I was recently part of a project in which i did some teaching, and guess what, i LOVED it! Teaching gets me real excited and motivated to work hard and i’m seriously considering it as a full time profession.

But i’ve to overcome some things before i can start confidently teaching!

1) Get better.Technically.

2) Try real hard to not swear during the classes

3) Get better.Technically. Have i said that already?

As you all might/might not know, i have restarted my CCIE-security study and i’m now digging deep into VPNs. I spent about 2-3 days last week reading up and labbing about DMVPNs and i thought it’d be cool if i can share all the stuff that i had learnt with others. Hence, the idea for the webinar.

It’s going to be a live session and i’m going to try and keep it as informal and fun as possible . I’d really appreciate it if you can join me as i go through what DMVPN is all about and how to kick some ass using this technology.

Here’s the link using which you can register -> http://tacack-dmvpn.eventbrite.com/ .

As the date for webinar nears, i will provide more details about the medium i’m going to be using to teach this topic.

So go ahead, tune-in , grab a beer , get comfortable and join me as we tear DMVPN apart!

Cheers,
TacACK

I thought it’d be a cool idea to say hi to all of you instead of just typing it out here, so please listen to the small clip .

Cheers,

TacACK

It’s been a long time since i posted a CCIE-sec candidate interview and what better way to start things off again other than an AWESOME interview with CCIE instructor “Brandon Carroll”.

I was fortunate enough to interview Brandon regarding a while back and because of a lot of reasons i got held up doing my own stuff and i couldn’t post it. However, i felt it was about time i posted this article and i’m sure you’ll enjoy this as much as i do. So here we go!

TacACK : Hello Brandon! How are you doing today?

I’m doing well.  I’m working on a number of projects and getting ready for TechFieldDay so its a pretty busy week.

TacACK : For the few CCIE-sec candidates who do not know about Brandon, he’s a CCIE(Security) and a CCSI. Brandon, could you please tell us a little about your CCIE(sec) preparation?

Sure thing.  I’ve been an instructor with a security focus for a number of years.  I teach all the CCSP, now CCNP Security, courses and that was my initial primary preparation method.  I used the knowledge gained there, along with the CCIE Security Written Exam Guide by CCBootcamp to pass the written.  I then used a combination of INE and IPexpert material for the lab.  I own all the workbooks from both vendors as well as the Audio products and Video Products.  I took a 5-day online class from INE and a 5-day live Instructor-led class from IPexpert.  My instructor at INE was Brian Mcgahn and my instructor at IPexpert was Jared Scrivener.  Bot were great instructors.

TacACK : Did you clear the lab on your first attempt? If not , what do you think was missing in your prep?

No I didnt.  The frist time I took the lab was more of a test run to see how it was.  I had no formal training and was in way over my head.  I simply had no time to learn about stuff I had not seen prior to that lab.  The second attempt was after the INE class and I was well prepared for the technology but had no strategy.  The final attempt was after the IPexpert class and I had the perfect strategy and without it I would not have passed.

TacACK : For many candidates (including me) , who couldn’t pass the CCIE on their first attempt, what would your advice to them be? What is the one or many “special” thing(s) that we have to study/lab to cross the hurdle?

Have a plan and stick with it.  Its easy to get sidetracked when you get nervous and frustrated.  If you say you will only spend 10 minutes on a task you MUST move on, even if you will need to come back to it later.  Just stick with the plan.  Also, your life should be spent on the racks.  You should be dreaming about the lab before you go to the lab.  It sounds goofy, but thats how it is.

TacACK : Haha I know a good friend of mine ( Ryan Schuett ) has dreams about configurations! Alright,  now coming to the OEQs. Are there any pointers that you could give us regarding prep for them?

Use Yusufs flash cards.  Other than that, if you know your material they OEQs are a non-issue.

TacACK : What according to you are the most difficult/tricky sections in the CCIE(sec) blueprint?

The ones you don’t know well.  It varies by the person.  For me, it was probably DMVPN troubleshooting.  I think FPM is giving people a run for their money along with GET VPN and multicast rekeying.  Its all fun stuff though!

TacACK : What changes do you see in the near-future in the CCIE(sec) track?

At the moment, not much.  Eventually IOS 15 will need to be introduced along with ASA 8.3 and IPS 7 or 8.  Depending on when things change.  I cant see much in the way of technology being added unless more focus if give to datacenter security which I doubt.  Cisco has been in a bit of a lull with Security in general and i think that drives what the program does.

TacACK : What do you feel is the #1 mistake that CCIE(sec) candidates make?

They overthink some things and underthing others.  You have to find a balance.  Yes you only do what you are told, but you better think about what is affected by what you change.

TacACK : That’ s a tough one. I have the same problem. Ok moving onto more lighter things, what is your daily schedule like?

Basically I’m up at 6 or so, sometimes earlier.  I spend about an hour reviewing email, twitter, facebook and so on.  If I’m teaching a class its basically start teaching at 8:30, lecture / break/ email/ read RSS feeds/ Start a new blog post.  At lunch I typicall schedule all my conference calls or I read and lab.When students are doing labs so am I.After work I hang out with my kids a bit, read some more, blog some more, lab some more.I head to bed around midnight every day.

TacACK : On an average, how much time do you spend reading everyday?

I couldn’t even guess.  I read off and on all day long and its usually multiple sources, books, blogs, etc.

TacACK : What are the 5 things that you recommend every CCIE(sec) candidate to do

Read, Lab, Listen to VoD and Audio, Rest, and take at least one class with a live instructor

TacACK : That’s great advice  Brandon! Thanks a lot for the interview , where can one reach you if they wanted to talk to you/take some of your classes?

Im on twitter @brandoncarroll, of my blog at http://www.globalconfig.net.  You can find my contact info there for links to facebook, linkedin and so on.

TacACK : Again, thanks a lot for the interview Brandon. I really appreciate this and i bet so will all the CCIE(sec) candidates who read this!

Thank you! I appreciate being able to assist people in their journey to CCIE!

Wasn’t that a great interview! One thing i absolutely admire in Brandon and many other CCIE instructors is the fact that , despite their hectic schedules, they still keep aside time to talk to their students and answer their questions patiently. I guess that’s the difference between an instructor who is good and an instructor who is just plain Awesome. Brandon definitely falls into the latter category!

Cheers,
TacACK

There was recently a question on OSL regarding fragmentation on IPSEC and GRE tunnels. This was a shady topic to me and i decided to do some study on it. After some search, i found this incredible whitepaper from Cisco which had all the details that i was looking for. You can find the link to the document below.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

I love the graphics on the whitepaper which give us a detailed picture of the fragmentation process in tunnels and the different places where the packet can get fragmented in a GRE tunnel . I must say, this is DEFINITELY one of the most informative documents that i’ve come across and i hope it helps you as much as it did to me.

Cheers,

TacACK

EDIT : I have to admit, this paper pretty lengthy and time-consuming , so i would suggest giving it about 1.5 – 2 hours of quiet time for all of it to seep in . Again, that’s just what works for me

I have come across many awesome links through the course of the last 2 years of study and i will try and share them with you as much as i can.

Here are 3 of them which i was reading today:

• Control Plane Policing
  • http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
• Control Plane Protection
  • http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html#wp1121935
• Control Plane Logging
  • http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_cpl.html

These will not be available as a part of the standard CCIE-LAB documentation, but nonetheless,  i find these documents very good. They drive home the concepts very well and i’m sure they’ll help the reader get a clearer picture about the different Control plane protection mechanisms.

Cheers,
TacACK

After giving it some thought, i have understood that a very good way to improve my knowledge is by taking topics out of the CCIE-sec blueprint and doing my best to teach them.

I’m going to be taking on really tough sections of the ccie-sec blueprint and trying my best to give out some free lectures on them.

