Hello everyone! Thank you so much for following my CCIE Security Challenge. I sat the CCIE Security Lab Exam Version 3.0 in RTP North Carolina, USA yesterday.

Overall – what an amazingly enjoyable experience. I hit the Angus Barn the night before with David Blaire, the RTP proctor. What an amazingly awesome person he is. You will be very fortunate if you test at RTP – VERY FORTUNATE. He will make you feel relaxed and well cared for, and is very up front and clear about the ways in which he can help you try and pass. My only complaint was that the night before at Angus Barn – he made me try ostrich. Those poor giant birds. Even they could not escape our hunger for meat! I am complaining because the meat was really good. I am thinking about heading to the Lowry Park Zoo here in Tampa Florida with a really big knife. I figure I can get away with it since we are celebrating Halloween in the USA this weekend.

So if you are reading this, it is at this point where you are probably wondering if I am ever going to speak about my results…well – here goes:

I must have failed – by a few points – probably 8 to 10 points. I was not able to complete three 6 point tasks, so my chances of passing are slim to none. Yes, I fell into the classic case of needing just one more hour and being able to pass the exam with relative ease! As you will see from my rating scale below – it was indeed my technical knowledge (lack thereof) that failed me.

So now I am on to my new challenge! I will be one of the first to pass the new Version 4 blueprint. I am so incredibly excited. So excited in fact, that I started studying on the flight back! (FlexVPN).

By the way – here is how my four Cornerstones of Success held up for me. This is my self rating of how I did on those on a 10 point scale.

1 – Technical Knowledge – 4 (yes, this was indeed my big issue)

2 – Strategy – 8 (I almost passed the lab when I was truly not ready technically!)

3 – Psychology – 9 (my head was “on straight” for this attempt – again it drove me to almost pass)

4 – Physical Wellness – 10 (I slept like a baby the night before – and felt amazing throughout the exam!)

It was so flattering to be recognized for my Cornerstones of Success lecture at Cisco Live by many of the candidates in the lobby waiting to test! Another candidate was thanking me vigorously for teaching him QoS. I never cycled back with him after to see if he actually got those points! :)

So – you are going to watch me here at the blog (blog.ipexpert.com ) as I prepare for Version 4. And watch how technical we dive. Get your scuba gear ready my friends! I am going to get crazy technical (for me) and present challenges that are in the spirit of how Cisco would present them. I have a better sense for that than ever!

I am so glad that there will be plenty of seats for Version 4 in the near future at RTP- now I can go back to the strategy that works best for me – booking the lab the week before I am ready to crush it. I realized this time how much I dislike the approach of booking and then trying to prepare for that date. Yuck. Not my style.

Here are some nuggets for those preparing for their version 3 still:

• The exam consists of 3, 4, 5, and 6 point tasks
• Task value does an excellent job of conveying difficulty  or conveying the time it will take you if it is easy
• Troubleshooting is EVERYWHERE – it is crazy – trust the lab paper – do not trust your initials; the TS is NOT restricted to the tasks that are titled TS.
• I do not think you can solve this lab doing the tasks in order and pass  (but you knew that I am guessing)
• When you get a task or two that seems really bizarre with a technology you have never heard of – do not panic – everything was really easy to find in the Doc-CD; also that task will most likely only be worth few points. The task was laid there to check you on the DOC-CD and to mess with your strategy.

Anthony Sequeira
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

I am still deep into my weakest area – VPNs. I want to send a huge thank you to my friend and quadruple CCIE – Rohit of ACIT.in. He provided a workbook dedicated to just one thing – VPNs!

What are the labs I am working through now? How about every variation we can conceivably run into in the lab exam! For those of you that might be able to benefit – this list is as follows:

• LAN-to-LAN VPN between IOS and ASA without NAT
• Above with NAT-control Enabled
• LAN-to-LAN Between IOS to IOS
• IOS to IOS Using GRE
• SVTI
• DMVPN
• IOS ezVPN Server
• IOS ezVPN Client
• IOS ezVPN Remote Network Extension Mode
• IOS ezVPN Remote Network Plus
• IOS ezVPN Server Using DVTI
• IOS ezVPN Remote Using DTVI Client Mode
• IOS ezVPN Remote Using DTVI – NEM
• IOS ezVPN Remote Using DTVI – Network Plus
• ASA ezVPN Server
• ASA Clientless SSL VPN
• ASA SSL VPN
• IOS WebVPN
• GET VPN

Anthony Sequeira
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

If you have been following these last few days of my CCIE Security prep – you know that I have been really immersed in one of my overall weaker areas and that is VPN technologies.

In this post, I am going to provide information on the amazingly cool GET VPN capabilities and provide a configuration example. I know there are many CCNP Security candidates that have been following this blog series, so they can really benefit from this as well. In the CCNP Security, this information is important in SECURE and VPN.

