+ Reply to Thread
Page 3 of 10 First 123 4567 ... Last
Results 51 to 75 of 237
  1. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #51
    IPexpert Lab 8 "VPN Concentrator" done. Another straightforward min-lab with one concentrator and 3 routers. It was my first time using ProctorLabs racks but it was pretty straightforward. Up until now I've been using multiple per-host Terminal sessions and organizing them with Wintabber but I made an effort tonight to just use one session (well 2 since they have them split here) to the Access server.
    The lab itself involved simple routing and redistribution between the private and public LANs, and of course remembering the filters to allow it. Then Router to VPN3k Lan-Lan / EZVPN client mode and remote access via IPSec and Webvpn. I mainly did this one for completeness sake and to get in practice with IOS EZVPN more than anything, the Webvpn section was a plus but it's very intuitive on the Concentrator so not a big obstacle - I really need to practice it on the ASA.
    I had to use the Docs for the EZVPN client side, as expected, but missed setting the Loopback as the inside source. Other than that it went well.
    Reply With Quote Quote  

  2. SS -->
  3. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #52
    IPexpert Lab 9 - "Switching"
    Very informative title don't ya think? . While relatively simple security wise I actually appreciated this lab. It focused mainly on VLAN assignments / Trunking / VTP and VMPS as the basics and as stupid as it sounds I do need practice on those areas (I know enough to get around the devices and have picked up a lot more doing these labs but I rarely use any of this at work). After that was a Dot1x port control config (Where I stupidly spent 10 mins looking for the option to enable per-user attributes and it was staring me in the face) and I had to refer to the solution guide for the exact attributes to enable and configure on the ACS server for Vlan assignment(64,65,81...now repeat). last up was some dynamic routing between the 2 routers and 2 switches, a mix of MD5 auth'd EIGRP and BGP with redistribution. Simple enough stuff but I still got one of the loopback network numbers wrong. This one was okay, not too many mistakes but those I made were just stupid so there was no excuse.
    I'm kinda tired but I have 3 hours of rack time left and I want to do all of the IPS labs (3, or rather one larger one with 2 addendums, rated at 6 hours combined) together on my next Proctorlabs session next Saturday, sooooo one more tonight - NAC....for which I am clueless....
    Reply With Quote Quote  

  4. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #53
    IPexpert Lab 12 "NAC"
    That my friends was painful. The first half went fine as it's just setting up the Groups/Users/Basic NAC enabling/VPN3K Certificates. After that I made a mess of installing a certificate inside the ACS since it doesn't support lovely old SCEP (yes I know I've gotten lazy that way), I eventually figured out where i was going wrong with little help from the solutions guide and got that going far enough to get into the actual NAC configuration on ACS. It's just so bloody involved for even the most basic tasks. I understand that once you have your templates it's easier to manage but if this came up on the lab it'd be a major time killer even if you knew it inside out. Anyway I got most of the way through but I was basically reading from the solutions guide so I figured I'll knock off and do some proper study on it in a few days.
    Tomorrow is a double with IWEB so I need my beauty sleep.
    Reply With Quote Quote  

  5. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #54
    A little bit of study this afternoon in the form of the IWEB Advanced Tech Class Layer 2 Security module. Then it was on to the lab.

