Home
Search results “Crypto isakmp pool”
Cisco ASA - Remote Access VPN (IPSec)
 
08:49
How to quickly set up remote access for external hosts, and then restrict the host's access to network resources.
Views: 146652 Blog'n'Vlog
Quick Configs - Dynamic VTI IPsec (virtual-template, unnumbered, keyring, isakmp)
 
11:07
This CCIE oriented episode of quick configs goes into configuring a Dynamic Virtual Tunnel Interface (VTI). See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 3215 Ben Pin
MicroNugget: How to Negotiate in IKE Phase 1 (IPsec)
 
03:01
Not a subscriber? Start your free week. https://cbt.gg/2CsnIRh CBT Nuggets trainer Keith Barker provides an easy and fun way for remembering 5 specific items needed for building an IPsec tunnel.
Views: 15972 CBT Nuggets
Learn about Cisco ASAv route based VPN (Demo connecting AWS and Azure)
 
13:27
Learn about Cisco ASAv route based VPN (Demo connecting AWS and Azure) ASAv (AWS) crypto ikev1 enable management ! crypto ikev1 policy 10  authentication pre-share  encryption aes  hash sha  group 2  lifetime 28800 ! crypto ipsec ikev1 transform-set AWS esp-aes esp-sha-hmac  ! crypto ipsec profile AWS  set ikev1 transform-set AWS  set pfs group2  set security-association lifetime seconds 3600 ! tunnel-group 104.43.128.159 type ipsec-l2l     ! tunnel-group 104.43.128.159 ipsec-attributes    ikev1 pre-shared-key cisco  isakmp keepalive threshold 10 retry 10 ! interface Tunnel1  nameif AWS  ip address 1.1.1.2 255.255.255.0   tunnel source interface management  tunnel destination 104.43.128.159  tunnel mode ipsec ipv4  tunnel protection ipsec profile AWS  no shut ! router bgp 64502  bgp log-neighbor-changes  address-family ipv4 unicast   neighbor 1.1.1.1 remote-as 64501   neighbor 1.1.1.1 activate   neighbor 1.1.1.1 default-originate   redistribute connected   redistribute static   no auto-summary   no synchronization  exit-address-family ! ASAv (Azure) crypto ikev1 enable management ! crypto ikev1 policy 10  authentication pre-share  encryption aes  hash sha  group 2  lifetime 28800 ! crypto ipsec ikev1 transform-set Azure esp-aes esp-sha-hmac  ! crypto ipsec profile Azure  set ikev1 transform-set Azure  set pfs group2  set security-association lifetime seconds 3600 ! tunnel-group 54.213.122.209 type ipsec-l2l     ! tunnel-group 54.213.122.209 ipsec-attributes    ikev1 pre-shared-key cisco  isakmp keepalive threshold 10 retry 10 ! interface Tunnel1  nameif Azure  ip address 1.1.1.1 255.255.255.0   tunnel source interface management  tunnel destination 54.213.122.209  tunnel mode ipsec ipv4  tunnel protection ipsec profile Azure  no shut ! router bgp 64502  bgp log-neighbor-changes  address-family ipv4 unicast   neighbor 1.1.1.1 remote-as 64501   neighbor 1.1.1.1 activate   neighbor 1.1.1.1 default-originate   redistribute connected   redistribute static   no auto-summary   no synchronization  exit-address-family !
Views: 1306 Anubhav Swami
VPN remote akses pada packet tracer
 
03:14
Fondasi utamanya laptop (client remote access vpn) harus bisa ping ke router vpn server(router yang melayani koneksi vpn). Hal ini mengisyaratkan bahwa nat di router branch sudah ready/ok dalam menterjemahkan alamat IP private si laptop ke alamat IP publik interface outside si router branch. Dengan settingan yang sama kita bisa membuat remote vpn di real router misalnya cisco 880. Router corporate: aaa new-model aaa authentication login rtr-remote local aaa authorization network rtr-remote local username Cisco password 0 Cisco crypto isakmp policy 1 encr aes 256 hash md5 authentication pre-share group 2 lifetime 21600 crypto isakmp client configuration group rtr-remote key cisco123 pool dynpool crypto ipsec security-association lifetime seconds 86400 crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac crypto dynamic-map dynmap 1 set transform-set vpn1 reverse-route crypto map dynmap client authentication list rtr-remote crypto map dynmap isakmp authorization list rtr-remote crypto map dynmap client configuration address respond crypto map dynmap 10 ipsec-isakmp dynamic dynmap ip local pool dynpool 30.30.30.20 30.30.30.30 interface FastEthernet0/0 crypto map dynmap
Views: 840 Totz Freelance
GNS3 Labs: IPsec VPN with NAT across BGP Internet routers: Answers Part 1
 
