Jump to content

Search the Community

Showing results for tags 'VPN'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


    • LINUX
    • ORACLE
    • GNS3

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 15 results

  1. The Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 course teaches you how to implement, configure, monitor, and support enterprise Virtual Private Network (VPN) solutions. Through a combination of lessons and hands-on experiences you will acquire the knowledge and skills to deploy and troubleshoot traditional Internet Protocol Security (IPsec), Dynamic Multipoint Virtual Private Network (DMVPN), FlexVPN, and remote access VPN to create secure and encrypted data, remote accessibility, and increased privacy. [Hidden Content] Import then Download [hide][Hidden Content]] Stay Home.. Stay Safe
  2. INE - DMVPN (2020) DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies: 1) Multipoint GRE (mGRE) 2) Next-Hop Resolution Protocol (NHRP) 4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP) 3) Dynamic IPsec encryption 5) Cisco Express Forwarding (CEF) Assuming that reader has a general understanding of what DMVPN is and a solid understanding of IPsec/CEF, we are going to describe the role and function of each component in details. In this post we are going to illustrate two major phases of DMVPN evolution: 1) Phase 1 – Hub and Spoke (mGRE hub, p2p GRE spokes) 2) Phase 2 – Hub and Spoke with Spoke-to-Spoke tunnels (mGRE everywhere) As for DMVPN Phase 3 – “Scalable Infrastructure”, a separate post is required to cover the subject. This is due to the significant changes made to NHRP resolution logic (NHRP redirects and shortcuts), which are better being illustrated when a reader has good understanding of first two phases. However, some hints about Phase 3 will be also provided in this post. [hide][Hidden Content]] [hide][Hidden Content]]
  3. i got cert successfully at VPN Client and EZVPN Server R2 is CA, its address is But I can't dial VPN Server to access It seems that IKE Phase 1 doesn't work. Please Help R3 is EZVPN Server, WinXP is VPN Client Here is config file ! crypto pki trustpoint CA enrollment url [Hidden Content] serial-number ip-address none subject-name CN=R3, OU=EZ_GROUP revocation-check crl crypto pki certificate chain CA certificate 04 308201E7 30820150 A0030201 02020104 300D0609 2A864886 F70D0101 04050030 1A310B30 09060355 040B1302 5232310B 30090603 55040313 02434130 1E170D31 36303630 37313631 3333355A 170D3137 30363037 31363133 33355A30 4C311130 0F060355 040B0C08 455A5F47 524F5550 310B3009 06035504 03130252 33312A30 12060355 0405130B 46545830 39343557 304D5930 1406092A 864886F7 0D010902 16075261 636B3152 33305C30 0D06092A 864886F7 0D010101 0500034B 00304802 41009F0B 54CE14A2 50076067 3F3BBB68 B023328B B45FC98C BEC625A0 B8CA924E 27AAE65F 21D154D5 04BCF7DB FF613E61 8ACCC4C8 F5FD47E0 1789EC3B 63A07151 04E70203 010001A3 4F304D30 0B060355 1D0F0404 030205A0 301F0603 551D2304 18301680 14B8F93E 1EC13CC1 6261C112 AC8B9C16 FA06DA6D 80301D06 03551D0E 04160414 27418DCF 53C7EA9F D37F2736 9FAE4DD7 1D17EA26 300D0609 2A864886 F70D0101 04050003 81810064 3FA5A659 CE0CCA2E 6D0EBBA6 C6DC0317 42DCD340 9A9F6C36 3B327E31 3F5FCC69 C72025CD 5F26D151 D6798F9D A7F89817 DE7FA65B 30D08FB5 281F5C47 D0010FCF D7E2A2A7 AB9D7E26 AA59C44D 78DB8323 48ED4FC6 F2C6378D 37EC9797 D82E174D 2B87AB1B DF995939 266AD0DE 8BA4B463 A283D847 7526D922 FB285D67 B77034 quit certificate ca 01 3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 1A310B30 09060355 040B1302 5232310B 30090603 55040313 02434130 1E170D31 36303630 37313630 3335385A 170D3139 30363037 31363033 35385A30 1A310B30 09060355 040B1302 5232310B 30090603 55040313 02434130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 C4015175 CE486DA3 99AD8554 AC5BA46D 924F2C74 26EE0E2D F30CC942 5EEDCC9A FD3EAD74 30B31532 C93C4FE7 B9921000 FD728710 31CFCBF6 24A2CA80 5496AA96 3EAFE907 CEC03FB2 8DFD7B28 86EA0D5E F9AB6BE6 A4432715 E23A120E 7ABFCDD1 F5D21F46 D198627D 333AC053 7C6251F3 8046B4C5 50C439F9 E5F9FB4D B90B07AB 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 168014B8 F93E1EC1 3CC16261 C112AC8B 9C16FA06 DA6D8030 1D060355 1D0E0416 0414B8F9 3E1EC13C C16261C1 