    IWEB Lab 3 - Difficulty 8/10
    Yup this is the one I abandoned last week due to technical difficulties accessing the rack halfway through. Quite a good lab overall, very challenging but informative. To rehash a bit the initial setup section was quite intensive, accounting for 21 points. The usual addressing setup and a mesh of EIGRP/OSPF/RIP and authentication but also 2 (really 3) deliberately introduced problems in the initial configs that need resolving to essentially converge 2 sides of the network. The ACL and VPN sections were relatively light imho or just I'm getting used to them a bit more, a good mix of RA VPN, L2L and DMVPN with eventual encryption. While still using the DOCs for DMVPN I can do the basic setup now for multiple routers in a couple of minutes, so my technique for scavenging what I need from them to a notepad-config is as fast as it's gonna get...now if only I could actually remember it all off the top of my head . I ran into an issue with the L2L between the PIX' through the VPN3k that required Certification auth and to use hostnames for the tunnel-groups - this happened last time too but I remembered the steps for using hostnames properly this time, the issue was simpler, I just didn't configure the domain name and certificates properly on one side, easy enough to spot in the debugs and then correct. Still, sloppy. There was a nasty ASA NAC section too, but it was well explained in the solutions guide and some of it began to click finally. I printed that whole solution section and will play with it over the weekend on my own lab. The last speedbump was a deep MPF section that required heavy manipulation of how certain TCP packets were handled, I got about half of the task offhand but the last had me stumped. The solution was actually something I should have thought of, or at least know enough to go check that commands options, TCP-MAPS (the first half could be done with straight class-map/policy-map options). I've only used them so far for BGP Auth fixing but it's now firmly lodged in the old noggin' as a place to check when lost and needing to manipulate traffic that deeply.
    One or 2 mistakes in the solutions guide but I've gotten used to that, just places were an implied filter was needed on a connected device and that kind of thing, no biggies.
    One thing I wasn't nuts about was this one twice had you jump ahead to finish other sections before being able to drop back and continue. It was obvious in one case but no the other (the solution was not hard but some of the details it was expecting weren't configured yet). Maybe it's just me but I found that a bit annoying. But I guess you have to be ready for anything.

    Anyway , another double tomorrow. I was trying to plan out my study timetable for my weak areas before next week this afternoon and it finally hit me, I have very little time to do any of it in detail. Lab tomorrow, shorter one from 11pm fri to 6am sat. Another double on Sunday 5pm to Monday 4:30am, then flyout wed. Those irrational jitters I've had for the last few weeks (and were finally fading) are morphing into Rational versions. Never enough time.
    Reply With Quote Quote  

  6. Senior Member Turgon's Avatar
    Join Date
    Apr 2007
    Location
    Great Britain
    Posts
    6,250

    Certifications
    CCIE counter..993 Lab Hours.... 532 Reading.
    #55
    Quote Originally Posted by Ahriakin
    A little bit of study this afternoon in the form of the IWEB Advanced Tech Class Layer 2 Security module. Then it was on to the lab.

    IWEB Lab 3 - Difficulty 8/10
    Yup this is the one I abandoned last week due to technical difficulties accessing the rack halfway through. Quite a good lab overall, very challenging but informative. To rehash a bit the initial setup section was quite intensive, accounting for 21 points. The usual addressing setup and a mesh of EIGRP/OSPF/RIP and authentication but also 2 (really 3) deliberately introduced problems in the initial configs that need resolving to essentially converge 2 sides of the network. The ACL and VPN sections were relatively light imho or just I'm getting used to them a bit more, a good mix of RA VPN, L2L and DMVPN with eventual encryption. While still using the DOCs for DMVPN I can do the basic setup now for multiple routers in a couple of minutes, so my technique for scavenging what I need from them to a notepad-config is as fast as it's gonna get...now if only I could actually remember it all off the top of my head . I ran into an issue with the L2L between the PIX' through the VPN3k that required Certification auth and to use hostnames for the tunnel-groups - this happened last time too but I remembered the steps for using hostnames properly this time, the issue was simpler, I just didn't configure the domain name and certificates properly on one side, easy enough to spot in the debugs and then correct. Still, sloppy. There was a nasty ASA NAC section too, but it was well explained in the solutions guide and some of it began to click finally. I printed that whole solution section and will play with it over the weekend on my own lab. The last speedbump was a deep MPF section that required heavy manipulation of how certain TCP packets were handled, I got about half of the task offhand but the last had me stumped. The solution was actually something I should have thought of, or at least know enough to go check that commands options, TCP-MAPS (the first half could be done with straight class-map/policy-map options). I've only used them so far for BGP Auth fixing but it's now firmly lodged in the old noggin' as a place to check when lost and needing to manipulate traffic that deeply.
    One or 2 mistakes in the solutions guide but I've gotten used to that, just places were an implied filter was needed on a connected device and that kind of thing, no biggies.
    One thing I wasn't nuts about was this one twice had you jump ahead to finish other sections before being able to drop back and continue. It was obvious in one case but no the other (the solution was not hard but some of the details it was expecting weren't configured yet). Maybe it's just me but I found that a bit annoying. But I guess you have to be ready for anything.

    Anyway , another double tomorrow. I was trying to plan out my study timetable for my weak areas before next week this afternoon and it finally hit me, I have very little time to do any of it in detail. Lab tomorrow, shorter one from 11pm fri to 6am sat. Another double on Sunday 5pm to Monday 4:30am, then flyout wed. Those irrational jitters I've had for the last few weeks (and were finally fading) are morphing into Rational versions. Never enough time.
    Good luck with your lab attempt. I know exactly how you feel. Lab work is VERY time consuming particularly when you are working it around a job and such. The time just flies by and often you don't get as much done as you would like. But I think you are doing very well and clearly leveraging a lot you already knew about security device configuration coming into your preparations. Foundation always helps. Get your remaining labs done and try to focus on the core things in your preparation. You don't have much time left so I would concentrate on those things with the time you have remaining. The weird or arcane stuff..know of it, configure what you can..know where to find it..but take comfort that while the lab will have some of those sorts of things waiting for you it wont be full of it and you can't possibly learn all of it. Like you say. Not enough time! I think you have a shot at a first time pass but if you miss out don't get hung up on that. Some great engineers take more than one shot. Scott Morris did. Besides, it might make you a better driver. Took me four goes to clear my driving test and everyone says I drive really well. The journey is the most important thing because you might never study so intensely again.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Dec 2006
    Location
    Ontario
    Posts
    1,092
    #56
    wow I am nervous about my exam which is still 10 weeks away, I can't imagine how you feel!


    Good luck and all the best to you.
    Reply With Quote Quote  

  8. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #57
    Thanks guys, the pep-talk is appreciated , it's sometimes hard to keep this all in perspective and get lost worrying about it.
    Just finishing up the Advanced Tech class on WebVPN now and then onto Lab 7. Incidentally I think I was right when I said before that WebVPN on the ASA was designed primarily for GUI configuration since the CLI is so messy. It's actually much easier to keep track of if you think of the CLI modes in terms of the Global / Group and Interface tabs for it on the concentrator . I'm glad to see I'm not the only one since even Mr. McGahan is having trouble on the vid keeping track of it all.
    Reply With Quote Quote  

  9. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #58
    Hmmmm. Trying not to get pissed again but more technical problems with the racks. Neither PC, the AAA/Cert server or Test machin, will respond on the network. I troubleshooted it for a while myself, moved them to different VLANs, setup SVIs on the switches in the same VLANS etc. and everything else works but those 2. I emailed support and they reset the VMs but no joy, emailed them back over an hour ago to let them know but still no reply - they're usually pretty prompt so I'm guessing it isn't an easy fix. It knocked out 1 VPN section and all of the AAA and IPS sections for me but I moved on and completed the rest.
    So, ignoring the blank spots. tonight was IWEB lab 7 - Difficulty 8/10 . I really enjoyed this lab even if it did have me stumped a few times it was very challenging in a good way. Lots of little gotchas and some attack mitigation techniques I hadn't much experience with yet. It was also my first time using HSRP on the routers, 2 of them face to face with a similar pair of ASAs in Active/Standby Failover. Configuring HSRP was actually much easier than I thought it would be but the real 'trick' came later when part of the attack mitigation was to lockdown the Ports on that VLAN to only the maximum MAC addresses allowed. Easy enough, port security, maximum...and then you remember that HSRP means 2 mac addresses potentially per Router port - I got that part....but the bit I didn't was accounting for the fact that the ASAs would trade MACs if failover activated. Good stuff though, really makes you think.
    There was also another good section on traffic filtering depending on the source, but not using IP addresses anywhere in the config. I knew it had to be done with MPF but I couldn't for the life of me work out how to differentiate the sources. And thus was my first encounter with using policies to mark traffic and later drop it (i.e. on your border router you marked the traffic with a precedence value, then dropped it closer to your target). More neat stuff.
    Not too much else really, the usual batch of GRE/IPSec tunnels, not even a lot of interaction with the PIX/VPN3K/ASAs as they were all off at various perimeters, i think Failover was meant to be the big ASA task and it's so well and concisely documented it's breeze now. It falls into the same category as DMVPN now for me, I could learn it off by heart and know most of it anyway but it's just easier to leave it to the Docs.

