Whether you're an ATP Channel Partner or customer who has just implemented Cisco's TelePresence solution, Ascolta offers courses to fit your training needs.
You’re invited to come join us at the March 2001 Orange County Cisco User Group!
Topic:
En Pointe and RIM present RIM’s Mobile Voice Solution (MVS) integrating into Cisco UC
GIVEAWAY:
Cisco and RIM will be drawing a “BlackBerry of your choice” to one lucky attendee as a thank you for attending!
Here’s the details:
Roaming and Mobile users are no longer a thing of the future, they are a necessity NOW and they are putting demands, load and requirements on IT fast. Due to these rapid changes, cell phone manufactures are having to invent ways to help the end users with costs, functionality, reachability, and manageability. In this, Blackberry/RIM has taken the lead with developing the MVS solution which tightly integrates with the market leading VoIP platform Cisco UCM. This tightly integrated solution offers full functionality with cost and operational savings over a local, National and even global scale. From Cellular data network connectivity to anywhere WiFi, the Blackberry MVS integration with Cisco UCM helps companies and its employees stay productive in a ever changing environment.
Presenter Bio
James Gusman:
James Gusman has 10 years of experience in the computer and network industries. He works with many technologies over a wide spectrum, ranging from expert levels in WAN Technologies such as MPLS, BGP, and different types of tunneling protocols to voice/ video communications over IP networks and has expertise in deploying unified communication solutions in converged networks. James currently holds 43 active certifications across a variety of technologies and is working on CCIEs in Voice and Service Provider.
Please RSVP to OCCUG@cisco.com attention Dan Bogda.
Your RSVP is appreciated to ensure refreshments and accommodations for all members. Last minute RSVP’s please call Ascolta’s main line at the Irvine office at (949) 477-2000 x1 for questions, directions and any last minute information.
For the latest updates and news, follow us on Twitter and Facebook
Designed for mission-critical data centers that require exceptional flexibility
and security, the Cisco® ASA 5585-X Adaptive Security Appliance delivers
superior technology that spans multiple platforms and deployment scenarios.
the Cisco ASA 5585-X delivers versatile, always-on remote access integrated
with IPS and web security for secure mobility and enhanced productivity.
Unlike most security providers that force you to choose between a high-quality
firewall and an effective intrusion prevention system (IPS), Cisco combines
the world’s most proven firewall with the industry’s most effective IPS – with
guaranteed coverage – for a powerful security solution.
Presenter: Mirza Baig
Mirza Baig has been a Systems Engineer at Cisco for the last 3 years. He
graduated in 2006 with a Bachelor’s Degree in Computer Science from UCLA.
He holds a CCIE in Routing and Switching, and currently focuses on Cisco’s
Borderless Network Architecture, which includes technologies such as
Security, Wireless, Routing and Switching.
Attendees are asked to please RSVP by commenting on this post. Last minute
RSVP’s please call Ascolta’s main line at the Irvine office at (949) 477-2000 x1
for questions, directions and any last minute information.
If you’ve had a chance to join us for our world class training you’ve no doubt noticed that we are doing things a little differently. We have crossed over from the days of scheduling a class in one location and waiting for the students to show up. At Ascolta, we realize that the ongoing economic situation makes it difficult as a student to attend a class when additional costs of travel are involved. We also understand that while VoD training is very valuable, it’s no replacement for a live instructor that can field questions in real time, look over your shoulder during labs to offer advice, and make a personal connection as a mentor with a student.
So What Have We Done?
Basically we have extended our reach. We run a number of classes in a mixed mode where the instructor uses Webex in addition to a class with live learners in the same room as the instructor. This gives students the ability to learn wherever they are, while the instructor can still answer questions on the fly and “look ver the shoulder” of a learner in a virtual manner during the lab exercises.
Take that a step further and many of our offices are equipped with a Telepresence System in which the instructor can deliver from one of our offices and students can attend from a different office, in a conference room/classroom fusion type setting.
Moreover that same instructor may have students in the room, live via telepresence, and at the same time joining via Webex.
We believe this to be some of the most flexible options for learners in the industry.
What about the future?
We are constantly addressing our options to deliver training with more availability in the future. One area of interest is the Cisco umi which was recently announced. Quality audio and video extend the classroom to the living room, workplace, and beyond.
