Goal Given Up

If you have read my profile or looked at anything I do then you know that I was working on getting my CCIE in Security. This was a goal that I had started about 5 years ago. I already had my CCSP and thought that this was a good next step for me, I was working at a job that had plenty of equipment for me to work with and would provide me the time to study. I passed the written and had my lab scheduled for a year after that. I purchased the INE training workbooks and video on demand and thought I am ready to start this endeavor. Unfortunately due to job changes and such I put the CCIE on hold, thinking I may never do it again.

2010, Another job change and a chance to pursue this goal. I decided it was important for me to get my CCIE so I started on my trek for it. I still had my old training materials and figured now was the time. I discussed it with my employer and they didn’t want to help me finance this endeavor or provide me with time off to pursue it. So this was going to be self funded goal. I looked at the household finances and thought okay we can afford this. After discussing with my family I got their support and decided to make a go of it. I started down the path again of studying for the written. I put in a good year of study and reading before I took the written again at Cisco Live in 2011. I passed with flying colors and then scheduled my first lab attempt. I scheduled my first attempt for May 1, 2012. That gave me about 10 months of study time it also allowed me to take a class at CCBOOTCAMP about 3 months before the exam. I got home from Cisco Live and immediately started putting together my lab. While I was acquiring the pieces for my lab I started watching all of the INE videos that I had purchased a few years ago. They had updated the videos so I bought the new ones and watched both the old and new multiple times. I also thought that getting some audio content would be good so I ended up purchasing the Audio from IPEXPERT. I spent a good month watching videos and listening to the audio content when I couldn’t watch the vides. I also put together my lab for the INE workbooks, 10 routers, two ASAs, 1 IPS, 2 switches, and one ESX 4.x box that would host both PC and ACS server, not cheap but it would allow me to study whenever I wanted to. I spent the next 2 months doing all of workbook 1 going over each lab until I knew it. Unfortunately since work wasn’t helping me my study times were early in the morning until work and then late at night after work after putting my son to bed. I spent the next several months doing the workbook 2.

January came and it was time for my class at CCBOOTCAMP. I took a week off of work, and I went to LV. I was really afraid that I still wasn’t ready for the test or the class, this class was a chance for me to see how good I was and if I was even close to being ready to take the test on May 1. I still had time to cancel the test and reschedule if needed. The class was great, I learned a couple of things I didn’t know, but for the most part I came away feeling really confident on my skill set and that I would be ready to take the test in 3 months. I got home and while still working on Workbook 2 labs, I decided to intersperse it with Workbook 1 labs and also rewatching all of the videos and listening to the audio content again.

May 1, 2012, I flew up the day before to San Jose. I got to the lab about 20 minutes early and walked around the campus to help calm my nerves. 8:15am the lab starts I open the book and look at the topology and start getting really nervous. I had an issue focusing and not being able to follow the traffic flow. I spent at least a good 30 minutes looking over the topology and calming myself down. When that didn’t work I decided to just start configuring and go from there. At least get some points on the board. That helped immensely I calmed myself down and was able to start working the topology. I spent the next 8 hours working my butt off. As I figured there was at least 1 thing I hadn’t seen before, I found it in the docs and configured it what I thought was correctly. When I left the lab that night I was really confident in what I had done. I thought I had done really well and if I hadn’t passed I had to have been really close.

May 2, 2012, I get my score report and I did horribly. I spent the next day at work wondering how it is that I screwed up so bad, I couldn’t see it. I thought I had done it all correctly, or at least deserved better than I got. I was depressed and felt like a total and utter failure. I was so embarrassed by what I had done that I was ready to give up there. My wife said I should try again, and I said “no”. I said “I have no idea what I missed and it would just be a waste of money”. I spent the next several days in a really depressed funk and not happy at all.

About a week after the test I finally decided to write down everything that was on the test and all of the questions from memory. I started to realize that I had misread stuff and didn’t give them exactly what they wanted. That I had made mistakes and it was my own fault for not passing. I discussed it again with my family and decided that it was worth it to give it another shot. I realized where I had made my mistakes and I thought that I could fix them. I scheduled my next attempt for 2 months out for the beginning of July. We would be on vacation and up in Santa Cruz. I could save myself the travel costs and drive over for the test. I spent the next 2 months solely working on labs, trying for perfection I also threw in Yusuf’s labs from his book, since I had memorized the labs from INE. I also went back over and did the labs from CCBOOTCAMP. I tried to put everything in front of me that could mess me up and give me as much variety as possible.

2nd Attempt, I arrive at the facility and sit down and look over the topology. I am much more comfortable this time. I spend the next 8 hours pounding through the lab, having few difficulties. I leave and believe that everything is working correctly. I get my score report that night this time, while I did much better. I still missed it by a few points. I thought may be something was misgraded and figured what was worth $250, so I asked for the regrade. About 2 weeks later I found out that the score was the same I will not be a CCIE.

As I sit here and write this I have realized that I am not nearly as upset after this attempt as I was my first. Based on factors outside of my control, I am giving up this goal. I don’t have the money to try for a third time, and the reality is even if I wanted to there are no lab dates to be had since v4 was released. I have also enjoyed having my freetime back and spending time with my family again and not always feeling guilty that something is taking away time from studying. I did think about v4 and looked over the topics, based on what is the on the lab and the fact that I will never see most of it in production I am passing at this point. I have sold off my existing lab equipment to pay off my Credit Card that has seen a lot of work through this endeavor. I am not bitter or feel that it was a waste. While I spent a lot of money and time on this and while I didn’t achieve my goal I did learn a lot and did reinforce a heck of a lot of information into my head.

