Home
Search results “Crypto map redundancy package”
Configuring Site to Site VPN Using Crypto Maps
 
06:23
Here's the full description with the running config's and screenshots: http://www.certvideos.com/configuring-site-to-site-vpn-using-crypto-map/
Views: 3610 Shyam Raj
Create an IPsec VPN tunnel using Packet Tracer - CCNA Security
 
18:28
http://danscourses.com - Learn how to create an IPsec VPN tunnel on Cisco routers using the Cisco IOS CLI. CCNA security topic. 1. Starting configurations for R1, ISP, and R3. Paste to global config mode : hostname R1 interface g0/1 ip address 192.168.1.1 255.255.255.0 no shut interface g0/0 ip address 209.165.100.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 209.165.100.2 hostname ISP interface g0/1 ip address 209.165.200.2 255.255.255.0 no shut interface g0/0 ip address 209.165.100.2 255.255.255.0 no shut exit hostname R3 interface g0/1 ip address 192.168.3.1 255.255.255.0 no shut interface g0/0 ip address 209.165.200.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 209.165.200.2 2. Make sure routers have the security license enabled: license boot module c1900 technology-package securityk9 3. Configure IPsec on the routers at each end of the tunnel (R1 and R3) !R1 crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 ! crypto isakmp key secretkey address 209.165.200.1 ! crypto ipsec transform-set R1-R3 esp-aes 256 esp-sha-hmac ! crypto map IPSEC-MAP 10 ipsec-isakmp set peer 209.165.200.1 set pfs group5 set security-association lifetime seconds 86400 set transform-set R1-R3 match address 100 ! interface GigabitEthernet0/0 crypto map IPSEC-MAP ! access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 !R3 crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 ! crypto isakmp key secretkey address 209.165.100.1 ! crypto ipsec transform-set R3-R1 esp-aes 256 esp-sha-hmac ! crypto map IPSEC-MAP 10 ipsec-isakmp set peer 209.165.100.1 set pfs group5 set security-association lifetime seconds 86400 set transform-set R3-R1 match address 100 ! interface GigabitEthernet0/0 crypto map IPSEC-MAP ! access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
Views: 53623 danscourses
LabMinutes# SEC0026 - Cisco Router Site-to-site (L2L) IPSec IKEv1 VPN with VRF (crypto map & VTI)
 
24:48
more Cisco VPN Video at http://www.labminutes.com/video/sec/vpn The video takes the site-to-site L2L IPSec VPN to the next level by combining what we have learnt from the previous videos with the concept of Virtual Routing Forwarding (VRF). We will look at how you can segregate different type of L2L VPN into their own logical routing domain, while they all share the same physical hardware. Basic understanding of VRF is recommended before viewing this video Topic includes - L2L IPSec VPN with Crypto-map and shared outside interface - L2L IPSec VPN with VTI and shared outside interface - L2L IPSec VPN with VTI and dedicated outside interface
Views: 3773 Lab Minutes
Dynamic Site-2-Site VPNs with Cisco ASA
 
24:05
http://blog.networkknerd.com/2016/08/dynamic-site-2-site-vpns-with-cisco-asa.html
Views: 4076 Jon Major
Cisco ASA Site-to-Site VPN Configuration with certificate - Debug
 
