RouteMyPacket's CyberSecurity Blog

IWAN = Intelligent Wide Area Network Intelligent WAN leverages IOS routing technologies to enhance traditional networks while reducing WAN bandwidth costs. Let's take a look at what IWAN is and what it can do for us. IWAN is based on four (4) components Transport Independent    - Consistent operational model    - Simple provider migrations    - Scalable and modular design    - IPsec routing overlay design Intelligent Path Control (Pfr)      - Dynamic Application best path based on policy/s      - Load balancing for full utilization of bandwidth      - Improved network availability Application Optimization (AVC and WAAS)       - Application visibility with performance monitoring       - Application acceleration and bandwidth optimization Secure Connectivity (DMVPN)       - Certified strong encryption       - Comprehensive threat defense       - Cloud Web Security for secure direct Internet access IWAN provides a flexible secure WAN design (DMVPN) a

What is Cisco ASA with FirePOWER? "FirePOWER" is Cisco's latest attempt to further strengthen their Security/Firewall platform. It has been argued for some time that Cisco have rested on their laurels of the ASA platform, allowing other vendors to sweep in and take the lead in the Next Generation Firewall (NGFW) race. Companies quickly came to the realization that it is imperative to have visibility past traditional Layer 1 through Layer 4. The growth of the Internet and the ever growing features and applications that companies leverage on the Internet has grown to be commonplace and continues to grow as more "Cloud" based resources are adopted. Traditional ASA brought about stateful packet inspection, and the ability to implement various modules (IPS, CSC-SSM) and was the standard bearer in edge security for some time. The PIX firewall was replaced and the ASA had arrived. As of 2012 Cisco had introduced their first line of NGFW, Cisco ASA w/ CX brought

The intentions of this blog are to provide myself with a means of documenting and sharing the various technology based solutions that I am working on or have worked on. It is my hope that taking the time to document my findings in this blog will help strengthen both my practical and soft skills on the various technologies and topics. Understanding the various technology offerings from the ground up, the "how" and "why" if you will of implementing that technology is extremely beneficial for those Engineers that fill a services or delivery role, as well as those that fill a Pre-Sales Engineering role. Some technologies I want to cover that I have come across or am currently working on are Internet Edge Security Solutions Cisco ASA and FTD Offerings Palo Alto Networks NGFW L2L VPN's SSL VPN's SSL Offloading and Decryption Endpoint Security Solutions (e.g. EPP and EDR) Cloud Access Security Brokers (CASB) Offerings ZBFW Solutions Client Identi

I have a customer who has multiple remote sites that require Internet connectivity. The current solution is very hands on in that someone must re-IP devices as they are moved site to site. This was a perfect opportunity to introduce DMVPN to this customer. The proposed DMVPN Solution for remote site connectivity is a multi-facet DMVPN configuration that utilizes multiple ISP connections, VRF Lite, and Zone Based Firewall technologies.  It is always my goal when developing a design strategy for a customer to stick to the basics, to provide a solution that not only provides scalability but one that is manageable. I always point out a familiar line from an architecture design book: " Think of the 2:00AM test, if you were awakened in the middle of the night because of a network problem and had to figure out the traffic flows in your network while you were half asleep, could you do it? " So many Engineers fall into the pattern of designing and configuring networks