Tag Archives: lab

Switch Configuration for ISE Integration – Part 1 – AAA Functions

CCIE Security, , , ,

Introduction and Documentation Path

There is quite a bit that needs to be configured on a switch in order for the device to integrate with the Identity Service Engine (ISE) correctly. In this series of posts, we will break down the different areas of the full configuration and ensure that we know what each command in each of the major sections does. Remember, we never want to be inserting commands on exam day from rote memory, without a solid grasp on what the command is actually doing.

Continue reading Switch Configuration for ISE Integration – Part 1 – AAA Functions

Troubleshooting Basic IPSec VPNs on the Cisco ASA

CCIE Security, , , , ,

As I prepare for my next (and final) attempt at the CCIE Security lab exam, I am making lists to help speed and accuracy when troubleshooting involved configurations like VPNs. Here is an example list for a basic VPN on the Cisco ASA:

hke03515

Step 1 – Is ISAKMP enabled on the correct interface? crypto isakmp enable OUTSIDE

Step 2 – Check the ISAKMP policy.

Step 3 – Check the tunnel-group for correct pre-shared key.

Step 4 – Check the transform set.

Step 5 – Check the access-list for interesting traffic definition.

Step 6 – Check the crypto map.

Step 7 – Check the application of the crypto map.

In the heat of battle you can find that having a plan sure beats not having a plan at all. 🙂