    I'm going to call this one a night labwise anyway. I learned a lot from this lab and I have some topics I want to research a bit more before hitting the hay. No point waiting to see if they fix the VMs, it'd almost be worth it for the AAA practice but the IPS is not that involved....and I kind like finishing early.

    Sooooo off to CBTNuggets BSCI and the OSPF section to revise Virtual links and then I think the WebVPN chapters from the Cisco ASA Handbook.

    All in all a good nights work, missed some things but learned from it....now if I can cure the 'missed things' part in a week I'll be fine
    Reply With Quote Quote  

  10. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #59
    Turns out last night's issues with the PCs was a system wide routing problem that only got resolved this afternoon. They did refund a session worth of tokens though without being asked which was a plus, I'll probably use them tomorrow or Monday to do some adhoc work on NAC and some other areas.
    EDIT: Or I would have but there are no slots free , ah well at least I have some 'in the kitty' if things do not go well next week.
    Today is finishing off some study on the ASA Webvpn, I started it last night but it just didn't sink in. I'm going to implement this on one of our ASA's at work to allow quick viewing of our monitoring system status pages so it'll kill 2 birds with one stone.
    I have a 7 hour session with Proctorlabs tonight at 11pm to finish off the IPexpert mini-labs, all the IPS ones and maybe go over some of the others if I have time. I think the IPS ones alone will probably only take half the session as the time estimates on the book are pretty generous.
    Reply With Quote Quote  

  11. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #60
    AAARRRRGHHHH


    Do ANY of these rack rental companies actually give a damn about availablity? Just tried proctorlabs and the 2nd access server is down...it just happens to be the one with all of the security appliances. The control panel won't let me reset the power either. It's just problem after problem, from company to company. Im trying to get into their support pages now and it's going incredibly slowly...THEY'RE NETWORKING SPECIALISTS FFS and they can't keep their own systems up.
    The only thing that is working is the very pretty Clock at the top counting down the time I have left. I do not need this so close to the Lab, first last night's on GradedLabs and now these.

    Edit: Well the Access server came up but I've never used the IDS with them before and all the standard passwords don't work. They don't include them in the confirmation emails, they are stored in your profile...on the website that has been dead for the last hour.....Oh well. Moving on and redoing some of their workbook on my home lab.
    Another wasted rental.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Dec 2006
    Location
    Ontario
    Posts
    1,092
    #61
    Ya I have had issues with gradedlabs myself, especially with their control panel (there was a good month where I couldn't save configs). I have also had times where they would be "working on my rack" while I am trying to get on. And the WORST is when their site takes 10mins to load right when I need on to get the pws/rack #.


    I agree that you would think managing some routers would be what these guys do best! :P
    Reply With Quote Quote  

  13. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #62
    Well the website came back and I got the passwords, the Access servers were reset so I guess it's a good thing this happened at the start. I'm just finishing up their Lab3 on my home setup so maybe I'll have time to do the ones I wanted to now.
    Just frustrating.

    Edit: Nope, belly up again. I'm done with them.
    Reply With Quote Quote  

  14. nel
    nel is offline
    Senior Member
    Join Date
    Jun 2006
    Location
    Australia
    Posts
    2,847

    Certifications
    A+ , Network+, MCSA 2003, CCENT, CCNA, CCDA, CCNP, CCDP, JNCIA-JunOS, JNCIS-ENT, Bsc(hons) & Msc Degree
    #63
    Damn, sounds like a pain in the arse!

    DOnt let it deter you, by the sounds of it your doing great Ahriakin. Keep up the good work man!
    Reply With Quote Quote  

  15. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #64
    Thanks, just whinging again, sh*t happens I should just deal with it.

