Network Engineer Cisco
Resume:
ASHISH
NETWORK ENGINEER
ac7cgd@r.postjobfree.com
Professional Summary:
Network Engineer & Security Analyst with 8+ years of working experience in Network Infrastructure, Security which includes designing, deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols, routing, switching, configuring, implementation, troubleshooting of complex networking system.
Working experiences with Routers, Switches, Load Balancers, Firewalls and Proxies.
Excellent hands on experience in configuring Cisco Nexus 2248T, 2224T, 5548P, 5596T, 6000, 7010, 7018, 7710 switches. Also implemented VDC and VPC on the Nexus 5505, 7010, 7710 switches.
Hands on experience in performing various configurations on Access, Distribution and Core layer switches like Cisco Catalyst 2960, 3750, 4507, 4010, 6506, 6509 switches.
Hands-on experience in implementing and troubleshooting Switch technologies such as STP, VTP, 802.1q, VLAN and MPLS.
Experienced in configuring, deploying, maintaining, and troubleshooting of routing protocols like RIP, OSPF, EIGRP and BGP on Cisco 1800, 2600, 3600, 7200 and 7600 routers. And also performed Policy based routing.
Proficient in configuring and troubleshooting route Re-distribution between Static, RIP, EIGRP, OSPF, and BGP protocols and also in Route Manipulation.
Expert level knowledge on IP Addressing, Subnetting, VLSM, OSI model, TCP/IP model.
Using IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.
Proficient in implementing first hop redundancy protocols like HSRP, VRRP, and GLBP.
Understand the JUNOS platform and worked with IOS upgrade of Juniper devices
Hands-on experience in creating security zones and security policies on branch Juniper SRX 240 and SRX 100 firewalls.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
Proficient in implementing Security policies like NAT, PAT & Access lists.
Hands-on experience in deploying Frame-relay, GRE tunnels, Remote Access VPN and
Site-to-Site VPN.
Expert in configuring and implementing proxy servers and Authorization, Authentication & Accounting (RADIUS, TACACS+).
Experiences with Cisco Nexus Fabric Extender (FEX) (222, 2248)
Experience in design, Deploying & Troubleshooting F5 Load Balancer Includes BIGIP Series 5050V, 10000V, 8900, 6900, and 3900.
Hands on Experience in configuring F5 objects, components and provisioning various modules like LTM. GTM, ASM, APM
Experience in dealing with iRules, TMSH CLI which includes TMOS 10.2.4V - 11.6.0V and various troubleshooting tools like QKview, IQdump and iHealth diagnostic tool
Experiences in Deploying & Troubleshooting policy management on Web Proxies.
Experiences dealing with OS upgrading/Patching for various vendors like F5 (TMOS), CISCO (IOS, NX-OS), PANOS, JUNOS, Web sense, Bluecoat.
Experience in administration and designing web proxies which includes Bluecoat.
Experience in dealing with centralized management tool for rule based policy like Solsoft.
Experience with MacAfee and Splunk SIEM tools for log analysis and threat management analysis
Experience in design, installation, configuration, maintenance, migration and administration of Check Point Firewall R55 up to R77.
Experience in Policy based filtering using Palo Alto Firewalls.
Experience working with Palo Alto GUI Panorama.
Experience in migrating Check point to the Cisco ASA Devices. Also migrating from Cisco to Palo Alto.
Extensively used the packet capture tools like TCP dump, Wireshark and snoop on the devices to identify the potential network issues.
Proficient in using Network Management Application layer software’s like SNMP, Solar winds, NTP and Syslog.
Proficient in using MS Visio for documentation purposes.
Hands on experience in configuring VoIP phones using asterisk.
Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Skills:
Cisco Switches
Nexus 7K, 5K, 2K & 1K, Cisco routers (7200, 3800, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 2900series).