08:44
Hi Friends, Please checkout my new video on Site to Site VPN between ASA to ASA with Certificate . If you like this video give it a thumps up and subscribe my channel for more video. Have any question put it on comment section. Site to Site VPN with Certificate - Wireshark Capture https://youtu.be/BthdhJQzq9c Public Key Infrastructure - Explained https://youtu.be/kZETEaAJgYY Site to Site VPN on Router- Understanding and Explanation https://www.youtube.com/watch?v=_A6tm22lYsk Site to Site VPN Main mode negotiation with Wireshark Explanation https://www.youtube.com/watch?v=aaINqti3Hgc What is NAT-T ? What is use in Site to Site VPN with NAT -T wireshark capture and LAB explanation https://youtu.be/9yZSgJHdzCI Site Site Troubleshooting With Debug Messages https://youtu.be/EJ1dHw-KXXM Steps to configure ASA with Certificate 1. Configure Interfaces interface GigabitEthernet0/0 ip address 10.10.4.200 255.255.255.0 nameif outside no shutdown interface GigabitEthernet0/1 ip address 192.168.0.20 255.255.255.0 nameif inside no shutdown 2. Configure ISAKMP policy crypto ikev1 policy 10 authentication pre-share encryption aes hash sha 3. Configure transform-set crypto ipsec ikev1 transform-set myset esp-aes esp-sha-hmac 4. Configure ACL access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0 5. Configure Tunnel group tunnel-group 10.20.20.1 type ipsec-l2l tunnel-group 10.20.20.1 ipsec-attributes ikev1 trust-point VPN 6. Configure crypto map and attach to interface crypto map mymap 10 match address L2LAccessList crypto map mymap 10 set peer 10.10.4.108 crypto map mymap 10 set transform-set myset crypto map mymap 10 set reverse-route crypto map mymap interface outside 7. Enable isakmp on interface crypto isakmp enable outside E-mail ID : [email protected] #VPN #DigitalCertificate #bikashtech -~-~~-~~~-~~-~- Please watch: "Palo Alto Firewall Basic Configuration | Zone | Security Policy | NAT | Virtual Router" https://www.youtube.com/watch?v=qXtP-POXIQE -~-~~-~~~-~~-~-
Views: 289 Bikash's Tech
LabMinutes# SEC0023 - Cisco Router ASA Site-to-site (L2L) IPSec IKEv1 VPN with Pre-Shared Key
 
28:05
more Cisco VPN Video at http://www.labminutes.com/video/sec/vpn The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall. This is probably the simplest form of L2L IPSec using 'crypto map' and crypto ACL to match interesting traffic. You will see that you can apply the same configuration thought process to both router and ASA, while ASA having slight variation on the use of Tunnel-group and Group-policy. We will also look at how to restrict traffic over the tunnel using an access-list (ACL). Topic includes - L2L IPSec VPN between Router and ASA - Restricting VPN Traffic with Per-Tunnel ACL
Views: 11257 Lab Minutes
VRF Aware VPN Using Front-Door VRF [FVRF/IVRF]
 
34:30
Combination of DMVPN and VRF.. VRF Aware IPSec
Views: 6931 Khawar Butt
GET VPN configuration example
 
07:42
Complete description with screenshots: http://www.certvideos.com/get-vpn-configuration-example/
Views: 6713 Shyam Raj
Quick Configs - DMVPN QoS & IPsec
 
10:23
This CCIE oriented episode of quick configs goes into configuring Dynamic Multipoint VPN (DMVPN). See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 1840 Ben Pin
(SITE TO SITE IPSEC-VPN BETWEEN  CISCO ROUTER USING VTI)
 
12:44
IPSEC-VPN USING (VTI) VIRTUL TUNNEL INTERFACE
Views: 188 IRSHAD ALAM
GNS3 Labs: IPSec VPN with NAT across BGP Internet routers: Can you complete the lab?
 