14:54
GNS3 Topology: https://goo.gl/p7p8pq Get the VPN Config Generator and all my videos as part of a subscription here: https://goo.gl/mJMZGW Cisco documentation: https://goo.gl/hjmdFR For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. VPN Configuration: ====================================================== ! CONFIG FOR: C1 ! ! ====================================================== access-list 100 remark ****** Link to C2 ****** access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 ! access-list 101 remark ****** NAT ACL ****** access-list 101 deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 101 permit ip 10.1.1.0 0.0.0.255 any ! ip nat inside source route-map nonat interface G0/1 overload ! route-map nonat permit 10 match ip address 101 ! crypto isakmp policy 10 hash md5 authentication pre-share encryption 3des group 2 lifetime 86400 ! crypto isakmp key cisco123 address 8.8.11.2 ! crypto ipsec transform-set myset esp-3des esp-md5-hmac mode tunnel ! crypto map mymap 1 ipsec-isakmp description ****** Link to C2 ****** set peer 8.8.11.2 set transform-set myset set pfs group2 match address 100 set security-association lifetime seconds 86400 set security-association lifetime kilobytes 4608000 ! interface G0/1 crypto map mymap ip nat outside ! interface G0/0 ip nat inside !===================================================== ! CONFIG FOR: C2 ! ! ====================================================== access-list 100 remark ****** Link to C1 ****** access-list 100 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255 ! access-list 101 remark ****** NAT ACL ****** access-list 101 deny ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 101 permit ip 10.1.2.0 0.0.0.255 any ! ip nat inside source route-map nonat interface G0/1 overload ! route-map nonat permit 10 match ip address 101 ! crypto isakmp policy 10 hash md5 authentication pre-share encryption 3des group 2 lifetime 86400 ! crypto isakmp key cisco123 address 8.8.10.2 ! crypto ipsec transform-set myset esp-3des esp-md5-hmac mode tunnel ! crypto map mymap 2 ipsec-isakmp description ****** Link to C1 ****** set peer 8.8.10.2 set transform-set myset set pfs group2 match address 100 set security-association lifetime seconds 86400 set security-association lifetime kilobytes 4608000 ! interface G0/1 crypto map mymap ip nat outside ! interface G0/0 ip nat inside !========================================= Go here for more: https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html
Views: 2620 David Bombal
Quick Configs - NetFlow (v5, v8, v9, flexible, samplers, export, caching)
 
32:38
Another CCIE oriented episode of quick? configs focused on the current implementation of NetFlow and previously used versions. See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 9442 Ben Pin
Quick Configs - QoS Pre-Classify (crypto map, tunnel)
 
09:24
This CCIE oriented episode of quick configs goes into configuring QoS Pre-Classify. See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 745 Ben Pin
Quick Configs Ubiquiti - Site to Site VTI VPN (CLI)
 
09:53
OneDrive link to all Ubiquiti Video config files: https://1drv.ms/f/s!AsuDsQ7TSDqNgU3bHKtUeUIhAX1M This video is aimed at configuring a Site-to-Site IPsec VPN connection using Virtual Tunnel Interfaces (VTI) on a Ubiquiti EdgeMax device.
Views: 273 Ben Pin
SITE TO SITE VPN ROUTER PART 1
 
