matt2k4

Did anyone here get the CBT Nuggets video for Security+? If so, was it worth it? Also, what books would you guys recommend? Exam Cram?

Just came across this thread and though I would add what I have. Cable and phone patches: Rack: More Rack I have anywhere from 2 - 8 CAT5e drops per room (gives me the ability to change vlans by plugging into different ports in office, bedroom, etc...) that mostly hook into the L3 3550. Each wall plate has CAT5e, RG6 for cable, RG6 for SAT and CAT3. EATX server is virtual, running 8 VMs. Unfortunately, with one foot patch cables you find yourself not able to move the cable too far so I end up just changing VLANs on the port instead of actually moving the cable to another port. ;) When I actually get off my lazy ass and write ICND2, this will probably be a lot messier.

Yep, you're right. I had IPSEC on the mind.

Also, if all you are trying to do is vpn into your home network from the internet, you could scrap the idea of using the WIN2k8 box and simply IPSEC into your router using the windows IPSEC client. To do this, enter this config: aaa authentication ppp default group radius local ip name-server (ip of internal DNS server) vpdn enable ! vpdn-group REMOTE_USERS ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 username username password password ip local pool defaultpool 10.0.0.2 10.0.0.100 (make this something addressable in your network) interface Virtual-Template1 ip unnumbered FastEthernet0/4 peer default ip address pool defaultpool ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2 on your outside ACL, you will need: permit udp any any eq 1723 permit tcp any any eq 1723

You need to make sure the ACLs applied to the outside interface are allowing your IPSEC traffic through. On a Cisco 800 series ISR, I believe the WAN interface is defaulted to fa0/4. So what you would need to do is something like the following: int fa0/4 ip access-group incoming in (if you already have an ACL applied to the outside, just use that one) exit ip access-list extended incoming permit tcp any any established log permit udp any any eq isakmp log permit esp any any log permit etc....other various services you require deny ip any any log exit For the static translation, it shouldnt be much different than what you did for your RDP session. You will require something like this: **change 10.0.0.1 to the IP of your win2k8 server ip nat inside source static udp 10.0.0.1 500 interface FastEthernet0/4 500 ip nat inside source static esp 10.0.0.1 interface FastEthernet0/4 After you have this running and try it out, you should be able to see hits on the ACL. Do a sh access-list incoming and you will see the matches column, which should have incremented. Extended IP access list incoming 40 permit udp any any eq isakmp (802874 matches) 60 permit esp any any (350226931 matches) Im pretty sure windows IPSEC will be happy with isakmp and esp, you may need AH but only try that if you have no luck with the above.