07:05
Can you complete this IPSec VPN & NAT lab? GNS3 Topology: https://goo.gl/p7p8pq Get the VPN Config Generator and all my videos as part of a subscription here: https://goo.gl/mJMZGW Cisco documentation: https://goo.gl/hjmdFR For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. IPsec Overview: A secure network starts with a strong security policy that defines the freedom of access to information and dictates the deployment of security in the network. Cisco Systems offers many technology solutions for building a custom security solution for Internet, extranet, intranet, and remote access networks. These scalable solutions seamlessly interoperate to deploy enterprise-wide network security. Cisco System's IPsec delivers a key technology component for providing a total security solution. Cisco's IPsec offering provides privacy, integrity, and authenticity for transmitting sensitive information over the Internet. IPsec provides secure tunnels between two peers, such as two routers. You define which packets are considered sensitive and should be sent through these secure tunnels, and you define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. Then, when the IPsec peer sees such a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer. More accurately, these tunnels are sets of security associations (SAs) that are established between two IPsec peers. The security associations define which protocols and algorithms should be applied to sensitive packets, and also specify the keying material to be used by the two peers. Security associations are unidirectional and are established per security protocol (AH or ESP). With IPsec you define what traffic should be protected between two IPsec peers by configuring access lists and applying these access lists to interfaces by way of crypto map sets. Therefore, traffic can be selected based on source and destination address, and optionally Layer 4 protocol, and port. The access lists used for IPsec only determine which traffic should be protected by IPsec, not which traffic should be blocked or permitted through the interface. Separate access lists define blocking and permitting at the interface. A crypto map set can contain multiple entries, each with a different access list. The crypto map entries are searched in order—the router attempts to match the packet to the access list specified in that entry. It is good practice to place the most important crypto map entries at the top of the list. When a packet matches a permit entry in a particular access list, and the corresponding crypto map entry is tagged as cisco, then CET is triggered, and connections are established if necessary. If the crypto map entry is tagged as ipsec-isakmp, IPsec is triggered. If no security association exists that IPsec can use to protect this traffic to the peer, IPsec uses the Internet Key Exchange protocol (IKE) to negotiate with the remote peer to set up the necessary IPsec security associations on behalf of the data flow. The negotiation uses information specified in the crypto map entry as well as the data flow information from the specific access list entry. If the crypto map entry is tagged as ipsec-manual, IPsec is triggered. If no security association exists that IPsec can use to protect this traffic to the peer, the traffic is dropped. In this case, the security associations are installed via the configuration, without the intervention of IKE. If the security associations did not exist, IPsec did not have all of the necessary pieces configured. Once established, the set of security associations (outbound, to the peer) is then applied to the triggering packet as well as to subsequent applicable packets as those packets exit the router. Applicable packets are packets that match the same access list criteria that the original packet matched. For example, all applicable packets could be encrypted before being forwarded to the remote peer. The corresponding inbound security associations are used when processing the incoming traffic from that peer. If IKE is used to establish the security associations, the security associations will have lifetimes set so that they periodically expire and require renegotiation, thus providing an additional level of security. Multiple IPsec tunnels can exist between two peers to secure different data streams, with each tunnel using a separate set of security associations. For example, some data streams might be just authenticated while other data streams must both be encrypted and authenticated. Go here for more: https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html
Views: 3532 David Bombal
004 ASA INterface configuration
 
05:19
Send us email on [email protected] for complete CCNA SECURITY course access online for lifetime. Visit our website for more other course details www.noasolutions.com Full CCNA Security Course Contents are available on udemy online access https://www.udemy.com/ccna-security-210-260-iins-v-30/ https://www.udemy.com/ccna-security-210-260-iins-v-30-part-26/ https://www.udemy.com/ccna-security-210-260-iins-v-30-part-36/ https://www.udemy.com/ccna-security-210-260-iins-v-30-part-46/ https://www.udemy.com/ccna-security-210-260-iins-v-30-part-56/ https://www.udemy.com/ccna-security-210-260-iins-v-30-part-66/ This Course is designed to prepare CCNA Security candidates for the exam topics covered by the 210-260 IINS exam. This course allows learners to understand common security concepts, and deploy basic security techniques utilizing a variety of popular security appliances within a "real-life" network infrastructure. It focuses on security principles and technologies, using Cisco security products to provide hands-on examples. This Cisco self-paced course is designed to be as effective as classroom training. Course content is presented in easily-consumable segments via both Instructor Video and text. Makes the learning experience hands-on, increasing course effectiveness The revised CCNA Security (IINS v3.0) curriculum is designed to bring data, device, and administration together to have better network security, which is more relevant and valuable than ever. It is destined to meet the current business demand so that the network security professionals are able to acquire new knowledge, training and vital skills to be successful in evolving job roles. 1. Security Concepts – This section includes security principles, threats, cryptography, and network topologies. It constitutes 12% of the questions asked in the exam. 2. Secure Access – This section deals with secure management, AAA concepts, 802.1 X authentications, and BYOD. It makes 14% of the exam. 3. VPN (Virtual Private Networks) – This focuses on VPN concepts, remote access VPNs, and site-to-site VPNs. It is 17% of the exam. 4. Secure Routing & Switching – This section concentrates on VLAN security, mitigation techniques, layer 2 attacks, routing protocols, and overall security of Cisco routers. That is 18% of the exam. 5. Cisco Firewall Technologies – This section is 18% of the exam and focuses on stateful and stateless firewalls, proxy firewalls, application, and personal firewalls. Additionally, it concentrates on Network Address Translation (NAT) and other features of Cisco ASA 9.x. 6. IPS – It is 9% of the exam and this portion focuses on network-based and host-based IPS, deployment, and IPS technologies. 7. Content and Endpoint Security –Constituting 12% of the exam, this section checks your understanding on the endpoint, web-based, and email-based threats. Later it leads to apt and effective mitigation technology and techniques to counter those threats.
Cisco router WAN Redundancy/WAN Failover and Change Routing dynamicaly Using IP SLA - Route Tracking
 
