Category Archives: jncie-sec

Passed JNCIE-SEC !

After a bit of struggle, finally I have passed JNCIE-SEC exam. It was a bit long journey for me. I studied every topic in detail, read thousands of pages and did hundreds of labs. If I should do a self-criticism; when I look back now, I can tell you that I over complicated the things and studied way more than what the exam requires but the bright side is that I learned a lot during my studies. However I must also add that exam isn’t that really easy and completing the tasks requires really meticulous work. I have also completed all official Juniper trainings including JNCIE-SEC bootcamp so if you can take these trainings they really help.

What I am saying now might look so trivial but believe me I have a reason to list below items but since there is NDA, I won’t give any details but only tell you;

  • Listen to your proctor before starting the exam VERY carefully.
  • Read every pages, every paragraph, each word VERY carefully without assuming anything on your head. I mean literally everything.

Although having a good sleep is also very crucial, on this succesful attempt I was 30 hours awake when I started the exam due to which by the end of the exam my brain almost stopped working hence do something and have a good sleep!

Lastly, I wish perseverance and a bit of luck to those who prepare for this exam.

Genco.

JNCIE-SEC: IPSEC VPN between SRX and Cisco

In JNCIE-SEC exam, one of the IPSEC topics is “Interoperability with 3rd party devices”.
In one of my previous post I had already written about this but this time, I will do
policy based VPN on SRX side.

IPsec VPNs

ipsec_cisco_srx

Continue reading

JNCIE-SEC: Traceoptions & IPSEC troubleshooting

In IPSEC topic, I am continuing with traceoptions and troubleshooting section. In this post, I will try to explain how I troubleshoot IPSEC VPNs mostly initial setup.

IPsec VPNs

NAT

  • Implementation of NAT
  • Source NAT
  • Destination NAT
  • Static NAT
  • Implementation of NAT with IPSec
  • Overlapping IPs between sites

ipsec_multipoint_route_policy_based_vpn

One of the challenging parts of JNCIE-SEC must be the troubleshooting part for which I need to understand under what sort of problems what type of error logs are generated. Because of this, I enabled IKE traceoptions and simulated several type of possible problems and observed the error logs.

But first let’s see how a successful IKE Phase 1 and IKE Phase 2 log looks like;

PS: All errors below are between ike peers 192.168.179.2 and 212.45.64.2

IKE & IPSEC SUCCESSFUL LOG

Phase 1

You can see the “IKE negotiation done” log in here.
Continue reading

JNCIE-SEC Multipoint tunnels/Policy and route based VPNs

After the introduction to IPSEC a little bit, I am following with the second task and third task in the list which are Multipoint tunnels and policy/route based VPNs. Some of these individual tasks have overlapping case studies because of this I may not write a single post for each task.

IPsec VPNs

NAT

  • Implementation of NAT
  • Source NAT
  • Destination NAT
  • Static NAT
  • Implementation of NAT with IPSec
  • Overlapping IPs between sites

Our case study is that we have a company headquarter of which is in Amsterdam and has two offices in London and Paris. We will connect these two offices to Amsterdam HQ via an IPSEC tunnel. London office is route based and Paris office will connect via policy based VPN. Protected networks are assigned to ge-0/0/1.0 interface of each SRX device.

ipsec_multipoint_route_policy_based_vpn
Continue reading

JNCIE-SEC IPSEC & NAT

Below is the list of topics for IPSEC and NAT that you may see in JNCIE-SEC exam according to exam page. I will not only talk about exam topics but also in general about protocols and my troubleshooting tests. I would like to start JNCIE-SEC with IPSEC as I have lack of knowledge in this topic. I also would like to improve this JNCIE-SEC journal with the help of readers. You are encouraged to send your own case studies. Just for your information, the content I am going to create about this exam is all about my interpretation of the topics published by Juniper. I may not adhere %100 to exam topics and from time to time I can write about something that isn’t relevant to the exam. Without further ado, let’s begin the journey;

IPsec VPNs

NAT

  • Implementation of NAT
  • Source NAT
  • Destination NAT
  • Static NAT
  • Implementation of NAT with IPSec
  • Overlapping IPs between sites

Continue reading

JNCIE-SEC preparation

I have taken the first step and scheduled my JNCIE-SEC exam for November. I think I have sufficient time to finish my studies. I will also try to share my case studies as much as I can, since case study is the best way for me to learn any topic. Recommendation for these type of difficult exams is usually over study. Considering the high failure rate of this exam, I must prepare for topics more than they are required. I don’t know if I can do it or not but wanted to write it somewhere like my blog:) My primary guide will be the list at http://www.juniper.net/us/en/training/certification/resources_jnciesec.html address. I will go through the topics one by one to see how I am confident with each. I am wishing patience to myself!