http://www.soundtraining.net Author, speaker, and IT trainer Don R. Crawley demonstrates how to configure a site-to-site VPN between two Cisco ASA security appliances. The demo is based on software version 8.3(1) and uses IPSec, ISAKMP, tunnel-groups, Diffie-Hellman groups, and an access-list. The demo is based on the popular book "The Accidental Administrator: Cisco ASA Security Appliance: Step-by-Step Configuration Guide (http://amzn.com/1449596622) and includes a link where you can download a free copy of the configs and the network diagram.
Views: 224140 soundtraining.net
Pre-setup: Usually this is the perimeter router so allow the firewall. Optional access-list acl permit udp source wildcard destination wildcard eq isakmp access-list acl permit esp source wildcard destination wildcard access-list acl permit ahp source wildcard destination wildcard You need to enable to securityk9 technology-package Router(config)#license boot module c2900 technology-package securityk9 Router(config)#reload Task 1: Configure the ISAKMP policy for IKE Phase 1 There are seven default isakmp policies. The most secure is the default. We will configure our own. You can remember this by HAGLE. Hash, Authentication, Group (DH), Lifetime, Encryption. Router(config)#crypto isakmp policy 1 Router(config-isakmp)#hash sha Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 5 Router(config-isakmp)#lifetime 3600 Router(config-isakmp)#encryption aes 256 We used a pre-shared key for authentication so we need to specify the password for the first phase. Router(config)#crypto isakmp key derpyisbestpony address 126.96.36.199 show crypto isakmp policy Task 2: Configure the IPsec Policy for IKE Phase 2 Configure the encryption and hashing algorithms that you will use for the data sent thought the IPsec tunnel. Hence the transform. Router(config)#crypto ipsec transform-set transform_name esp-aes esp-sha-hmac Task 3: Configure ACL to define interesting traffic Even though the tunnel is setup it doesn’t exist yet. Interesting traffic must be detected before IKE Phase 1 negotiations can begin. Allow the local lan to the remote lan. Router(config)#access-list 101 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 show crypto isakmp sa Task 4: Configure a Crypto Map for the IPsec Policy Now that interesting traffic is defined and an IPsec transform set is configured, you need to bind them together with a crypto map. Rotuer(config)# crypto map map_name seq_num ipsec-isakmp What traffic will be interesting? The access-list we made before. Router(config-crypto-map)#match address 101 The transform-set we created earlier for the IPsec tunnel. Router(config-crypto-map)# set transform-set transform_name The peer router you’re connecting to. Router(config-crypto-map)#set peer 172.30.2.2 You need to set the type of DH you want to use. Router(config-crypto-map)#set pfs group5 How long these setting will last before it’s renegotiated Router(config-crypto-map)#set security-association lifetime seconds 900 Task 5: Apply the IPsec Policy Apply the crypto map to the interface. Router(config)#interface serial0/0/0 Router(config-if)#crypto map map_name show crypto map derpy: http://th03.deviantart.net/fs71/PRE/f/2012/302/6/1/derpy_hooves_by_freak0uo-d5jedxp.png twilight: http://fc03.deviantart.net/fs70/i/2012/226/e/5/twilight_sparkle_vector_by_ikillyou121-d56s0vc.png
Views: 14108 Derpy Networking
In this video, Keith Barker walks through the steps of configuring a Palo Alto firewall to be one side of a site to site IPsec tunnel, with a Cisco router at the other end. Please be aware that IP addresses, and routing had been set up previously on both the Palo Alto firewall and the Cisco router. Thanks for watching.
Views: 58627 Keith Barker
VPN diagram - https://dl.dropbox.com/s/chyy91kejm4lxsw/VPN%20network%20diagram.png Juniper1 config https://dl.dropboxusercontent.com/s/gddaxh4yfdr2hnh/Juniper1_cfg.txt Juniper2 config https://dl.dropboxusercontent.com/s/nnx1cmdwy85h2d3/Juniper2_cfg.txt
Views: 104710 fleszvideos
http://www.soundtraining.net-cisco-asa-training-101 Learn how to generate a CSR (Certificate Signing Request) to submit to a CA (Certificate Authority) and how to install the signed certificate from the CA. In this Cisco ASA tutorial, IT author-speaker Don R. Crawley shows you the basics of digital certificate management using a combination of the CLI (command line interface) and the GUI (graphical user interface) on a Cisco ASA Security Appliance.
Views: 115194 soundtraining.net
Mikrotik Router Site to site IPSec VPN Tunnel Configuration full configuration see this link There are many types of VPN technology exits in today.Ipsec Vpn is very popular today. The real l construction of the IPSec VPN is very involved. The purpose of this the video detail, explain, and illustrate the specific processes that occur in creating an IP Sec VPN tunnel using mikrotik Router . http://mikrotikroutersetup.blogspot.com/2014/02/mikrotik-router-ip-sec-site-to-site-vpn-tunnel-configuration.html
Views: 196174 Tania Sultana
http://www.soundtraining.net/bookstore In this VPN tutorial video, author, speaker, and IT trainer Don R. Crawley demonstrates how to configure a site-to-site VPN between two Cisco routers. The demo is based on software version 12.4(15)T6 and uses IPSec, ISAKMP, tunnel-groups, Diffie-Hellman groups, and an access-list. The demo is based on the popular book "The Accidental Administrator: Cisco Router Step-by-Step Configuration Guide (http://amzn.com/0983660727) and includes a link where you can download a free copy of the configs and the network diagram.
Views: 224448 soundtraining.net
A quick tutorial that covers downloading, installing, configuring and connecting with OpenVPN to a VPN tunnel.