12AC8B9C 16FA06DA 6D80300D 06092A86 4886F70D 01010405 00038181 0021D303 730EA573 D5ED8AA9 FE4A4BF4 F2D27F12 79233749 7B32753C FC6D25D5 F5A65E4C 239D8996 A6CF1508 35FFC794 17D32BAF B9E11532 35A4EB95 448F312C A0A4E414 681F1E6A 9BC2A966 8F530A42 ABA143A0 A23A4AC6 87CDAA6D 82046CB9 7B5D0798 59A0BF45 1D1229C7 5CC1A366 C5D8C47E 45FADE92 3E58E70D 6FB72120 35 quit ! crypto isakmp policy 10 encr 3des group 2 ! aaa new-model aaa authentication login USER_AUTHEN local aaa authorization network USER_AUTHOR local ! ip local pool EZ_POOL ! ip access-list standard EZ_ACL permit ! crypto isakmp client configuration group EZ_GROUP pool EZ_POOL acl EZ_ACL crypto isakmp profile IKEv1_PRO match identity group EZ_GROUP client authentication list USER_AUTHEN isakmp authorization list USER_AUTHOR virtual-template 1 crypto ipsec transform-set EZ_SET esp-3des esp-sha-hmac crypto ipsec profile EZ_PRO set transform-set EZ_SET set isakmp-profile IKEv1_PRO ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/0 tunnel source FastEthernet0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile EZ_PRO ! VPN Client config CA URL [Hidden Content] CN=USER,OU=EZ_GROUP ! And this is debug error I got. .Jun 7 16:40:01.759: ISAKMP:(0):Hash algorithm offered does not match policy! .Jun 7 16:40:01.759: ISAKMP:(0):atts are not acceptable. Next payload is 3 .Jun 7 16:40:02.223: ISAKMP:(1017):Profile has no keyring, aborting key search .Jun 7 16:40:02.695: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.
  4. Hello, Maybe this question is a basic one but I am completely clueless about it. I want to set up remote access VPN via internet and I have an ADSL router and then I have my WAN router which is 2921. The thing is that I want to terminate the VPN on the 2921. So the real IP on the ADSL has to be seen somehow on the 2921 thru my LAN. Should I use GRE tunnel between the ADSL and the 2921? Also: the 2921 is connected to the LAN via 1 Gigabit Ethernet interface. Can this be sufficient? internet ---- ADSL Router --- LAN --- 2921 ---- WAN
  5. On ABC site 2, we have R11 and R3 via eBGP and R12 and R5 via OSPF. Between R11 and R12 we also have OSPF. Everything works well for all Intra-AS and Inter-AS VPN questions. Problem occurs in question CsC-1. In my setup, the preferred path on ABC site 2 is via the link between R11 and R3. CsS-1 requires vpnv4 between R12 and R13. The vpvn4 session will be closed after a while and the Ping's between VPN XYZ sites are not successful at all. I checked the forwarding plane and have detected that R12's routing table prefers the path over R11 and than from R11 to R3. As soon as I do a shutdown on R12 interface towards R11, vpnv4 session toward R13 comes up and the Pings between the XYZ sites works. I'm looking for a solution to manipulate R12's routing decision. As long as the path between R12 and R5 is used, everything works. One alternative would be to consider CsC-CE redundancy --> vpnv4 + ldp between R12 and R11. This works because I tested this already. Another alternative would be to change the AD of eBGP on R11 but it seem AD change is not a good choice. Question: Do you have also the preferred path issue on R12 (preferred via R11 and not directly via R5?) and how have you solved the issue.
  6. Hi, Can anybody please explain the process of processing a crypto map on an interface ? Crypto Map priortiy ? Flow of packet from Engine to interface and then processing of crypto map ? I am trying to do S2S between R1 & R2 and Remote access between a client (connected to ISP) and R1, and if the priority/line entry of Crypto Map (Remote Acess) is > Crypto Map (S2S) then VPNs stop working properly. (e.g. for RA crypto map entry is at line 10 and for S2S crypto map entry is at 111)
  7. Hi, I was wondering if you guys could share your experience on the lab regarding multicast issues you have found and tips you think would be relevant about it. I did my first attempt and did not pass (Lab 3.2). One of the problemas was related to MVPN. I was sure that all I need was configure correctly, but router 12 was not able to ping router 14 and vice versa. R13 and R11 were working just fine. Any help would be appreciated. Thank you.
  8. yorana

    Back Again

    Hi Members, Hoping all are fine. I am back again to prepare for my CCIE RS exam. Last time (2013) I tried but couldn't succeed that time. Anyway, bad luck happens. Here I am again to try my luck. Obviously as before, I believe this group is one of the key to success in this exam. Everyone in this group is so much supportive and helping that I can't have words to express. Well, see ya all members... (and wish me luck this time ) Regards,
  9. Publisher: Cisco Press; 3 edition (May 10, 2014) Language: English ISBN-10: 1587143070 ISBN-13: 978-1587143076 All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition Identify, mitigate, and respond to today’s highly-sophisticated network attacks. Today, network attackers are far more sophisticated, relentless, and dangerous. In response, Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services has been fully updated to cover the newest techniques and Cisco technologies for maximizing end-to-end security in your environment. Three leading Cisco security experts guide you through every step of creating a complete security plan with Cisco ASA, and then deploying, configuring, operating, and troubleshooting your solution. Fully updated for today’s newest ASA releases, this edition adds new coverage of ASA 5500-X, ASA 5585-X, ASA Services Module, ASA next-generation firewall services, EtherChannel, Global ACLs, clustering, IPv6 improvements, IKEv2, AnyConnect Secure Mobility VPN clients, and more. The authors explain significant recent licensing changes; introduce enhancements to ASA IPS; and walk you through configuring IPsec, SSL VPN, and NAT/PAT. You’ll learn how to apply Cisco ASA adaptive identification and mitigation services to systematically strengthen security in network environments of all sizes and types. The authors present up-to-date sample configurations, proven design scenarios, and actual debugs– all designed to help you make the most of Cisco ASA in your rapidly evolving network. Jazib Frahim, CCIE® No. 5459 (Routing and Switching; Security), Principal Engineer in the Global Security Solutions team, guides top-tier Cisco customers in security-focused network design and implementation. He architects, develops, and launches new security services concepts. His books include Cisco SSL VPN Solutions and Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting. Omar Santos, CISSP No. 463598, Cisco Product Security Incident Response Team (PSIRT) technical leader, leads and mentors engineers and incident managers in investigating and resolving vulnerabilities in Cisco products and protecting Cisco customers. Through 18 years in IT and cybersecurity, he has designed, implemented, and supported numerous secure networks for Fortune® 500 companies and the U.S. government. He is also the author of several other books and numerous whitepapers and articles. Andrew Ossipov, CCIE® No. 18483 and CISSP No. 344324, is a Cisco Technical Marketing Engineer focused on firewalls, intrusion prevention, and data center security. Drawing on more than 16 years in networking, he works to solve complex customer technical problems, architect new features and products, and define future directions for Cisco’s product portfolio. He holds several pending patents. Understand, install, configure, license, maintain, and troubleshoot the newest ASA devices Efficiently implement Authentication, Authorization, and Accounting (AAA) services Control and provision network access with packet filtering, context-aware Cisco ASA next-generation firewall services, and new NAT/PAT concepts Configure IP routing, application inspection, and QoS Create firewall contexts with unique configurations, interfaces, policies, routing tables, and administration Enable integrated protection against many types of malware and advanced persistent threats (APTs) via Cisco Cloud Web Security and Cisco Security Intelligence Operations (SIO) Implement high availability with failover and elastic scalability with clustering Deploy, troubleshoot, monitor, tune, and manage Intrusion Prevention System (IPS) features Implement site-to-site IPsec VPNs and all forms of remote-access VPNs (IPsec, clientless SSL, and client-based SSL) Configure and troubleshoot Public Key Infrastructure (PKI) Use IKEv2 to more effectively resist attacks against VPNs Leverage IPv6 support for IPS, packet inspection, transparent firewalls, and site-to-site IPsec VPNs Fast Resume Single Link [Hidden Content]
  10. routeHub - SonicWALL Firewall and VPN Training Series Format: PDF/MP4 Size: 438.3MB Only one course: SonicWALL Firewall and VPN Training Last updated: September 2015 [Hidden Content]
  11. This Is the Best Four Books ive read so far about ASA 8.3 and After. [Hidden Content]
  12. Hi gurus, Iam trying to build a lab to practice the a site to site vpn with certificates using a Certification Authority, prettending to solve the holes that I have in my understanding of the proccess. One of my first doubts before begin is about what CA to use, and it must be for free, of course. I try to do the lab following the steps of Cisco.Press.CCNA.Security.640-554.Official.Cert.Guide (pag 504) for this I choose cacert.org as CA in my PKI and my first problem is that I don't know the enrollment url. In the book: ! Specify the CA that you would like to use, and the URL to be used to ! reach that CA R1(config)# crypto pki trustpoint CA R1(ca-trustpoint)# enrollment URL [Hidden Content] R1(ca-trustpoint)# exit ! Request the root certificate through "authenticating" the CA R1(config)# crypto pki authenticate CA In this point I think the problem is that cacert doesnt support yet the scep and the enrollment must be done manually, using the cli "enrollment terminal pem" and copy paste the root certificate of the CA when I want to authenticate the trustpoint (example in [Hidden Content]). So, in this point I have two questions before go ahead.. 1. Do you know any Certification Authority (for free!) that works with scep to use in this lab? 2. Has anyone used cacert.org as CA? Did you do it using the cli "enrollment url http:\\....."? If you did it in this way, what url did you use? Thanks in advance!
  13. Hi all I'm new here so bare with me, I want to practice configuring VPN. Here's my topology description, I have a cloud (service Provider) and 2 routers and wanted to know how to connect the 2 routers to the cloud so that both routers can have internet access and be able to ping each other, I'm not worried about the router configs I can do that. So far I have assigned the cloud to use the Host machine NIC which has internet but when I connect one router to the cloud I then cant connect the other how do I setup the cloud. Many thanks in advance.
  14. Hi, I have an ASA and a RV router. I would like to establish a site to site vpn between the two. Unfortunately until now I can get it to work. My ASA has a static IP address assigned and my RV router has a Dynamic IP assigned meaning I need to peer using hostnames. My problem is that I have no Idea how to authenticate using hostnames in my ASA.
  15. im looking for the best material and training course for JNCIS-FWV (JN0-533) , But i didnt see any video course training for that !! CBT or something else ! ?? what is the best way ?? Help plz and thanks a lot
  • Create New...