If you havent had a look at the Cisco umi here it is:
It’s amazing what you can acomplish with a Webcam and a google video chat account.
Conclusion
You can bet that Ascolta wants you to “Learn Something!” no matter where you are. We welcome any suggestions you may have and look forward to mentoring you personally, or your employees in the future.
Cisco has announced a number of changes to their professional and associate level certifications this morning. Here are the details:
Security
This morning Cisco announces the newly revised CCNP Security Track (Formerly CCSP). This track includes the following:
SECURE
IPS v7.0
FIREWALL
VPN
SECURE covers IOS Security Catalyst Switch Security. IPS v7.0 covers the Cisco IPS products including the 4200 Series IPS appliance, the AIP-SSM modules, the IDSM and Router Modules. The FIREWALL course is specific the the Cisco ASA product line with a heavy focus on firewall policy. There is no VPN covered in FIREWALL as there was in the SNAF course. The VPN course is exactly what it sounds like- its all VPN using the Cisco ASA. If you are migrating from Cisco VPN 3000 Series Concentrators to the Cisco ASA this is definitely the course for you.
This is a complete revision of the CCSP program and replaces that program and the CCSP will no longer be issues after October 2011. This is good news because if you are already working on the CCSP you can continue to do so. New candidates, or those wishing to get updated with new material including additional features introduced into later versions of code can schedule a class with an Ascolta Representative.
Voice
Changes to the CCNA Voice certifications have introduced some enhancements. The new “Introducing Cisco Voice and Unified Administration (ICOMM) v8.0” course and corresponding ICOMM #640-461 required exam are the core components of the CCNA Voice certification. This new exam replaces the IIUC and CVOICE exam. However, if you are currently working on this certification you can still take the old exams up until February 28, 2011.
Additionally, the CCVP has been renamed “CCNP Voice.” The new courses are:
As promised, here is a short IPv6 post. Actually, there isn’t much about this that’s IPv6-centric other then the address that I SSH to in the second to last step. At any rate, there are more tutorials to come. Enjoy!
Created with a trial version of ScreenSteps
In this short tutorial you will learn how easy SSH can be configured for use with IPv6 addresses.
Configure The Domain Name
Begin by configuring the domain-name on the router that will be accepting SSH connections. This domain-name is used in the next step where RSA keys are generated.
Generate RSA Key Pairs
Next generate the RSA key pairs that will be used by SSH.
Configure SSH v2
Using the command "ip ssh version" enable the use of SSH version 2.
Enter the VTY lines
Enter line configuration mode. In here you will be configuring the transport for SSH as well as defining the options for authentication.
Configure Authentication for the VTY
In this example we will use the local database for authentication. At the moment there is no username in the database, so we will go back and configure that later. For now, lets just enable local authentication.
Modify the Privilege Level (Optional)
For ease of use in a lab environment we can configure the VTY to place us at privilege level 15 once we authentication. I would not recommend this in a production environment.
Exit Line Configuration Mode
Now we need to back out of line configuration mode and configure the user in the local database.
Create a Local User
You can create a pretty extensive local database of users however it doesnt scale. It’s usually preferable to use an AAA server like Cisco ACS. In this case we keep it simple and create the user cisco with a password of cisco. The user is also given privilege level 15.
SSH to the SSH Server Router
From another router in your lab use the "ssh" command to connect to R3 (in our case). Notice that -l denotes the username that was configured on R3 in the local database, and -v denotes the version of ssh that we wish to use. Enter the password "cisco" to authenticate.
Verify The Connection
Back on R3 use the "show ssh" command to verify the SSH connection from R2.
Last week I had the opportunity to teach a ROUTE class in Glendale, Ca. The ROUTE exam is one of the new CCNP exams and just looking at the course book may seem like a slam dunk. However, don’t be surprised if you take the class, take the test, and don’t pass. This is because there is an eLearning module that accompanies the course and many students are overlooking that part of the training.
So while you may prefer an Instructor-led class, you still need to review the additional day’s worth of material. This is the best way to be prepared on test day.