05:23
The cisco ios image used in the video http://adf.ly/1TXSSz This video demonstrates on how to configure cisco routers for dual wan redundancy or changing route automatically using ip sla. So, this video explains Cisco WAN Failover, Dual WAN Link Failover ,WAN Failover Configuration, Failover with dual ISP, Cisco dual wan redundancy,internet failover on a cisco router, Configuring redundancy on WAN Links, cisco wan failover using ip sla.http://netsyshorizon.blogspot.com/2015/03/cisco-router-wan-redundancy-and-change.html This video explains how the routers changes the route to the destination from the primary route to a backup route. object tracking for best route - route tracking tracking routes using ip sla icmp-echo feature https://www.facebook.com/groups/netsyshorizon/ CCNA and CCNP tutorial https://twitter.com/tariqabosallout https://plus.google.com/+TariqAbosallout http://netsyshorizon.blogspot.com/ https://www.linkedin.com/in/tariqabosallout https://www.facebook.com/groups/netsyshorizon/ cisco wan redundancy design ; cisco wan failover ; cisco wan failover config ; cisco wan failover configuration ; cisco wan failover ip sla ; cisco wan failover to vpn ; cisco wan failover nat ; cisco wan link redundancy ; cisco failover wan connections ; cisco wan redundancy ; cisco wan failover configuration via ip sla ; cisco dual wan failover config single router ; cisco dual wan redundancy ; cisco wan failover example ; cisco wan link failover ; cisco wlc redundancy over wan ; cisco dual wan failover using sla tracking ; cisco asa wan failover vpn in the upcoming articles ; cisco wan failover configuration ; cisco wan failover ip sla ; cisco wan failover config ; cisco failover wan connections ; cisco asa wan failover in the upcoming articles ; cisco dual wan failover ; cisco router wan failover ; cisco 1921 wan failover ; cisco 881 wan failover ; cisco 2911 wan failover ; cisco wan failover ; cisco wan failover configuration via ip sla ; cisco dual wan failover config single router ; cisco 1811 dual wan config failover ; cisco dual wan failover using sla tracking ; cisco router dual wan failover ; cisco asa dual wan failover in the upcoming articles ; cisco ios dual wan failover ; cisco 891w dual wan failover ; cisco 881 dual wan failover ; cisco rv042 dual wan failover ; cisco 1841 dual wan failover ; cisco wan failover example ; wan failover in cisco router ; cisco wan link failover ; cisco multi wan failover ; cisco wan failover nat ; cisco dual wan failover config on single router ; wan failover on cisco router ; cisco asa failover over wan in the upcoming video ; cisco dual wan router failover ; cisco router automatic wan failover ; cisco wan failover to vpn ; cisco asa wan failover vpn in the upcoming articles ; cisco dual wan vpn failover ; cisco router with wan failover ; cisco 1941 wan failover ; cisco 1841 wan failover ; cisco 1812 wan failover ; cisco 2811 wan failover ; cisco 5505 wan failover ; cisco asa 5510 wan failover in the upcoming articles ; cisco asa 5500 wan failover in the upcoming articles ; cisco 871 wan failover ; cisco 861 wan failover ; cisco wan failover configuration via ip sla ; cisco failover ip sla ; isco wan failover ip sla ; cisco dual wan failover using sla tracking
Views: 58278 Tariq Abosallout
LabMinutes# SEC0042 - Windows 2008 Wired and Wireless Setting Deployment with GPO
 
10:23
more ISE video at http://www.labminutes.com/video/sec/ISE The video demonstrates how to selectively distribute wired and wireless network settings to Windows domain computers based on Computer security group. This is very useful if you need to deploy or update network settings in a large Windows environment. Topic: - Windows Wired Setting in GPO - Windows Wireless Setting GPO
Views: 6297 Lab Minutes
Policy-Based Routing PBR
 
