Saturday, June 29, 2019

CCIE Security: Troubleshooting (Ticket #1)

So in getting ready for the CCIE Security lab this year, I've been spending some time trying to come up with my own troubleshooting scenarios. The process for this, if you're curious, is normally born from practicing config and noting issues that come up when I misconfigure something. Then I'll try to layer it with other similar or related issues. Alright, so let's write this one up, standard sort of CCIE-ish rules apply.

  • Changes must be specific to issue you're troubleshooting (i.e. Make your changes as specific as possible)
  • Do not remove any security related configuration. Only adjust or add configuration to correct issues.



R1 and R2 are connected via ASAv1, running in transparent mode. The two routers have (2) loopback interfaces, Loopback1 and Loopback2 addressed as 10.x.x.1/32 and 10.x.x.2/32 where X is the router number. Loopback1 should be learned via OSPF, and is used for BGP peering whereas Loopback2 is advertised by BGP. Neither OSPF or BGP peerings are successfully forming, troubleshoot and resolve so that both routers establish OSPF and BGP peerings. Ping both of R1's loopback interfaces from both of R2's loopback interfaces to confirm you've resolved the issue. Additionally, match the output below to both routers.

Super Complex Network Diagram

Download Intitial Configs

R1 Output:

R1#show ip route | inc ^B|^O                        
O [110/2] via, 00:09:48, GigabitEthernet1
B [20/0] via, 00:08:54

R1#show bgp ipv4 unicast neighbors | inc md5
Option Flags: nagle, path mtu capable, md5, Retrans timeout 

R2 Output:

R2#show ip route | inc ^B|^O                        
O [110/2] via, 00:11:47, GigabitEthernet1
B [20/0] via, 00:10:52

R2#show bgp ipv4 unicast neighbors | inc md5
Option Flags: nagle, path mtu capable, md5 

Alright interwebs, have at and let me know what you think. Find the solution(s) here.

Tuesday, June 25, 2019

This Blog is getting an overhaul

I'm changing the name, and theme of my blog and website. NetworkKnerd is no more, and I'm (slowly) moving everything to Hop16. Mostly because I was tired of NetworkKnerd, but also because my focus on Routing and Switching has been less and less over the years as I've transitioned into a more network security focused role professionally. I'll keep this post short and sweet, just to serve as a heads up so when re-directs go into effect in the next couple of weeks there's some reference as to what's going on.