On a regular basis I get questions about the difference between Mobility Anchors for usual L3 roaming and Auto-Anchor-Mobility. The latter is also called”Guest Tunneling” to accommodate Internet access for temporary users/visitors coming in to your campus and will use your WLAN infrastructure as foreigners which need to be isolated from your company network. The temporary, timed accounts are setup by the Lobby Ambassador, but I will cover this in a later blog.
Under normal roaming conditions, client devices joining a wireless LAN are anchored to the first controller that they contact. If a client roams to a different subnet, the controller to which the client roamed sets up a foreign session for the client with the anchor controller. However, using the auto-anchor mobility feature, you can specify a controller or set of controllers as the anchor points for clients on a wireless (Guest-)LAN. This controller will always act as the anchor for this WLAN. This will route all “guest traffic” to the designated controller which usually is put into your DMZ behind the firewall. This makes it far easier to enforce security policies, because the “guest-clients” are treated as “Internet outsiders.”
To use this feature, controller models 4400 or higher need to be used. A 2100 series controller can act as a foreign controller, but cannot be the auto-anchor for a guest wlan.
Due to its nature, this feature needs some open ports in the firewall if the controller is in a DMZ. Make sure ports UDP 16666, 16667, 161, 162 and IP protocol 97 can pass to the controller.
As a best practice Cisco recommends the “Two Legged approach”. For further info on this deployment method please check this support-forum link : https://supportforums.cisco.com/thread/2001113
This week Ascolta Instructor, Brandon Carroll, is teaching a class that has students in our Irvine Location where he is at, as well as Denver Colorado. He is using the Ascolta Simulclass method of teaching using Cisco Telepresence. Additionally he is using Webex to deliver the slide content to the remote student (It’s also on a large projector in Denver). Using webex he is able to markup the slides and in this case he is using an iPad to progress the slides and mark on them while moving through the classroom. Here is a short video that demonstrates.
In this information age it’s extremely valuable to filter out the noise and get right down to business with content that matters. That’s why Ascolta is now sponsoring the Packet Pushers Podcast, hosted by Greg Ferro, Ethan Banks, and Dan Hughes, where they discuss topics related to Cisco Networking and the likes. Head over to PacketPushers.net and subscribe to the podcast. The Packet Pushers can also be found on twitter so be sure to follow them.
If you’d like to follow Ascolta on your favorite social network you can find us on twitter as well as facebook where we share special offers and more technical content.
If you have ever worked with the ASA and the Modular Policy Framework you may have seen the “Strict” option for FTP inspection. This option does not allow embeded commands to be sent through a browser. It made me wonder, do people still use a web browser to FTP? Personally I use WSFTP or FireFTP on my Windows machine and CyberDuck on my Mac. Aside from preferences, lets see how this strict option works and can benefit us.
The following config is related to FTP Protocol Inspection:
Start by making an FTP connection through the ASA. With default values it should work. You’ll need to download a file to make sure that both the data channel and the control channel are working properly.
Next, create a policy-map type-inspect for FTP. THis is where you are going to specify that commands you want to deny. In this case we are going to say that the “get” command is not allowed. If the “get” is matched the action to be performed is a reset.
MyAsa(config)# policy-map type inspect ftp BLOCK_GET
MyAsa(config-pmap)# match request-command get
MyAsa(config-pmap-c)#reset
MyAsa(config-pmap-c)#exit
MyAsa(config-pmap)#exit
Next you want to apply the inspection policy map but you cant apply it all by itself. You have to apply it within a L3/L4 policy map. In the following configuration we are going to use the existing "global_policy" to apply out reset to FTP. You'll access the class inspection_default which is what the ASA uses to identify FTP traffic on TCP port 21. Use the "inspect" command to tell the ASA to inspect FTP, add the "strict" option and tie it to the policy-map type inspect that we created earlier.
The way that you test this is by dropping the previous FTP connection that you had up, and establish it again. The connection should establish. It looks like it works, but as soon as you try to grab something the FTP application you are using sends a "get" and the connection is reset. Use the following show command to verify.
MyAsa(config)# show service-policy
Global policy:
Service-policy: global_policy
Class-map: inspection_default
<—-text omitted—–>
Inspect: ftp strict BLOCK_GET, packet 105, drop 0, reset- drop 12