GET VPN is a really clever method of enabling a full mesh of VPN connections that can be established dynamically. No longer will an administrator need to worry about the construction of point-to-point VPN tunnels that can be very cumbersome and tedious to create and maintain. Another awesome feature is that there is header preservation with GET VPN. So the solution can eliminate the need for things like GRE tunnels for protecting multicast traffic and NAT traversal.
Read Full Entry »

Yes – that’s right – another day immersed in my weakest overall area – VPNs. Specifically – today was hammering away on DMVPN following yesterdays stint with GET VPN.

What is the list of high-level VPN technologies that we need to be aware of for 3.0 – and beyond in the CCIE Lab Exam? Here it is:

• Router to Router Site to Site Classic with Pre-Shared or Certificates
• Router to Router Site to Site VTI with Pre-Shared or Certificates
• Router to ASA Site to Site with Pre-Shared or Certificates
• DMVPN
• GET VPN
• Clientless SSL VPN
• Remote Access VPN with Router or ASA
• Easy VPN

What are the extra goodies we need to be aware of? Here those are:

• GRE over IPSec
• Basic VRF-Aware IPSec
• AnyConnect VPN Client
• XAUTH
• Split Tunneling
• RRI
• NAT-T
• HA
• Basic QoS Features
• Troubleshooting Pre-built VPNs of All Types

Reminder – my ANKI Flash Cards are updated and available on the version 2.0 Ankiweb site. I am adding new cards EVERY day. Enjoy them.

Tomorrow is more VPN work – I will be sure to post a technical workup on a technology that we can be sure will be in the CCIE Security version 4.0 blueprint as well.

Anthony Sequeira
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

Well hello everyone! Several of the blog followers have requested that I detail each day of this final push to CCIE Security 3.0. They realize (correctly) that these final days can be make or break in the pursuit of CCIE and they wanted a glimpse of exactly what I am doing and what my psychology  is. What an awesome idea and I am happy to oblige.

First  - an announcement. My CCIE Security 3.0 Flash Cards are now available on the ANKI Flash Card 2.0 web site. You can go there to get the latest deck each day. Please note – I am indeed adding more Flash Cards everyday! So if you want the latest and greatest – be sure to visit there and download the new deck each day. Here is the link to the ANKI 2.0 Web site where you can retrieve the latest deck using a search on CCIE:

https://ankiweb.net

You should also note that this deck is appropriate for those studying for the CCIE Security 4.0 blueprint  - it will just lack the new devices like the ISE. The deck is also wonderful for those in pursuit of CCNP Security.

So what am I up to in these last days of prep. Well first, I need to tell you about a crossroads I hit a while back. Sure enough, I hit a point where I really had to decide if I would continue this pursuit. I was suddenly questing why in the world I was even doing it! Fortunately, that was right when a friend and coach introduced me to the Tony Robbins RPM Life Management System. This was pretty funny that I got turned on to an Anthony Robbins product since I have always been referred to as the Tony Robbins of Certification Training. A huge compliment indeed now that I have used one of his products and know what he is about.

You see, this system had me focus on what I REALLY want. That is the R in RPM. I decided, yes, I REALLY want the Security CCIE. But then the system makes you focus on the PURPOSE. Why do you really want it?!?! That was the piece that was missing for me. I thought about it and came up with the following list, in no particular order:

• To improve my live online training classes through a deeper understanding of security technologies
• To gain much needed hands on experience with the various security technologies
• To gain additional credibility in the Certification training space
• To be able to assist a much larger pool of students in their Certification goals
• To have a much cooler auto-signature in emails
• To feed my passion for network security in general
• To make my family even more confused about exactly what I do for a living

This step was so critical. And this step might be missing for many of our readers. Once I had this – I had an amazingly renewed energy for the M in RPM and that is my Massive Action Plan. I already had this plan laid out well and I have talked about it in previous posts – but if you are not completely clear on why you are doing the work, it is really tough to get the work done!

So what am I doing today (and for the next 20) – I am tackling only my weakest subject areas! You see, I do not need to worry about full labs as I have completed some and I know I can attack a full lab successfully from a strategic standpoint since I have done this so many time with the R&S track. All I need to do now is really deep, deep dive into the technologies that I am the weakest with. Today – I am tearing apart the GET VPN, and sure enough – NOT THAT HARD!!!! Woohoo! And it is fun!

You see, a hazard with leaving your weak areas till the last days as I have done is that you might let this undermine your confidence. You start allowing that fear of failure in the exam creep into your computer between your ears. No way Jose! Not for me. After all, if I experience a NOT PASS, I have the joy of what I have learned from the experience, and I have the privilege of learning some cool new devices for CCIE Security Version 4.

Thanks for reading, now I have to get back to some routers running the GET VPN, with a couple of ASA devices in between them!

Anthony Sequeira
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv