Hello Mohammed, Shame to hear that you failed the test. I know it has become much harder.
For me, the troubleshooting of a VPN, independent whether pre- configured or not, is always a combination of debugs and shows. usually, I first check the configuration on both sites to see whether phase 1 would come up anyhow. Commands like (on the asa) show start | begin crypto isakmp and show run crypto map help a lot. If I see a misconfiguration, such as pre-shared-key, policy settings, transform sets, I tend to fix them first. Then I do the debugs debug crypto isakmp deb crpt ipsec term mon And initiate the tunnel. Based on the output of the debug, you can see where the tunnel then fails. 9 out of 10 times, the debug in combination with the configs tell me what the issue is. Of course, field experience with this helps a lot. Since I do a lot of VPN's, I know most of the ISAKMP phase messages and know which error message is caused by which config error. Hope this helps a bit Kind regards Pieter-Jan On 21 jul 2009, at 08:17, Mohammed Gazzaz wrote: > Hi, > > Last Thursday, I > failed my second attempt by only 10%. Compared to my first attempt, I > did a lot better and silly mistakes cost me the exam. I also > panicked again > and didn't pay attention to the small details. > > Maybe I was lucky > but Open ended questions were very easy and I answered them in 10 > minutes, probably I could have answered them in 5 minutes but I didn't > want to rush. > > My time management was again not good and I lost a lot of points in > troubleshooting VPN questions. > > Can you guys give me some tips on how to approach this part of the > exam? > > I > mean I know how to configure different VPNs from scratch but to > troubleshoot pre-configured devices is a different matter. I can use > debug and show commands but probably I will spend a lot of time to > solve the issue. > > Any help will be appreciated. > > Regards, > Mohammed Gazzaz > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's > FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