Routers
Cisco 2600, 2900, 3600, 3900, 7200 and 7600 series
Infrastructure services
DHCP, DNS, SMTP, FTP, TFTP
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- Channel, VLANS, VTP, STP, RSTP, 802.1Q, SVI
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP, & GLBP.
WAN technologies
Frame Relay, ATM, MPLS, leased lines & exposure to PPP, T1 /T3 & SONET.
Firewall Technologies
Cisco ASA 5580 series, PANOOS 2020, Juniper SRX, Palo Alto, Checkpoint.
Network Security
NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, IDS/IPS, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Network Management
SNMP & knowledge on Cisco Works, Ethereal.
Platforms
Cisco IOS (11.x, 12.x), LINUX, Nexus OS, Windows XP.
Documentation
MS Office, MS Visio
Load-Balancer Technologies
F5 BIG-IP LTM.
Work Experience:
Private Bank, Chicago, IL Jul 2017 – Present
Network Engineer
Responsibilities:
Performing troubleshooting on slow network connectivity issues, and Performance on F5 and Cisco ASA Firewalls.
Deploying and decommissioning Cisco switches/Firewalls and their respective software upgrades.
Hands on experience in Installing and Configuring Palo Alto PA-3060 Firewalls to protect Data Center.
Implemented Positive Enforcement Model with the help of Palo Alto networks
Configure outbound web flow policies on Palo Alto devices
Implemented Palo Alto solution for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
Hands on experience in Configuring VPN, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication.
Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling.
Work with IP for any vulnerabilities /ACLS and remediate as needed.
Provided routine status updates on work performed and interpretation of security implications from performed events.
Performed upgrading of load balancers from citrix to F5 BigIP load balancer to improved functionality, reliability and scalability in the system.
Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
Upgrades/Downgrades of F5 TMOS, Hot-fix installations depending on need
Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability
Worked on troubleshooting and resolving issues escalated by the NOC and internal systems, including developing, implementing and deploying emergency hot fixes within a global network
Configuring ASM policies for external applications
Supported virtual Datacenter using ARISTA 7124 Arista vEOS; Spine/Leaf architecture with BGP/ECMP, VXLAN overlay, as well as EIGRP, MPLS, BGP and Fabric path protocols.
Installed, configured, and STIGed Juniper Netscreen /Junos firewalls, Arista switches, Juniper SA (Secure Access) Series SSL VPNs.
Administrating on F5 LTM, GTM, ASM, APM on series 5050, 10000 8900
Created an automated backup procedure for all F5 load balance appliances
Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
Planning, Designing and implementing Network and security solutions like Firewalls (Palo Alto, Check Point, ASA), Data Center Switching, Bluecoat Proxy and F5 Load Balancers.
Troubleshooting issues post migration of Internet traffic via Bluecoat Proxy by tracing traffic on Bluecoat or by capturing traffic.
Installation & Maintenance of Juniper switches routers & firewalls.
Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches.
Upgraded existing network to Juniper switches, as well as Juniper routers also Provide support installing, configuring, and troubleshooting hardware and software.
Experience in F5 iHealth reports creating and maintaining high quality installation guides, standards documents, diagrams, run books and other engineering documentations.
Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
Worked on Catalyst 4506E, 4507, 6503E and 6506E series switches along with Nexus 5020 switches in change of configurations and maintenance.
VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
Configured and maintained VDCs in 7018 switches, maintained VRFs in those separate VDCs. Operated in OTV to extend L2 VLANs amongst data centers over IP on Nexus 7018 switches.
Upgradation of nexus OS from 6.2.2a to a higher version to increase performance and support new features on both N7010 & N7710 chassis.
Proficient in Configuring VPC between the Cisco Nexus 7k, 5k.
Route redistribution between OSPF, EIGRP and also in required routers, between IGP and BGP.
Creating BGP multi-homed network using BGP attributes like AS-PATH, MED and local-preference as per the environment.