12:37
This video describes the tasks for configuring Policy-Based Routing (PBR) on a router.
Views: 1308 Crypto Network
Cisco ASA Virtual Tunnel Interface (Route based VPN)
 
03:46
Learn how can you use Cisco ASA VTI (route based VPN solution) to simplify connectivity from data center to AWS cloud infrastructure.
Views: 6178 Cisco
LabMinutes# SEC0003 - Cisco DMVPN Redundancy and Failover with Dual Hub Dual Cloud Configuration
 
24:32
more DMVPN video at http://www.labminutes.com/video/sec/DMVPN The video shows you how to build a redundant DMVPN network with dual-hub dual-cloud design. The failover capability is provided by routing protocol. With EIGRP chosen for demonstration in this video, we show how to perform a simple tweak in the routing metric to solve potential asymmetrical routing. The video concludes with failover testing and shows that spoke-to-spoke traffic is not interrupted upon a Hub failure. Topic includes - Dual-hub dual-cloud DMVPN redundancy - EIGRP metric adjustment - DMVPN failover test
Views: 16398 Lab Minutes
Multiple Site to Site IPSec VPN Cisco Router
 
26:32
by Đình Việt Thắng
DMVPN - VRF Aware, IPsec Profiles and Behind NAT
 
57:16
http://spanport.net/2015/10/iwan-implementation-and-migration/
Zyxel USG Series - How to Setup WAN Failover
 
04:15
When using more than one WAN connection, it might be necessary to setup a failover, to ensure internet connection if the main connection drops. This tutorial will guide you through the process of configuring a WAN failover scenario. More guidelines and tutorials can be found here: http://onesecurity.zyxel.com/tutorials/ If you need support, please contact us via http://www.zyxel.com/form/contact_support.shtml?
Views: 9952 Zyxel
Configuring DMVP with mGRE, IPSec and NHRP
 
42:15
An exploratory video on configuring DMVPN using mGRE and IPSec. I'm not an expert on DMVPN and have some questions about it that I got into at the end of the video. If you know any of the answers please post a comment.
Views: 32044 Doug Suida
(Demo) ASA VPN to AWS VPC
 
24:54
LinkedIn https://www.linkedin.com/in/fowlerbenjamin/ Learn how to properly setup a IPSEC VPN Connection between your Cisco ASA and the AWS VPN endpoints. Extend or migrate your office/datacenter in a matter of just a few minutes!
Views: 29554 Benjamin Fowler
L2L VPN   on ASA with IKE v1
 
39:51
for training write to [email protected]
Views: 840 Jaya Chandran
How to Configure GRE - IPSEC SITE to SITE IPSEC VPN -- Route Based VPN - LAB
 
15:49
In this video, I am showing you,How to Configure GRE - IPSEC SITE to SITE IPSEC VPN -- Route Based VPN - LAB You can also look into my Blog: https://pgrspot.blogspot.in Tasks to be completed. 1. Configure IP Address as per the Topology 2. Make sure you have Reachability to the Peer End. 3. Create a Tunnel 1 with IP Address as 10.3.1.0/24 in Both Peer Routers. Create a Tunnel with Following Parameters accordingly in both peer Ends: IP Address : 10.3.1.0/24 Source IP : WAN-INTERFACE Destinate IP : Peer WAN-IP 3. Configure IKE Phase 1 : Encryption : AES Authentication : pre-share preshare-key : pgrspot Hash : md5 group : 5 4. Configure IKE Phase 2 : Create a IPSEC Profile name IPSEC-Profile Create a Transform-set named IPSEC-TRANS Encryption : AES Hash : md5 5. Create a static route From Client-Router to reach only Peer End WAN-INTERFACE(F0/0) Router and Vice Versa. 6. Remote the Default Route with FastEthernet interface. 7. Create a Defaut route with Tunnel to Encrypt the traffic. 8. Make sure only the packets through the Tunnel are only encrypted via IPSEC. 9. Create a Loopback Interface in Server Router and Confirm that the Traffic to the interface is Encrypted via IPSEC.
Views: 300 PGR Spot
Dynamic Multipoint VPNs DMVPN
 
