Last weekend got a call from my Boss, he asked if I can perform a activity for one of my colleague's customer account since he wasn't well. During the activity I was supposed to create Site To Site AKA Lan-To-Lan IPSEC tunnels from a customer NOC towards customer Data Center & customer DR site. Now that's fine, I mean I know how to setup such tunnels from Routers or ASA firewall but to surprise the customer was running Checkpoint R-75 based UTM on NOC side while they had Cisco's old 3000 Series VPN concentrators on the DR/DC sites. Now it's been almost 6-7 years I had worked on checkpoint and had never worked on VPN Concentrators. But 6-7 years back I worked on Nortel Contivity box which was much like Cisco's VPN concentrator.
So it was like Dahhh!!!!
So day before activity I went back home and starting thinking about how can I complete that activity. I had couple of options to begin with actually.
1. To call any of friends good with Checkpoint or working specifically into Security domain for quite a while and of course there was long list of SOC Engineers :)
2. Why don't spend some time to study the stuff and do it myself.
And of course I chose second option :)
I remember I had CBT Nuggets some where covering cisco's old CCSP CSVPN exam. Later Cisco stopped making VPN concentrator boxes and exam died. So I spent nearly 2 Hrs going through CSVPN Vidoes from CBT nuggets and Also spent almost 2 hrs more on reading through my old checkpoint books. Did I tell you back in 2007 I passed by Checkpoint CCSE NG exam which was a expert level certification from checkpoint. Though R-55 I worked on was significantly different from today's R-75. But since Checkpoint is a GUI based firewall so it doesn't take much to figure out the stuff.
Anyways I reached at customer site on weekend after 2 hrs drive and all it took were 20 mins approx to setup up tunnels and making other network changes to complete the activity successfully.
So it was worth to keep that old stuff on my HDD some where and it saved my tale :) years later.
HTH...
Deepak Arora
Evil CCIE
No comments:
Post a Comment