Views: 411106 danscourses
This video file include from DrayTek to Cisco Router IPSEC VPN Tunnel configiration / Bu video dosyası DrayTek den Cisco Router cihazına nasıl IPSEC VPN kurulumunu içermektedir. #-------------------Internet Router version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname INTERNET ! boot-start-marker boot-end-marker ! enable secret 5 $1$N5dU$xoGtoJCSMfgTfVYVfjCAc/ ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 188.8.131.52 255.255.255.0 no shut duplex auto speed auto ! interface FastEthernet0/1 ip address 184.108.40.206 255.255.255.0 no shut duplex auto speed auto ! no ip http server no ip http secure-server ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end #----------------------------- VPN GW ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPNRouter ! boot-start-marker boot-end-marker ! enable secret 5 $1$.Cuf$Ri9YUNmHcdDDt9c2ewCEu/ ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share lifetime 28800 crypto isakmp key 987654321 address 220.127.116.11 ! ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 18.104.22.168 set security-association lifetime seconds 900 set transform-set 50 set pfs group1 match address 101 ! ! ! ! ! interface FastEthernet0/0 ip address 22.214.171.124 255.255.255.0 duplex auto speed auto crypto map CMAP ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 126.96.36.199 ! ! ! access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Views: 6416 Ertan Erbek
You'll learn how to configure IPSec Site to Site VPN on FTD using FMC Firepower Threat Defense. Linkedin: https://www.linkedin.com/in/nandakumar80/
Mikrotik Router Site to site IPSec VPN Tunnel Configuration that has one router dynamic IP address full configuration see this link http://mikrotikroutersetup.blogspot.com/2012/01/mikrotik-router-site-to-site-ipsec-vpn-configuration-dhcp-ip-address.html
Views: 17740 Tania Sultana
HD Version: https://www.youtube.com/watch?v=buMIA03OZIs&feature=youtu.be I talked in this video how to configure IP phones remotely and locally, also how to configure Switch ports that connected with IP phones and PCs. And many things interesting. Step by step. I hope it would be valuable for every one! Follow me : Twitter : https://twitter.com/#!/mohammadsaeed01 My Blog : http://cisco-learning-video.blogspot.com My LinkedIn : https://sa.linkedin.com/in/mohammad-k-saeed-04866847 My FB Cisco Group: https://www.facebook.com/groups/438507132862835/?ref=bookmarks My experience related to: - Supervising on second fix stage (pulling Data Cables and Fiber Optic cable and termination). - Prepare and finalize the physical Network stage, including the troubleshooting. - Implementing and configuring Cisco IP phones (Manager, reception, wireless and basic phones) - Install and configure CUCM (SUB and PUB) to fulfill the requirement of end user. - Install and configure EsXi VMware for virtual appliances. - Install and prepare UC servers by using CICM. - Responsible for licensing of Network appliances. - Install and configure WLC and APs (internal and external) connected to. Including troubleshooting and enhance the coverage and roaming better. - Implement and configure the Layer3 Core switch 6509e (from zero stage until fulfill all network requirements which including VSS between Main and redundant core) - Implement and configure the L2 switches (Port channels with core switches Main and redundancy) - Install and configure Cisco Prime Infrastructure and make a wireless heat-map on it. - Implement and configure Telepresence system. - Install, implement and configure the IPTV system (prepare the servers and STB (set-top boxes)). - Configure and prepare the HSIA server which belongs to IPTV system. - Work with RMS (Room Management System) and BMS (Building Management System) which including the Integration with IP network. - Configure of CCTV system, installation and implementations. - Talented to lead the team to get a perfect result during site work. Appliances and servers: - 2960-s and 2960-x. - 6509e (main and redundant) - WLC 5508. - APs 1142N, 1500E, 1602N. - Gateway router 2951 series. - ASA firewall 5520. - UC servers UCS C210 M2 and UCS C200 M2 - Voice Gateway 2921. - Cisco Prime Infrastructure 2.2. - EX60 and EX90 Scope of design work: - Responsible to work in Low level and high level design for networking - Work on preparing BoQ of Cisco Networking components for several projects - Work with Low current system design -~-~~-~~~-~~-~- Please watch: "How to configure IP phones Locally and remotely (VoIP) HD" https://www.youtube.com/watch?v=buMIA03OZIs -~-~~-~~~-~~-~- #Cisco #CCIE
Views: 162293 Cisco Saeed
Mise en place d'un vpn site à site en vti sur USG
Views: 272 Zyxel France
Learn more: http://slrwnds.com/OrionInTheCloud Join Head Geek™ Patrick Hubbard and Senior Product Manager Chris O’Brien for a technical discussion drawn from dozens of SolarWinds THWACK® members who’ve moved their production SolarWinds Orion platforms to the cloud. Learn how they did it, get expert tips and tricks, and view a hands-on demo of how to move your Orion® server to AWS® or Azure®, manage VPNs, and help ensure monitoring services. THWACKcamp is SolarWinds’ annual virtual knowledge share event that provides IT Pros with intermediate to advanced educational content in the SolarWinds community of 130,000+ members. It allows like-minded IT Pros, SolarWinds technical staff and Industry Experts to interact with each other on topics around monitoring, reporting, troubleshooting, and performance management. Connect with SolarWinds: THWACK IT Community: http://thwack.solarwinds.com/ Facebook: https://www.facebook.com/SolarWinds Twitter: https://twitter.com/solarwinds LinkedIn: http://www.linkedin.com/company/solarwinds Instagram: http://instagram.com/solarwindsinc/ Flickr: http://www.flickr.com/photos/solarwinds_inc/
Views: 120 solarwindsinc