03:30
CCNP Security SECURE series available for instant download at the following link: http://bowlercbtlabs.fetchapp.com/sell/yugiebiv In this video I perform the following: * Discuss Dynamic Multipoint VPNs (DMVPNs) * Configure ISAKMP and IPSec policies * Configure Tunnel interfaces and Crypto Maps * Demonstrate creation of tunnels and traffic flowing through the tunnels http://bowlercbtlabs.com
Views: 8312 bowlersp
LabMinutes# SEC0005 - Cisco DMVPN Spoke Interesting Traffic and Per-Tunnel QoS Configuration
 
15:39
more DMVPN video at http://www.labminutes.com/video/sec/DMVPN The first half of the video shows you how to specify an interesting traffic that will cause a DMVPN spoke-to-spoke tunnel to be initiated, and utilized. In the second half, we will look at an ability to configure per-tunnel QoS from hub to spokes using NHRP group. Sometimes, it might be desirable to allow spokes to communicate directly to one another for only certain type of traffic, for example VOIP to minimize latency, while still routing other applications through hub for access control. Conventionally, having a single tunnel interface at the DMVPN hub allows only one QoS policy to be applied outbound to spokes. With NHRP 'map group' feature, you are able to group spokes with similar requirements together and apply unique QoS policy per group, while the policy actually takes effect on per-spoke basis. Topic includes - DMVPN interesting traffic matching for Spoke-to-Spoke tunnel - DMVPN per-tunnel QoS policy
Views: 4843 Lab Minutes
day 135 - IPSEC VTI tunnels
 
01:02:11
:: VLOG TOPICS :: Migrating to twitch Let's talk about loathsome IT security ... maybe not so bad? Comparing router IPSEC tunnel types :: MEAT CHUNKS (links OTD) :: Another 'cheat sheet' site? https://cloudpacket.net/cheat-sheets.html Jeremy Stretch's original cheat sheets: http://packetlife.net/library/cheat-sheets ::WHIP CRACKING (labs):: IPSEC VTI tunnels :: APPLICABLE RFCs :: ISAKMP - https://tools.ietf.org/html/rfc2408 IKE - https://tools.ietf.org/html/rfc2409 IP Authentication Header - https://tools.ietf.org/html/rfc4302 ESP - https://tools.ietf.org/html/rfc4303 IKEv2 - https://tools.ietf.org/html/rfc5996 :: SOCIAL MEDIA :: TWITCH - https://www.twitch.tv/thelantamer DISCORD - https://discord.gg/BBSGPYH TWITTER - https://twitter.com/thelantamer INSTAGRAM - https://www.instagram.com/thelantamer/ FACEBOOK - https://www.facebook.com/lantamer/ :: LAB LINKS :: Google docs share - http://bit.ly/2AbJQhp INE Diagrams - http://bit.ly/2mgTGso INE VIRL files on Github - http://bit.ly/2ht78YH
Views: 209 theLAN Tamer
GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7
 