Implemented Port Aggregation using LACP and PAgP protocols.
Configured and maintained PVST+ for L2 loop prevention on Catalyst switches.
Scheduled maintenance of Nexus 2248, 5548 and 7010 switches so that there are no Orphan ports in the network.
Documented migration of data center from legacy switches to nexus switches.
Handled LAN environment involving HSRP, VLANs, Trunking and Spanning Tree protocol.
Upgraded the remote access (VPN) and firewall environment for the entire organization
To ensure that day-to-day Security Operations run smoothly. Change management and third level incident management being the primary responsibility, participate directly as well as take escalations from the team members as and when required.
Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
Hands on Experience in Troubleshooting IOS related bugs based on past history and appropriate release notes.
State of MA, Shrewsbury MA Feb 2015 – Jun 2017
University of Massachusetts Medical School
Network Engineer
Responsibilities:
Hands on experience with Catalyst L3 switches and Cisco Nexus switches: 2232, 2248, 5548, 6001 and 7018(Sup 2E).
Operated in Administration of L2 technologies like VLANs, VTP, Trunking, RPVST, Inter-VLAN routing, Ether channeling, and Switch port Security on Access Layer switches.
In the process of Data center fabric migration from legacy Catalyst to Nexus switches, deployed, configured and maintained 5548, 7018 switches.
Installed Catalyst 6509E switches with 40GE and 10GE line cards containing MSFC and PFC cards and configured, maintained VSS on it.
Operated with Sup 2E for 7018 switch. And F cards for L2 switching and few M cards for L3 proxy routing purposes for F cards.
Functioned in upgrading system images on 5k and 7k Nexus switches using kick start and FTP server.
Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
Used Splunk SIEM tool to check the logs, create reports and dashboards.
Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, network devices
WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP address
Configured and maintained OSPF, EIGRP, RIP and BGP on Cisco routers.
Creating BGP multi-homed network using BGP attributes like AS-PATH, MED and local-preference as per the environment.
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
Configured RIP, OSPF and Static routing on Juniper M and MX series Routers.
Configured and worked on Juniper router and optimized network for application delivery in virtualized network environment.
Troubleshooting Layer 2 issues, Spanning Tree protocol, RSTP, MST, VTP, VLAN on Cisco – 6500 series switches and Juniper switches.
Involved in configuration of Arista 7K series switchesTroubleshooting the Juniper SRX100 and 110 series, Juniper Net Screen routers.
Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication.
Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling.
Documented migration of data center from legacy switches to nexus switches.
Provided hands-on support for environment including on-call support for switches, routers and servers. Used Solar winds, DHCP, DNS to troubleshoot issues.
Experience with Firewall Administration, Rule Analysis, Rule Modification
Experience on Check Point GAIA R77. Environment consisted of 30+ Check Point firewalls and performed configuration, troubleshooting, and maintenance.
Worked on, groups, and updating access-lists and responsible on Check Point Firewall, apply static, hide NAT using smart dashboard.
Performed upgrades for all IP series firewalls from previous Check point versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
Troubleshoot and resolve firewall software and hardware issues including VPNs, connectivity issues, logging, cluster configurations, hardware installations
Experience in converting Check point VPN rules over to the Cisco ASA solution. Migration with both Check point and Cisco ASA VPN experience.
Setting up MPLS Layer 3 VPN cloud in data center.
Implemented all standard and non-standard ISDN and IP-VPN changes to company customer support connections.
Responsible for administrating Bluecoat and dealing with policies for user access like Blocking/Unblocking URL's.
Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
Configuring policies on ASM using manual policy enforcement and auto policy enforcement with F5 ASM, LTM, APM.
Knowledge in implementing and configuring F5 Big-IP LTM load balancers.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers
Prepare test plans for checking the configuration on the CLI, and GUI. writing iRules, scripts
Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment both 10.x and 11.x.