    Anyway.
    I went through about 2/3 of the Cisco ASA Handbook yesterday and the IWEB Advanced Tech Class on AAA. Today was a little on Remotely Triggered Black Hole Filtering....which I FINALLY get, turns out it's not that complicated at all, just with so much BGP interaction I'd turned it into a kind of study boogeyman.

    I'm just starting my last Lab session, IWEB lab 10, a 9/10 the toughest one in the book apparently. Should be fun
    Reply With Quote Quote  

  16. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #65
    Lab 10 (9/10) done.

    That was tough, surprise surprise but not actually as bad as I thought it would be. Had it been real I would have probably failed it, but I'm placing my hope now in IWEBs claims that their Labs are harder than the real thing, well not 'all hope' as I know that is useless but it's part of my nature to always try and put everything where it can be referenced against something else. make sense? doesn't much to me re-reading it either, sorry the brain is fried.
    Almost every task had an implied secondary, whether it was filtering devices in the way, or NAT, port remapping etc. The trickiest was setting up a second L2L VPN between the PIX and VPN3K, which of course you normally can't do. You had to translate both addresses on the intermediate Routers and use the translated IPs as the peers to fool each device into thinking it was talking to a totally different endpoint - I got the basic idea but wanted to check the solution guide to make sure I was on the right track before launching into a pretty lengthy configuration, and the guide was wrong, it didn't match the topology properly for one of the routers, fun, but the principle was sound.
    This next one would have had the honour of 'trickiest' except it qualifies for downright evil instead - encrypting GRE tunnels between 2 routers, normally easy, but the question stated that there was to be no lifetime timeout....hadn't a clue...turns out you had to disable ISAKMP, the thing that every book says no one ever does and you should avoid (yes I know it's the lab and it's fair game ), and manually enter a pre-shared key in hex of equal length to the encryption algorithm, 3DES...honestly this one got ridiculous in it's depth. allowing for the fact that 3DES uses parity bits and subtracting them from the keying length etc. All for 3 points it easily tripled the config time (not to mention plain old brain exertion) for simply encrypting an easy to do GRE setup. All I can think of is the author wanted to show us that even if we got smug at having gotten through their hardest Sec lab so far that they still knew more . I didn't even bother trying to implement from the solution guide. If something like that pops up on the real thing it's 3 points I'll be happy to burn.
    The ASA Webvpn and VPN3K NAC sections actually went okay this time. I spent a bit more time on them after the last lab. I'm not 100% on either but at least now I know enough to do the basics and have a stab at the more complex configs.
    With each of the other labs as they moved up a difficulty level it usually meant adding the more complex technology areas, like moving from pure IPSec VPNs to adding WebVPN etc. This one however didn't really introduce much new material (barring a few very obscure routing configs (like forcing traceroute replies from a loopback)) it just meshed them together much more closely. At times it felt like walking a highwire, I'd keep checking my diagrams and memory to make sure that hitting enter wasn't about to make something else blow up. Stressful stuff. But it's meant to be, isn't it?

    So that's it for the moment anyway, no more booked lab sessions. I need to do some home lab work on AAA privilege assignments from the AAA server and a little more on Inspection type Policy-maps (though I had problems in the Lab with 2 it actually 'clicked' while I was doing them, just need some more practice to solidify the understanding). Then do spot revision on anything that comes to mind. I fly out wed. so I have Thursday off. I know the common advice is don't study that day but I know I will, I'll just try not to stress over it and take it easy that day, finish up at dinner and hope the Hotel has a movie channel.


    Anyone got any last minute advice for the trip itself? I've never been to San Jose. I'll be staying at the La Quinta just off the Airport and only a few miles from the Exam center.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2006
    Location
    Ontario
    Posts
    1,092
    #66
    Not sure about others, but I plan to take sleeping pills the night before. Can't beat a good nights sleep!

    I have also heard people say don't eat a heavy lunch. Maybe some fruit and salads and such.


    Looks like some nice weather in San Jose (compared to here anyway), so enjoy it!
    Reply With Quote Quote  

  18. Senior Member Turgon's Avatar
    Join Date
    Apr 2007
    Location
    Great Britain
    Posts
    6,250

    Certifications
    CCIE counter..993 Lab Hours.... 532 Reading.
    #67
    Quote Originally Posted by Ahriakin
    Lab 10 (9/10) done.

    That was tough, surprise surprise but not actually as bad as I thought it would be. Had it been real I would have probably failed it, but I'm placing my hope now in IWEBs claims that their Labs are harder than the real thing, well not 'all hope' as I know that is useless but it's part of my nature to always try and put everything where it can be referenced against something else. make sense? doesn't much to me re-reading it either, sorry the brain is fried.
    Almost every task had an implied secondary, whether it was filtering devices in the way, or NAT, port remapping etc. The trickiest was setting up a second L2L VPN between the PIX and VPN3K, which of course you normally can't do. You had to translate both addresses on the intermediate Routers and use the translated IPs as the peers to fool each device into thinking it was talking to a totally different endpoint - I got the basic idea but wanted to check the solution guide to make sure I was on the right track before launching into a pretty lengthy configuration, and the guide was wrong, it didn't match the topology properly for one of the routers, fun, but the principle was sound.
    This next one would have had the honour of 'trickiest' except it qualifies for downright evil instead - encrypting GRE tunnels between 2 routers, normally easy, but the question stated that there was to be no lifetime timeout....hadn't a clue...turns out you had to disable ISAKMP, the thing that every book says no one ever does and you should avoid (yes I know it's the lab and it's fair game ), and manually enter a pre-shared key in hex of equal length to the encryption algorithm, 3DES...honestly this one got ridiculous in it's depth. allowing for the fact that 3DES uses parity bits and subtracting them from the keying length etc. All for 3 points it easily tripled the config time (not to mention plain old brain exertion) for simply encrypting an easy to do GRE setup. All I can think of is the author wanted to show us that even if we got smug at having gotten through their hardest Sec lab so far that they still knew more . I didn't even bother trying to implement from the solution guide. If something like that pops up on the real thing it's 3 points I'll be happy to burn.
    The ASA Webvpn and VPN3K NAC sections actually went okay this time. I spent a bit more time on them after the last lab. I'm not 100% on either but at least now I know enough to do the basics and have a stab at the more complex configs.
    With each of the other labs as they moved up a difficulty level it usually meant adding the more complex technology areas, like moving from pure IPSec VPNs to adding WebVPN etc. This one however didn't really introduce much new material (barring a few very obscure routing configs (like forcing traceroute replies from a loopback)) it just meshed them together much more closely. At times it felt like walking a highwire, I'd keep checking my diagrams and memory to make sure that hitting enter wasn't about to make something else blow up. Stressful stuff. But it's meant to be, isn't it?

    So that's it for the moment anyway, no more booked lab sessions. I need to do some home lab work on AAA privilege assignments from the AAA server and a little more on Inspection type Policy-maps (though I had problems in the Lab with 2 it actually 'clicked' while I was doing them, just need some more practice to solidify the understanding). Then do spot revision on anything that comes to mind. I fly out wed. so I have Thursday off. I know the common advice is don't study that day but I know I will, I'll just try not to stress over it and take it easy that day, finish up at dinner and hope the Hotel has a movie channel.


    Anyone got any last minute advice for the trip itself? I've never been to San Jose. I'll be staying at the La Quinta just off the Airport and only a few miles from the Exam center.
    I have advice. There is nothing you can do now to improve your chances of passing the test but plenty you can do to reduce those chances. Get some rest now and start to get mentally ready for that exam. A few notes to turn over is fine but nothing more. Eat well and get plenty of sleep before the test.