07:58
Can you complete this DMVPN, IPsec, NAT& BGP lab? GNS3 Topology: https://goo.gl/udfNPL Get the VPN Config Generator and all my videos as part of a subscription here: https://goo.gl/mJMZGW Cisco documentation: https://goo.gl/hjmdFR For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. ! ====================================================== ! Code created by David Bombal ! ! Find us at www.davidbombal.com ! ! ====================================================== ! CONFIG FOR: C1 ! ! ====================================================== ! HUB SITE ! crypto isakmp policy 10 hash md5 authentication pre-share encryption 3des group 2 lifetime 86400 ! crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set myset esp-3des esp-md5-hmac mode transport ! crypto ipsec profile cisco set transform-set myset set security-association lifetime seconds 86400 set security-association lifetime kilobytes 4608000 ! interface Tunnel 111 description ****** DMVPN GRE Tunnel ****** ip address 192.168.1.1 255.255.255.0 bandwidth 1000 delay 1000 ip nhrp holdtime 360 ip nhrp network-id 100000 ip nhrp authentication cisco ip mtu 1400 ip tcp adjust-mss 1360 ip nhrp map multicast dynamic tunnel source G0/1 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile cisco no ip split-horizon eigrp 100 no ip next-hop-self eigrp 100 ! router eigrp 100 network 192.168.1.1 0.0.0.0 network 10.0.0.0 0.255.255.255 no auto-summary !====================================================== ! Code created by David Bombal ! ! Find us at www.davidbombal.com ! ! ====================================================== ! CONFIG FOR: C2 ! ! ====================================================== ! SPOKE SITE ! crypto isakmp policy 10 hash md5 authentication pre-share encryption 3des group 2 lifetime 86400 ! crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set myset esp-3des esp-md5-hmac mode transport ! crypto ipsec profile cisco set transform-set myset set security-association lifetime seconds 86400 set security-association lifetime kilobytes 4608000 ! interface Tunnel 111 description ****** DMVPN GRE Tunnel ****** ip address 192.168.1.2 255.255.255.0 bandwidth 1000 delay 1000 ip nhrp holdtime 360 ip nhrp network-id 100000 ip nhrp authentication cisco ip mtu 1400 ip tcp adjust-mss 1360 ip nhrp nhs 192.168.1.1 ip nhrp map multicast 8.8.3.2 ip nhrp map 192.168.1.1 8.8.3.2 tunnel source G0/1 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile cisco ! router eigrp 100 network 192.168.1.2 0.0.0.0 network 10.0.0.0 0.255.255.255 no auto-summary
Views: 754 David Bombal
Mikrotik VPN Site to Site IPSec HQ to Multi Branch(Full Video)
 
55:27
Mikrotik VPN Site to Site IPSec HQ to Multi Branch --------------------------------------------------------------------------------- For More Video : https://www.youtube.com/channel/UCrpVZG9R8l7-qRwA1qZBw0w
Views: 9377 Cisco Triangle
LabMinutes# SEC0016 - Cisco Router Easy VPN (EZVPN) with Certificate and Hardware Client
 
20:37
more Cisco VPN Video at http://www.labminutes.com/video/sec/vpn The video walks you through configuration of Easy VPN (EZVPN) with Certificate authentication on a Cisco headend router. The hardware client router is running Client Mode and configured to automatically connect. Headend router already has a certificate installed through SCEP (See SEC0014 - Certificate Installation on Router and ASA), while we demonstrate a manual certificate import on the hardware client. XAuth can also be enabled concurrently, although we have XAuth disabled in this lab. Topic includes - EZVPN Client Mode with Certificate - EZVPN Hardware Client - Automatic Connect, Splitted-Tunnel - Router Certificate Import
Views: 2593 Lab Minutes
NHRP Crash Course
 
09:31
Quick clip from class today discussing NHRP on the virtual whiteboard.
Views: 8379 Ryan Lindfield
DMVPN QoS for Intelligent WAN
 
48:34
DMVPN IPSec overlay is used as the transport independent design for the Cisco Intelligent WAN solution. In addition to providing GUI-based management and situational awareness for Cisco IWAN intelligent path control and application performance optimization, LiveAction also enables easy configuration and deployment of DMVPN QoS. This LiveAction webinar will cover the following topics: - How to successfully deploy QoS for DMVPN WAN environment -- Discovering application usage -- Classifying traffic with NBAR and ACLs -- Understanding QoS differences with point-to-point vs. multipoint tunnel interfaces -- Knowing where to deploy DMVPN queuing policies - Validating DMVPN QoS policies with LiveAction - Seeing how LiveAction can save time implementing DMVPN QoS Download a free trial of LiveAction: http://liveaction.com/download/ Take LiveAction for a Test Drive: http://liveaction.com/support/testdrive/
LabMinutes# SEC0015 - Cisco Router Easy VPN (EZVPN) with Pre-Shared Key and Hardware Client
 
27:20
more Cisco VPN Video at http://www.labminutes.com/video/sec/vpn The video walks you through configuration of Easy VPN (EZVPN) with Pre-shared key authentication on a Cisco headend router. The hardware client router is running Client Mode and configured to automatically connect using a locally stored credential. We demonstrate unique characteristics of Client mode where connections can only be initiated from the remote client as the client router performs PAT to the source IP. Any resources local to the client is inaccessible from the headend side. As you will see, there is minimal configuration required on the hardware client, and since the IPSec is always initiated from the client, dynamic IP on the client is supported. Topic includes - EZVPN Client Mode with Pre-Shared Key and XAuth - EZVPN Hardware Client - Automatic Connect, Local Credential, Splitted-Tunnel
Views: 5552 Lab Minutes
Quick Configs - DMVPN & OSPF (phase 1, 2, 3, filters, point-to-multipoint, broadcast, dr, bdr)
 