Hospira, Chicago, IL Oct 2013 – Jan 2015
Network Engineer
Responsibilities:
Configured Cisco ASA Firewall to use multiple security levels and interfaces
Implemented numerous Firewalls polices on Cisco Firewall.
Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
Implemented clientless SSL VPN on ASA 5500-x platforms.
Preformed Firewall configuration primarily through the command line interface.
Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall
Configuring RADIUS and TACACS+ authentication on Cisco ASA firewalls.
Worked on ASA routed mode and transparent mode.
Worked on ASA 5500-x platform configuring the ACLS, NAT policies and AnyConnect VPN’s
Upgraded the Cisco ASA firewalls from version 8.6 to 9
Negotiate VPN tunnels using IPsec encryption standards and, also configured and implemented Site to Site VPN and remote VPN.
Performing the ACL requests change for various clients by collecting source and destination information from them
Work with application team and Information security for ACL renewals and ACLS aging.
Hands on Experience on IPAM tool used for periodical scans a subnet and provides the availability status of IP addresses in that subnet.
Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet.
Upgrades and backups of Cisco router configuration files to a TFTP server
Design, WAN link using PPP Multilink and by implementing Cisco WAAS.
Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices
Team player in a data analytics environment, maintaining network capacity, integrity, and performance of client connectivity and data centers leveraging Devices, Solar winds as the primary toolset and VPLS as the key technology
Verizon Wireless, NYC, NY Dec 2011 – Oct 2013
Network Engineer
Responsibilities:
Worked on Catalyst 4506E, 4507, and 6503E, 6506E series switches along with Nexus 5020 switches in change of configurations and maintenance.
VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
Route redistribution between OSPF and EIGRP & also in required routers, between IGP and BGP.
Created stub areas and configured summarization for effective routing. Manipulated route updates using distribute lists, route maps & administrative distance, offset lists.
Implemented Port Aggregation using LACP and PAgP protocols.
Configured and maintained PVST+ for L2 loop prevention on Catalyst switches.
Scheduled maintenance of Nexus 2248, Nexus 5548, and Nexus 7010 switches so that there are no Orphan ports in the network.
Security issues handled related to VPN, IPSEC, NAT, and Configuring Standard, Extended and Named Access lists.
Client VPN technologies including Cisco’s VPN client via IPSEC configured.
Used Cisco ASA 5540 firewall for Enterprise security, configured ACL’s for Internet requests to Server Farm in LAN and DMZ.
Worked with F5 Big-IP Product LTM in Load Balancing.
Hands on experience with Checkpoint firewall on NGX 65 SPLAT on 65 product using CLI and web UI as well.
Configured and maintained Cisco ACS server for AAA Authentication (RADIUS)
Involved in configuring switch for 802.1x port based authentication.
Wipro, India Apr 2010 – Nov 2011
Network Engineer
Responsibilities:
Responsibilities included taking care of the IP Addressing in the organization which included designing new subnets based on the requirements.
Involved in implementing & Designing the switched network. Configured STP, VTP and dot.1q in switching network.
Created VLAN& Inter-VLAN Routing with Multilayer Switching.
Configured and Maintained TACACS for AAA.
LAN Cabling in compliance of CAT5 standards.
Assisted in Troubleshooting LAN connectivity and hardware issues in the network of 100+ hosts.
Maintained Redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
Performed RIP, OSPF, EIGRP routing protocol administration.
Learned and tested various BGP parameters like Local Preference, MED, Weight, and replicated customer issues in the Lab environment.
Involved in monitoring the performance of the network, thereby identifying the bottlenecks in the network, troubleshooting the connectivity problems using Ping, Trace route, and Telnet.
Involved in troubleshooting IP addressing issues and Upgrading IOS images using TFTP.
Daily responsibilities included monitoring network connectivity, administration of the remote location.
Analyzed and studied Client requirements to provide solutions for network design, configuration, administration and security.
Contact this candidate