    Good luck.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #68
    I have a special night-before-the-lab sleep-well drink. It's one party Nyquil and two parts vodka. You'll want to have it around 10am the day before, otherwise you might oversleep. Good luck!
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Dec 2006
    Location
    Ontario
    Posts
    1,092
    #69
    Turg: I love that philosophy. Its what I say to myself leading up to a race/triathlon. "theres nothing you can do in the last week to help you finish, but theres everything you can do to keep you from finishing"

    Dyn: That sounds like death. And probably does the trick! :P
    Reply With Quote Quote  

  21. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #70
    Yup good advice. I took it easy this evening, logged in to catch up on some work adn then just watched a few recorded TV shows. I might do a few CBT modules tonight but that's about it.

    Dynamik I'm Irish, there's no such thing as just '2 parts vodka' unless you're talking about my bloodtype . Actually plain old Benadryl does the trick for me, teeny sip of that stuff and I'm out for the count.
    Reply With Quote Quote  

  22. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #71
    Well the trip went fine, beautiful mountain view on the way in. The Hotel (the La Quinta just outside the airport and only about 3 miles from the Cisco offices) is very nice too. Not much in the way of movies though, I presumed they'd have a ppv channel and didn't bring much in the way of entertainment, just a few Dexter Season 2 episodes left. I ended up getting about 2 hours sleep last night (not nerves, just trying to slam-adjust back to daylight hours after working nights for so long) but it'll help me sleep well tonight. I'm probably going to do a quick run over the main Cisco Docs later, not intense study mainly to freshen up my map of knowledge and then some CBTs tomorrow - just a few With no movies I have to have something to do....
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Dec 2006
    Location
    Ontario
    Posts
    1,092
    #72
    Well its been said but good luck man! Really looking forward to hearing how it goes. I might book that hotel myself I think, as it looks like a decent location/price.
    Reply With Quote Quote  

  24. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #73
    It is a good choice, refurbished early this year and everything is still clean and new(ish), close to the airport (with a free shuttle), close to Cisco and a Burgerking at the far end of the parking lot that just finished filling yours truly with comfort food (I won't be doing that tomorrow, I don't have a deathwish but it was nice after the trip). If you're just here for the exam it's pretty much ideal.
    I'm doing a quick run over the Cisco Docs for the IOS routing. I know my way around the security config (using 12.4 since the 12.2/12.3 docs are still in dissary online and most of the security syntax is the same for the Lab test features, barring IOS IPS) but hadn't done the same yet for R&S so it's a good opportunity in case I get something routing related that goes over my wee security focused head.
    Reply With Quote Quote  

  25. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #74
    Slept like a baby, for 12 hours . Even though it's right beside the airport the hotel is practically silent, nice work on the insulation. I spent the morning calling family and friends just catching up and am actually very relaxed. I watched the movie "Mongol" a few nights ago and the dialogue at the final battle I think explains why I'm not jittery anymore "I had nowhere to hide from the thunder so I had no reason to be afraid of it"...well I thought it was cool anyway , nicer than the modern day version of "well there's nothing more I can do now".
    Lunch was pretty good, ordered from a local restaurant and had a Veggie Burger and Salad, with enough salad left over for a snack tonight, no heavy meals so I can sleep well again. The front desk said there shouldn't be a problem with Taxi's in the morning and will book one for 7:30. So fingers crossed I'm all set.
    Reply With Quote Quote  

  26. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,665

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #75
    Quote Originally Posted by Ahriakin
    Slept like a baby, for 12 hours . Even though it's right beside the airport the hotel is practically silent, nice work on the insulation. I spent the morning calling family and friends just catching up and am actually very relaxed. I watched the movie "Mongol" a few nights ago and the dialogue at the final battle I think explains why I'm not jittery anymore "I had nowhere to hide from the thunder so I had no reason to be afraid of it"...well I thought it was cool anyway , nicer than the modern day version of "well there's nothing more I can do now".
    Lunch was pretty good, ordered from a local restaurant and had a Veggie Burger and Salad, with enough salad left over for a snack tonight, no heavy meals so I can sleep well again. The front desk said there shouldn't be a problem with Taxi's in the morning and will book one for 7:30. So fingers crossed I'm all set.
    Good luck man!
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 10 First 123 4567 ... Last

Social Networking & Bookmarks