Christmas is now over and done with….booo! Had a fantastic 2 weeks off spending it with the family, watching all the films they put on TV over Christmas and generally just eating way too much.
The break is now over and its back to studying so thought I would give a quick update while I’m on the bus on my way to work.
I was finding it quite difficult with motivation after the Christmas holidays to get back in the swing of things – after all 2 weeks off solid is a fair amount of time. A positive bit of news though is my CiscoPress CCIE Certification Guide Library (Vol1+2) finally arrived after about 2 months of being delayed – I was quite a bit excited to start going through this.
I looked at the OSPF chapter and decided to take the quiz “Do I Know This Already?” There are 16 questions in all about OSPF – A topic I was fairly confident on – wrote all the answers down and then checked them against the answers in the back. Wow was I surprised!! I got a total of 3 correct out of 16. The rest of the answers I had missing options or were just wrong. My ego certainly took a beating. I am hoping this is down to the fact that I haven’t studied since before Christmas and was not really back in the swing of things. I felt rubbish for the whole next day, thinking about the failure.
After a day of moping I finally decided I needed to get back in to it properly and study harder….
I came across a CCIE book – not a technical book – but it was about 2 guys that had done their CCIE journey and written about it with tips and guidance on how they did it. Its not a very long book and didn’t take me more than a few hours to read – split up over a few days – however it was quite inspirational I thought and gave me that extra bit of motivation I needed.
So last night I completed the VOD series on IPSec and decided to attempt the first lab. Now I had done a lot of VPN work in the past so had a fairly good handle on what needed to happen in order to make this work. So I started the first lab which was the old crypto map style of IPSec, I thought it wouldn’t take me long and then I could focus on the new method of IPSec using VTI’s.
I loaded up my initial configs through the menu system of each router. Completed the routing side of the task and had reacability from 1 IPSec router to the other – Great!
Next I started on the crypto configs. Did the ISAKMP settings for Phase 1, IPSec settings for Phase 2. Checked and the tunnels failed to estabilish. OK no problem – checked all the configs – all matched, crypto maps – again were a mirros of each side. I tuned debugs on both the routers….nothing. Stumped me for a while but I had forgot to add the crypto map statement to the interface. OK easy mistake – corrected that. The tunnels established finally! Tried a ping – FAIL!
What was wrong now? I checked all the configs over again, the tunnels were establishing, packets were being encrypted from the side sourcing the pings and being decrypted on the other end of the IPSec tunnel but no reply and nothing was getting encrypted back the other way. I was troubleshooting the IPSec config for a while, even went as far as reloading both routers. In the end I managed to find the problem. It was with the interface configuration. The interface on one of the routers didn’t have an IP address. It had a loopback address – which was what I was trying to ping to and from but had no outbound interface so had no where to go. Finally after resolving that it worked and the pings were flowing. I checked the time it took on that lab – 1hr 35mins WHAT!!!!!!! That little exercise took an hour and 15 minutes longer than it should have just because I didn’t check the interface IP address – still lessons learned – make sure you check your initial configuration first!!
I think I am going to have another attempt at the lab tonight and see if i can get my time down considerably on this. Practice Practice Practice!!!!
Edit:
Tried it again in the evening and got it down to 26 minutes 😛