06:32
SITE TO SITE IPSEC VPN TUNNEL BETWEEN CISCO ROUTERS These steps are: (1) Configure ISAKMP (ISAKMP Phase 1) (2) Configure IPSec (ISAKMP Phase 2, ACLs, Crypto MAP) CONFIGURE ISAKMP (IKE) - (ISAKMP PHASE 1):- R1(config)# crypto isakmp policy 1 R1(config-isakmp)# encr 3des R1(config-isakmp)# hash md5 R1(config-isakmp)# authentication pre-share R1(config-isakmp)# group 2 R1(config-isakmp)# lifetime 86400 R1(config)# crypto isakmp key firewallcx address X.X.X.X(ROUTER-2 IP ADDRESS) CONFIGURE IPSEC:- R1(config)# ip access-list extended XXX(Name for access list) R1(config-ext-nacl)# permit ip x.x.x.x(R1-LOCAL internal Network) 0.0.0.255 x.x.x.x(R2LOCAL internal Network) 0.0.0.255 crypto ipsec transform-set TS esp-3des esp-md5-hmac R1(config)# crypto map CMAP 10 ipsec-isakmp R1(config-crypto-map)# set peer X.X.X.X(ROUTER-2 IP ADDRESS) R1(config-crypto-map)# set transform-set TS R1(config-crypto-map)# match address XXX(Name for access list) R1(config)# interface FastEthernet0/1 R1(config- if)# crypto map CMAP ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- SITE -1 These steps are: (1) Configure ISAKMP (ISAKMP Phase 1) (2) Configure IPSec (ISAKMP Phase 2, ACLs, Crypto MAP) CONFIGURE ISAKMP (IKE) - (ISAKMP PHASE 1):- R1(config)# crypto isakmp policy 1 R1(config-isakmp)# encr 3des R1(config-isakmp)# hash md5 R1(config-isakmp)# authentication pre-share R1(config-isakmp)# group 2 R1(config-isakmp)# lifetime 86400 R1(config)# crypto isakmp key antony address 1.1.1.2 CONFIGURE IPSEC:- R1(config)# ip access-list extended SITE-2-VPN R1(config-ext-nacl)# permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 crypto ipsec transform-set TS-ANT esp-3des esp-md5-hmac R1(config)# crypto map CMAP-ANT 10 ipsec-isakmp R1(config-crypto-map)# set peer 1.1.1.2 R1(config-crypto-map)# set transform-set TS-ANT R1(config-crypto-map)# match address SITE-2-VPN R1(config)# interface FastEthernet0/1 R1(config- if)# crypto map CMAP-ANT -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- R1 CONFIGURATION: Router#SHOW RUN Building configuration... Current configuration : 1707 bytes ! version 15.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 ! ! ! no ip cef no ipv6 cef ! ! ! ! license udi pid C819HGW-PT-K9 sn FTX18066A3L ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp key antony address 1.1.1.2 ! ! ! crypto ipsec transform-set TS-ANT esp-3des esp-md5-hmac ! crypto map CMAP-ANT 10 ipsec-isakmp set peer 1.1.1.2 set transform-set TS-ANT match address SITE-2-VPN ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Serial0 ip address 1.1.1.1 255.255.255.0 ip nat outside clock rate 2000000 crypto map CMAP-ANT ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 ! interface Cellular0 no ip address shutdown ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 10.10.10.1 255.255.255.248 ! ip nat inside source static 10.0.0.2 1.1.1.1 ip classless ip route 0.0.0.0 0.0.0.0 Serial0 ! ip flow-export version 9 ! ! access-list 23 permit 10.10.10.0 0.0.0.7 ip access-list extended SITE-2-VPN permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end Router# SO WATCH MY SECOND VIDEO FOR SITE 2 VPN CONNECTION. ---------------------------------------------------------------------------------------------------------------------------- PART-2 VIDEO LINK https://youtu.be/EAOdHo-W0ww
Views: 41 IT DEVELOPMENT
Quick Configs - DMVPN & OSPF (phase 1, 2, 3, filters, point-to-multipoint, broadcast, dr, bdr)
 
17:20
This CCIE oriented episode of quick configs goes into using OSPF for Dynamic Multipoint VPN (DMVPN). See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 2162 Ben Pin
Quick Configs - Dynamic Access-Lists (acl, telnet, idle timeout)
 
07:25
This CCIE oriented episode of quick configs goes into configuring a Dynamic Access-List to allow traffic after authentication by TELNET. See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 439 Ben Pin
Cisco VPN Troubleshooting (NAT-Traversal)
 
07:53
Dein Cisco IPSec VPN-Tunnel lässt nur Daten in eine Richtung (one way) durch? Vielleicht ist NAT-Traversal oder auch NAT-T nicht eingeschaltet. Im Video erfährst du, woran du dieses Problem an einem Mac erkennst und welche IPSec-Einstellung auf einer Cisco ASA 5510 oder 5505 ggfs. geändern werden müssen. Befehle: # show running-config all crypto isakmp | grep nat no crypto isakmp nat-traversal # crypto isakmp nat-traversal 20 Offizielle Troubleshooting-Anleitung von Cisco: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#solution01 Allgemeine Erklärungen zu NAT-Traversal: https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec https://nat0.net/cisco-ipsec-vpn-client-ports/ Details zum Terminal-Befehl "lsof" unter Mac OS X findest du in der entsprechenden Manpage.
Views: 2325 Björn Albers
How to Configure IPSEC - SITE to SITE IPSEC VPN Policy Based VPN - LAB
 
