My everyday browsing activity for refreshing my Cisco technical knowledge includes visits to various blogs and websites that I have found over the years and that I believe are among the best Cisco resources you can find in the web in addition to the official cisco.com site. These sites are all maintained by industry experts and offer unique information about Cisco networking technology. You could of course find almost anything you need from the official Cisco site, but this website is so huge and sometimes difficult to navigate that makes it difficult to dig in things.

Here are some of the Cisco related blogs that I visit regularly:

• 6200 Networks (By Joe Harris, CCIE# 6200)
• Blindhog.net (a site dedicated to helping people learn Cisco, Linux and VOIP technologies)
• CCIE Blog (Allows you to create your own Blog and also hosts feeds from various Cisco related blogs)
• Ethereal Mind (By Greg Ferro CCIE# 6920)
• Human Modem (By CCIE# 19747)
• Mr. Configure (A Quick Reference for Routing, Switching, Cisco & Juniper)
• Cisco Blog and Forum (Open Discussion about Cisco, By Jeremy Cioara )
• Should Have Gone With Cisco (By Ted Romer CCIE# 21785 )
• Aaron’s Worthless Words (By Aaron Conaway )

For advanced home users or for SOHO and Branch offices, the Cisco ASA 5505 Firewall appliance is an excellent choice to use for network protection. Its Adaptive Security software is the same used for the whole range of the ASA series, so you can be assured that the 5505 will offer you also top-class security and flexibility like the higher end models. If you have decided to purchase an ASA 5505 online and you are in the phase of selecting an online store, then I believe that Amazon is the best choice for the following reasons:

1.      I don’t know about other products, but specifically for the Cisco ASA 5505, Amazon offers the cheapest price online. It’s even cheaper than ebay. At the time of writing, the cheapest price for the ASA 5505 at ebay is $380 while at Amazon is $360 (including shipping).

2.      The ASA 5505 at Amazon is eligible for FREE Super Saver Shipping within the US.

3.      Amazon is probably the most trusted and reliable name for online purchases. The A-to-Z Guarantee Purchase Protection offered by Amazon ensures a safe buying experience.

4.      Before buying a product from Amazon, you can read other customer’s reviews for the same product in order to get a better idea whether this product suits your needs.

5.      For the Cisco ASA 5505, Amazon provides also special offers and product promotions together with suggestions for related products to purchase.

There are basically three software license types for the ASA 5505 according to the number of internal users (hosts) that will be protected by the firewall.

• ASA 5505 with 10-User license
• ASA 5505 with 50-User license
• ASA 5505 with Unlimited-User license

One of the new additions in the Cisco ASA 7.x and 8.x software image is the ability to configure Quality of Service for VoIP traffic, something that was found only on IOS routers in the past. The ASA supports now Low Latency Queuing (LLQ priority queuing) which lets you prioritize certain traffic flows (such as latency-sensitive traffic like voice and video) ahead of other traffic.

In its simplest form, you just enable priority queuing on an interface and select with an ACL and a policy map which traffic should pass through the priority queue of the interface. All other traffic will be passing through the “best effort” queue. For example if we have FTP data traffic (which is usually a long packet) together with a VoIP packet, the VoIP will be served first by the interface (priority queue) while the FTP packet will be served in a best-effort basis.

In our example below, we present a usual scenario in which we have two (or more) sites communicating through a Lan-to-Lan IPSEC VPN via the Internet. Between the sites we can have both data and VoIP traffic communication. Although we can not enforce real QoS through the Internet, at least we can ensure voice traffic prioritization on the firewall interface.

From the diagram above we assume that we have already configured the IPSEC VPN and is working properly (i.e both subnets 192.168.1.0/24 and 192.168.2.0/24 can communicate via the tunnel). The example configuration below is for the ASA-1 firewall and should be applied accordingly to ASA-2 for better QoS performance.

! Enable a priority queue on the outside interface

ASA-1(config)# priority-queue outside
ASA-1(config-priority-queue)# exit

! Select VoIP traffic for prioritization

ASA-1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq h323
ASA-1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq sip
ASA-1(config)#access-list VoIP-Traffic-OUT extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 2000

ASA-1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq h323
ASA-1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq sip
ASA-1(config)#access-list VoIP-Traffic-IN extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 2000

! Match the ACL and traffic with Expedited Forwarding (EF)

ASA-1(config)# class-map Voice-OUT
ASA-1(config-cmap)# match dscp ef
ASA-1(config-cmap)# match access-list VoIP-Traffic-OUT
ASA-1(config-cmap)# exit

ASA-1(config)#class-map Voice-IN
ASA-1(config-cmap)# match dscp ef
ASA-1(config-cmap)# match access-list VoIP-Traffic-IN
ASA-1(config-cmap)# exit

! Configure the actual policy that will be applied to the interface

ASA-1(config)# policy-map VoicePolicy
ASA-1(config-pmap)# class Voice-OUT
ASA-1(config-pmap-c)# priority
ASA-1(config-pmap-c)# exit

ASA-1(config-pmap)# class Voice-IN
ASA-1(config-pmap-c)# priority
ASA-1(config-pmap-c)# exit
ASA-1(config-pmap)# exit

! Apply the policy to the outside interface

ASA-1(config)# service-policy VoicePolicy interface outside

As of September 2008, the certification requirements for the Cisco Certified Security Professional (CCSP) have changed. The old certification required five exams but the new one requires four exams (three mandatory and one elective) plus the CCNA security as a prerequisite. If you already hold a CCSP, then in order to recertify you just need to pass ANY 642 exam that is part of the professional level. This will renew your CCSP certification for three years.

Professionals certified with the Cisco CCSP qualification are also recognized as INFOSEC professionals (4013 standard). The 4013 training standard is suggested by the National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

The Table below shows the exam requirements for obtaining the new CCSP certification: