>> challenges that are in the spirit of how Cisco would present them. I
> >> have a
> >>> better sense for that than ever!
> >>> I am so glad that there will be plenty of seats for Version 4 in the
> near
> >>> future at RTP- now I can go back to the strategy that works best for
> me -
> >>> booking the lab the week before I am ready to crush it. I realized time
> >> how
> >>> much I dislike the approach of booking and then trying to prepare for
> >> that
> >>> date. Yuck. Not my style.
> >>> Here are some nuggets for those preparing for their version 3 still:
> >>> * The exam consists of 3, 4, 5, and 6 point tasks
> >>> * Task value does an excellent job of conveying difficulty or
> conveying
> >>> the
> >>> time it will take you if it is easy
> >>> * Troubleshooting is EVERYWHERE - it is crazy - trust the lab paper -
> do
> >>> not
> >>> trust your initials; the TS is NOT restricted to the tasks that are
> >> titled
> >>> TS.
> >>> * I do not think you can solve this lab doing the tasks in order and
> pass
> >>> (but you knew that I am guessing)
> >>> * When you get a task or two that seems really bizarre with a
> technology
> >>> you
> >>> have never heard of - do not panic - everything was really easy to find
> >> in
> >>> the Doc-CD; also that task will most likely only be worth few points.
> The
> >>> task was laid there to check you on the DOC-CD and to mess with your
> >>> strategy.
> >>> Thank you to all of the incredible people around the world that
> followed
> >> my
> >>> challenge and gave me great mojo. And to the haters - please consider
> >>> therapy.
> >>> Anthony Sequeira, CCIE, CCSI, VCP
> >>>
> >>> http://www.stormwind.com/
> >>>
> >>> Twitter: @compsolv
> >>>
> >>> Facebook: <http://www.facebook.com/compsolv>
> >
> >
> >
> > --
> > Thank you,
> >
> > Steve Di Bias
> > CCIE #32840
> >
> >
> > Blogs and organic groups at http://www.ccie.net/
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
Marc Abel
CCIE #35470
(Routing and Switching)
Blogs and organic groups at http://www.ccie.net/