They are free because :

• I’m not doing this with the intention of making $.
• I will only charge if i feel i’m offering something which others are not. At this point, that’s not the case.
• And most importantly, i come from India and i know how hard it can get to afford even a moderately priced web-session( ~50USD ). So i’m hoping to give back to help people who want to get a start with their CCIE-sec without charging them money.

Also, they are free , not because:

• The content will be bad
• It will be conducted unprofessionally.
• The topics will be covered in a brief manner.

The first e-sessions will be as follows

SSL VPNs

• Dec 28th
• 9 PM IST to 12 AM IST ( 3 hours )

DMVPN

• Jan 2nd
• 9 PM IST to 12 AM IST ( 3 hours )

GETVPN

• Jan 4th
• 9 PM IST to 12 AM IST ( 3 hours )

I already have a list of people who are interested, but if there are anyone else who might be interested, please free to shoot me an e-mail.

Cheers,

TacACK

It’s been a while since my 2nd attempt ( about a week ) and i’m still wondering what went wrong. Yes, i failed my second attempt . What made it even worse was the fact that like my previous attempt, i flunked in both the OEQ section and the lab section. I guess that’s what makes this so hard for me to digest.

I was hoping to atleast clear the lab section if not for the crazy OEQs . But to be honest, i’m not sure what went wrong. I thought i’d done all the right prep, done my share of vol-1 labs , vol -2 labs. I might not be super-smart, but i’ve tried to squeeze every minute of my daily schedule to work on this for the last 2 years.

That’s what makes it disheartening.

I know there are some who have attempted many times and yet failed, but what i badly want to know is why i failed. Since cisco doesn’t tell us why, there’s fat chance of that happening.

Overall, i still think taking this positively is the right way to go for me, but that’s going to take sometime. Right now, i’m still a little down about the whole thing. But , one thing is for certain, i’m not taking another lab anytime soon. I want to master each and every topic before i even think of going for another attempt.

Secondly, i WILL not do dumps no matter how many times i flunk this. I hate dumps. I do not think people who do dumps deserve their CCIE digits. I don’t care if i become a ccie at 67 , but no dumps.

My plan of doing some tutorials is still on, but at the moment, i honestly don’t know when i’m going to be starting it. It will be soon though ( within the first 2 weeks of January ) .

Sorry to go emo on you, but since this blog reflects my CCIE-sec journey, so i put this blogpost in too.

Cheers,
TacACK

I’m hoping to launch a new project , for which i’m holding some test-runs very soon. I will be taking on a  topic in the CCIE-sec blueprint and i’ll be holding a full 5-6 class on it. Again, i’m not a professional and this is going to be the first time i’m going to be doing something like this. This trial-run is designed so that i can judge my strenghts , weaknesses , etc.

For this, i would like to request 2 ccie-sec candidates ( the ideal audience would be people who are just starting out with their CCIE-sec study ) , to be my guinea pigs . This will be a 5-6 hour session and i will try and cover as much about the topic as possible with detailed slides , labs and explanation. I will also have sometime reserved for questions/doubts that you might like to throw at me. I would be super happy if you can maybe spare the allotted time in your busy-schedule and take a seat in my e-class. Also, what i’m looking for is feedback on how the experience could be improved, etc.

Of course, all of this is free and i’m really looking forward to meeting you online and having a wonderful discussion about a CCIE-sec topic. If you’re interested , you can either shoot me an e-mail at tacack at tacack.com , or you can leave a comment to this post.

Cheers,

TacACK

I’m planning to start a new project and i need your help with a question that’s been bothering me. I kindly request you to take the poll (below) and let me know what you think is a good option.

Cheers and thanks!

TacACK

I spent a couple of hours tooling with FTP inspection on the ASA today. To be honest, prior to today, i didn’t know how exactly things worked. Anyways , after doing some study i now feel pretty confident about the technology , so i recorded a small video to share it with the rest of the ccie-sec community. Here it is!

Please feel free to contact me by either leaving comments to this post or sending me an email ( tacack at tacack dot com ). I’d really appreciate it if you could maybe point out some mistakes in my explanation/understanding.

Take care and have a great weekend!

TacACK