Don't forget

Don't you hate it when you make those simple mistakes?
I spent about 6 hours troubleshooting IPSec configurations on 2 routers trying to figure out why I can't get any traffic to go through the VPN. I said to myself "oh ya routes." I put in a couple static routes and they still were not working. I toyed with the configuration a bit then just started from scratch and tried different interfaces. I put everything in again and it still wouldn't work. I tried to remove the crypto maps from the interfaces to see if I could ping the distant network and couldn't. So I did a show ip route and noticed my static routes where not in there even though I put them in. At that point I just wanted it to work so I did a simple RIP configuration between them. I had it working within seconds after that. Now I was wondering why those static routes where not working. I checked them, double checked them, triple checked them and still nothing. Well come to find out I put them on the old interface that I was using between routers and the others I was using the local IP not the next hop router IP.
So now that I feel a bit dumb for making those mistakes (that I spent hours troubleshooting) I figured I would share it with the rest of you.
I spent about 6 hours troubleshooting IPSec configurations on 2 routers trying to figure out why I can't get any traffic to go through the VPN. I said to myself "oh ya routes." I put in a couple static routes and they still were not working. I toyed with the configuration a bit then just started from scratch and tried different interfaces. I put everything in again and it still wouldn't work. I tried to remove the crypto maps from the interfaces to see if I could ping the distant network and couldn't. So I did a show ip route and noticed my static routes where not in there even though I put them in. At that point I just wanted it to work so I did a simple RIP configuration between them. I had it working within seconds after that. Now I was wondering why those static routes where not working. I checked them, double checked them, triple checked them and still nothing. Well come to find out I put them on the old interface that I was using between routers and the others I was using the local IP not the next hop router IP.
So now that I feel a bit dumb for making those mistakes (that I spent hours troubleshooting) I figured I would share it with the rest of you.
Comments
BS in Computer Science
~Peanut
-Mayor Cory Booker
Thanks, funny you should mention that though as I just registered to take the test a few hours ago.
As far as materials go I used the Cisco press book, CBT Nuggets, and I searched the Cisco site for some items. Like other people have said, the CBT Nuggets is right on the dot so listen to everything he says. On the other hand I wonder if the author of the Cisco press book was afraid to leave something out. They did cover everything and with enough or more than enough depth but they also covered stuff that wasn’t even in the objectives on Cisco’s site like the chapter on SAN security. So if you use the Cisco press book I would suggest comparing the exam objectives to what you are looking at in the book.
The one thing I disliked about CCNA Security was the SDM configuration. I think they would be better off just leaving that out or at the minimum leaving out any SDM configuration that they expect you to be able to do via CLI.
Well next is 70-291 to finish up my MCSA.
Oh and just so you all know. Of the 9 areas VPNs was my second highest.
Good Luck finishing up your MCSA