CCIE Quest

Here is an EXCLUSIVE OFFER for all to avail more than 50% discount on all product guides/handbooks.

CISCO SECURE ACS 5.X PRODUCT DEPLOYMENT GUIDE

For those preparing for CCIE Security Version 4 LAB exam, CS-ACS5.X Guide will come handy. It covers detailed topics covering CCIE Sec v4 LAB as well as extending beyond & covering Active Directory Integration & Enhanced VPN Scenarios.

If you wish to view detailed Table of Contents & Scenarios/Technologies covered , Refer to the link below :

 FLEXVPN LAB GUIDE/HANDBOOK

FlexVPN is a way to combine multiple frameworks (crypto maps, ezvpn, DMVPN) into single, comprehensible set of CLI and bind it together with something offering more flexibility and means to extend functionality in future.

EXCLUSIVE OFFER >> FlexVPN Lab Guide/Handbook

Happy Learning Everyone !!!

   Send article as PDF   

 If you are studying for CCIE Security v4 Lab Exam or written for that matter, you need to brush up your skills & learn to test & deploy FlexVPNs. Not only in Lab studies, in production enviroment, FlexVPN is the cisco’s way of integrating all major VPNs into one Umbrella i.e FlexVPN or Unified Overlay VPN

FlexVPN is a way to combine multiple frameworks (crypto maps, ezvpn, DMVPN) into single, comprehensible set of CLI and bind it together with something offering more flexibility and means to extend functionality in future.

FlexVPN is Cisco’s implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct).FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm while remaining compatible with legacy VPN implementations using crypto maps. Read more about An overview of FlexVPN »

In response to several queries about the Product – Cisco Secure ACS 5.X Product Deployment/Lab Guide , a product preview SAMPLE is now available on the website. This sample is a sub-set of the Original Detailed Product ( ~ 700+ pages ).

For those preparing for CCIE Security Version 4 LAB exam, CS-ACS5.X Guide will come handy. It covers detailed topics covering CCIE Sec v4 LAB as well as extending beyond & covering Active Directory Integration & Enhanced VPN Scenarios.

If you wish to view detailed Table of Contents & Scenarios/Technologies covered , Refer to the link below :

In order to preview  CS-ACS5.X Guide SAMPLE, click link below.

To Your Success,
Tariq A. Sheikh
CCIEx2 # 26141
(Voice,Security)

(TO REQUEST A COPY OF PDF SAMPLE VIA EMAIL , LEAVE A COMMENT BELOW WITH YOUR E-MAIL ADDRESS)

   Send article as PDF   

IKEv2 Smart Defaults feature minimizes the FlexVPN configuration by covering most of the use cases. IKEv2 smart defaults can be customized for specific use cases, though this is not recommended.The following rules apply to the IKEv2 Smart Defaults feature:

• A default configuration is displayed in the corresponding show command with default as a keyword and with no argument. For example, the show crypto ikev2 proposal default command displays the default IKEv2 proposal and the show crypto ikev2 proposal command displays the default IKEv2 proposal, along with any user-configured proposals.

•  A default configuration is displayed in the show running-config all command; it is not displayed in the show running-config command.

•  You can modify the default configuration, which is displayed in the show running-config all command.

•  A default configuration can be disabled using the no form of the command; for example, no crypto ikev2 proposal default. A disabled default configuration is not used in negotiation but the configuration is displayed in the show running-config command. A disabled default configuration loses any user modification and restores system-configured values.

•  A default configuration can be reenabled using the default form of the command, which restores system-configured values; for example, default crypto ikev2 proposal.

• The default mode for the default transform set is transport; the default mode for all other transform sets is tunnel.

FlexVPN Lab Guide/Handbook

Here is the list of commands that are enabled with the IKEv2 Smart Defaults feature, along with the default values.

 IKEv2 default Authorization Policy

IKEv2 default Proposal

Read more about Understanding FlexVPN IKEv2 Smart Defaults »

This post will address process to install Latest Patches to your Cisco Secure ACS 5.X installation. Refer to ACS Release notes for information on new patches & bugs/issues fixed in current release.Before beginning, It is highly recommended that you you backup the Cisco Secure ACS 5.x configuration data in timely fashion in order to restore the same backup if ACS 5.x crashes, or, if you need to build a new system from scratch.

You can get latest patches from the download link (CCO login Required) on Cisco.com

Network Management > Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.3.

Before applying cummulative patch on the ACS 5.x ,you will need to create a repository that will specify the protocol and the location where the patch file is located. Generally, in ACS5.3, you might run into issues with TFTP protocol. So,its recommended to use FTP instead for all backup & patch updates.

Create a Repository

Now, lets first create a Repository using FTP as the communication protocol.

Navigate to System Administration > Operations > Software Repositories to create the specified Repository.

Read more about ACS 5.x: How to create Software Repository & Install Latest Patches »

In this blog post, i will cover in detail how you can setup QEMU settings under GNS3 to emulate ASA 8.4(2). It has been made possible by a user “dmz” from 7200emu.hacki forum. Credit goes to him . Basically we will be using a patch which will automatically extract the kernel and initrd of ASA version 8.4(2). You can use resulting ASA initrd & kernel on any OS where you have installed GNS3.

DISCLAIMER: All information provided here are solely for self-education and investigation purposes. Provided AS-IS without any warranties.

I’m using Ubuntu 10.04 (LTS) although you can use pretty much any Linux Distros available out there.

Cisco Secure ACS 5.X Deployment Guide E-Book

Software Versions Used:

Here we are using latest GNS3 build 0.8.2. Cisco Software Versions you need (download from you CCO account ) are :

• asa842-k8.bin
• asdm-645-206.bin

 Step 1: Read more about GNS3 : How to emulate ASA 8.4(2) under QEMU »