As I look to my next goals, my CCSP expires in November so I need to get cracking if I hope to get my CCNP Security before then.

REGEX – What a pain…

As I have embarked on my path towards the CCIE I have come across a lot that I am not familiar with.  One of those that has given me great pause has been regex.  At its surface it seems simple enough text matching.  As I have gone through my studies it has been anything but.  I am still learning all of the nuances of this and luckily I have had some projects at work that have helped strengthen that knowledge.  So here are some of the regex’s that I have been working on for work and why I did them.

We are whitelisting allowed websites on our Websense appliance initially I went with this webex:

(http://|https://) *.facebook.com

Yes we do allow Facebook from our registers, we are a hip social company and our stores need to be able to inform the kids as to what is going on.

However I ran into an issue when some did something like this and was able to bypass the whitelist or I guess I should say was able to use the whitelist to get out:


I then did some looking and realized what I needed to do was disallow special characters before the domain.  DNS doesn’t allow for certain special characters to be in the domain name and they should never show up between http:// or https:// and the domain name, so I then came up with this:


That managed to fix everything, the pen tester’s weren’t able to get past it and it managed to save us a fair bit of trouble.  However I ran into one additional problem, what happens if the website or the user didn’t put a subdomain in front of facebook.com?  Well then it would fail.  So I ended up going with this regex which has solved all of my problems and everything seems to be working fine now.


Throughout all of this I was using the ASA as my primary vehicle for testing the regex expressions.  With the command:

Test regex (regex) (pattern to match)

caasa1(config)# test regex http://www.facebook.com “(http://|https://)[^///()]*facebook.com”
INFO: Regular expression match succeeded.

caasa1(config)# test regex http://www.yahoo.com/?www.facebook.com “(http://|https://)[^///()?]*facebook.com”
INFO: Regular expression match failed.

The only main gotcha with this is remember to hit ctrl+v before you put in the ? or the ASA will think you are querying for help and take you to the help menu.

What I learned at CCBOOTCAMP

This week I spent my own personal money to attend a bootcamp in the pursuit of my CCIE. I had plenty of choices and options of where to go and where to take it.  I choose CCBOOTCAMP, because I was already watching the videos from INE and doing their labs and IPEXPERT just didn’t fit within my schedule, also the travel to their training location was out of my way.  I took the class in Las Vegas and stayed at a hotel within walking distance to try and minimize as much as possible the cost to me.  I am footing the bill for this myself since my company is less than interested in helping me.  This is something that I wanted to do and so I am doing what I think it takes to make it happen.

I came into this week being very nervous that I was going to be behind everyone else and not know enough and basically waste this week and my money.  I have been studying for the past several months labbing as much as possible and some days it just doesn’t feel like enough.  I was pleasantly surprised to come out of this week and be able to do most of the tasks with little problem and only referencing the docs for the stuff I had no idea on or was questioning the syntax.  Of course I reaffirmed that I have weaknesses that I have to work on, and that ther eare certain areas I need to focus on for the next couple of months.

I also learned something else even more important I need to attack the test like a composer does a score rather than a musician playing their small piece.  What I mean by that is I have bright points where I am very good and can breeze through tasks much like a Flutist or a Cellist playing their part.  What I need to get good at though is being the Composer and knowing each and every person’s part and knowing when to bring them in and when to use what technology.

This was a good week for me, it helped me to build confidence in that I was actually learning the information and that I had a chance of being ready to tackle the test in May.  Hopefully I can keep moving forward and solidify my knowledge in the tasks where I am lacking and become the well rounded composer that I need to.

The way I had this worked out was that my lab fee is due next week and I wanted to make sure that I was somewhat before I paid the $1500 and started making travel arrangements for the test.

To all my fellow composers out there, I wish you the best of luck in your studies.

If anyone cares about my experience with CCBOOTCAMP or anything else associated with it let me know and I will tell you.

Studying for CCIE Security and using GNS3 for now

I am in the process of studying for my CCIE Security Lab and at this point I am still trying to collect hardware as cheaply as possible, since money is an object for me.  So in the meantime I am working with GNS3 and trying to use virtual equipment to help me along and get some of my studies accomplished.  So far I have ran into a few issues that are killing me:

1. The issue with c3700 units.  No matter what I did I couldn’t save the configurations out of the 3700s.  Turns out there is a bug in the code that doesn’t allow you to save the configurations to the startup config for this model of router.  Solution, don’t use them.

2. Transparent mode in the ASAs doesn’t work at all.  You can create the configuration for the ASA and put it into transparent mode, good luck getting it to pass traffic.  Solution, buy em or rent em.

3. The setup for Micro Linux running in QEMU.  Got it loaded and hooked up to a router, but actually configuring the interface was a little more of a pain.  Logging in as root isn’t the same thing as logging in as root on a normal linux machine.  Here is brief snippet for configuring a Micro Linux instance and giving it an IP address.

tc@box:~$ sudo su
root@box:~# ifconfig eth0 netmask up
root@box:~# route add default gw

4. Multiple context mode is a no go on the ASA as well.  Solution, buy em or rent em.  Looking for some cheap prices on them at this point.

Other than these issues things are working out pretty well on my virtual lab.  I still have a long road ahead of me before I will be ready to take the test.  I am working on speed at this point and doing the workbooks from INE.  I hope to be ready by Jan or Feb of next year.

Mostly put this together so that anyone else trying to do what I am doing can find the information in one place.