14:36
In this Video, I am going to show you about, How to Configure IPSEC - SITE to SITE IPSEC VPN Policy Based VPN - LAB You can also look into my Blog: https://pgrspot.blogspot.in Tasks to be completed. 1. Configure IP Address as per the Topology 2. Make sure you have Reachability to the Peer End. 3. Configure IKE Phase 1 : Encryption : AES Authentication : pre-share preshare-key : pgrspot Hash : md5 group : 5 4. Configure IKE Phase 2 : Create a Crypto-map name IPSEC-MAP Create a Transform-set named IPSEC-TRANS Encryption : AES Hash : md5 5. Create an ACL named IPSEC-ACL Permit only packets from SERVER and PC to go through IPSEC Encryption. 6. Make sure only the packets from concerned source to destination is encrypted via IPSEC.
Views: 296 PGR Spot
SITE TO SITE VPN ROUTER PART 2
 
15:51
SITE TO SITE IPSEC VPN TUNNEL BETWEEN CISCO ROUTERS These steps are: (1) Configure ISAKMP (ISAKMP Phase 1) (2) Configure IPSec (ISAKMP Phase 2, ACLs, Crypto MAP) CONFIGURE ISAKMP (IKE) - (ISAKMP PHASE 1):- R1(config)# crypto isakmp policy 1 R1(config-isakmp)# encr 3des R1(config-isakmp)# hash md5 R1(config-isakmp)# authentication pre-share R1(config-isakmp)# group 2 R1(config-isakmp)# lifetime 86400 R1(config)# crypto isakmp key firewallcx address X.X.X.X(ROUTER-2 IP ADDRESS) CONFIGURE IPSEC:- R1(config)# ip access-list extended XXX(Name for access list) R1(config-ext-nacl)# permit ip x.x.x.x(R1-LOCAL internal Network) 0.0.0.255 x.x.x.x(R2LOCAL internal Network) 0.0.0.255 crypto ipsec transform-set TS esp-3des esp-md5-hmac R1(config)# crypto map CMAP 10 ipsec-isakmp R1(config-crypto-map)# set peer X.X.X.X(ROUTER-2 IP ADDRESS) R1(config-crypto-map)# set transform-set TS R1(config-crypto-map)# match address XXX(Name for access list) R1(config)# interface FastEthernet0/1 R1(config- if)# crypto map CMAP ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- SITE -2 PART-2 These steps are: (1) Configure ISAKMP (ISAKMP Phase 1) (2) Configure IPSec (ISAKMP Phase 2, ACLs, Crypto MAP) CONFIGURE ISAKMP (IKE) - (ISAKMP PHASE 1):- R2(config)# crypto isakmp policy 1 R2(config-isakmp)# encr 3des R2(config-isakmp)# hash md5 R2(config-isakmp)# authentication pre-share R2(config-isakmp)# group 2 R2(config-isakmp)# lifetime 86400 R2(config)# crypto isakmp key antony address 1.1.1.1 CONFIGURE IPSEC:- R2(config)# ip access-list extended SITE-1-VPN R2(config-ext-nacl)# permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 crypto ipsec transform-set TS-ANT esp-3des esp-md5-hmac R2(config)# crypto map CMAP 10 ipsec-isakmp R2(config-crypto-map)# set peer 1.1.1.1 R2(config-crypto-map)# set transform-set TS-ANT R2(config-crypto-map)# match addresS SITE-1-VPN R2(config)# interface SERIAL 0 R2(config- if)# crypto map CMAP WAIT 5 MIN.... TO SHARE THE KEY.... --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- R2 CONFIGURATION:- Router(config-if)#DO SHOW RUN Building configuration... Current configuration : 1862 bytes ! version 15.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 ! ! ! ip cef no ipv6 cef ! ! ! ! license udi pid C819HGW-PT-K9 sn FTX1806BFM3 ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp key antony address 1.1.1.1 ! ! ! crypto ipsec transform-set TS-ANT esp-3des esp-md5-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 1.1.1.1 set transform-set TS-ANT match address SITE-1-VPN ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0 ip address 192.168.0.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Serial0 ip address 1.1.1.2 255.255.255.0 ip nat outside crypto map CMAP ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 ! interface Cellular0 no ip address shutdown ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 10.10.10.1 255.255.255.248 ! ip nat inside source list 101 interface Serial0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0 ! ip flow-export version 9 ! ! access-list 23 permit 10.10.10.0 0.0.0.7 ip access-list extended SITE-1-VPN permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 101 remark nat access-list 101 deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 101 remark nat1 ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end Router(config-if)# ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- BRINGING UP AND VERIFYING THE VPN TUNNEL ping 20.20.20.1 source SERIAL 0 show crypto session
Views: 30 IT DEVELOPMENT
Site to Site VPN Configuration Tutorial - Check Point firewalls
 
14:43
This video shows how to configure a basic site to site VPN using Check Point firewalls
Views: 131169 Jafer Sabir