17:20
This CCIE oriented episode of quick configs goes into using OSPF for Dynamic Multipoint VPN (DMVPN). See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 2368 Ben Pin
LabMinutes# SEC0025 - Cisco Router Site-to-site (L2L) IPSec IKEv1 VPN with Static VTI
 
20:19
more Cisco VPN Video at http://www.labminutes.com/video/sec/vpn The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel on Cisco routers using static Virtual Tunnel Interface (VTI). We will demonstrate VTI ability to support more than just unicast traffic, and how it offers many benefits similar to GRE tunnel but without the extra GRE overhead. In this lab, EIGRP is used as an example. In addition, we will point out VTI limitation to support non-IP protocol, in which case, we need to resort to GRE. MPLS is a good example and what we use to demonstrate in this lab. Topic includes - Static VTI - Tunnel Interface IP Unnumbered - MPLS - GRE
Views: 1875 Lab Minutes
Overview of DMVPN Phase 1
 
03:45
This snippet from the "DMVPN: Advanced and Crazy Scenarios" describes the building blocks of the DMVPN technology and an overview of DMVPN Phase 1. See http://www.ioshints.info/DMVPN for more details.
Views: 5594 Ivan Pepelnjak
LabMinutes# SEC0051 - Cisco ISE 1.1 BYOD (Part 2) - Wireless Onboarding Single SSID
 
15:05
more ISE video at http://www.labminutes.com/video/sec/ISE This Cisco ISE BYOD mini video series demonstrates device onboarding process for users to connect their personal devices to a corporate network as part of Bring Your Own Device (BYOD) concept. We will be covering both wired and wireless access using Windows 7, iPhone, and Android as client devices. Relevant authentication, authorization, and client provisioning policies will be presented. We will also looks at how users can manage their own devices through the My Devices Portal. In part 2, we focus on device onboarding on wireless network with single SSID Topic: - SCEP CA Profile - Device Registration - Policy Element Condition Authorization (Compound Condition) - Policy Element Result Authorization (Authorization Profile) - Web Authentication (CWA) - Airspace ACL Client Provisioning (Native Supplicant Profile) - Authentication Policy - Authorization Policy - Client Provisioning Policy - My Devices Portal - Device Blacklist
Views: 6463 Lab Minutes
LabMinutes# RS0071 - UCS-E Introduction
 
07:12
Full videos are available at http://www.labminutes.com/store/cisco-ucs-e-video-bundle
Views: 482 Lab Minutes
GRE Tunnel over IPsec (Burmese Language)
 
14:25
GRE, IPSec
Views: 294 Ronie Singh
Quick Configs - EEM (applet, timer, cli, syslog, sync, skip)
 
26:35
This CCIE oriented episode of quick configs goes into Embedded Event Manager (EEM). See http://bit.ly/1VZYkFi for all CCIE notes.
Views: 5634 Ben Pin
How to configure site to site IPSec VPN between two ASAs Firewall(Certification Authority) Part 2
 
01:30:20
I covered many topics about ASA firewall by GNS3 and how to configure Site to site IPSec VPN by using Certifications by Server 2003. My LinkedIn : https://sa.linkedin.com/in/mohammad-k-saeed-04866847 My FB Cisco Group: https://www.facebook.com/groups/438507132862835/?ref=bookmarks My experience related to: - Supervising on second fix stage (pulling Data Cables and Fiber Optic cable and termination). - Prepare and finalize the physical Network stage, including the troubleshooting. - Implementing and configuring Cisco IP phones (Manager, reception, wireless and basic phones) - Install and configure CUCM (SUB and PUB) to fulfill the requirement of end user. - Install and configure EsXi VMware for virtual appliances. - Install and prepare UC servers by using CICM. - Responsible for licensing of Network appliances. - Install and configure WLC and APs (internal and external) connected to. Including troubleshooting and enhance the coverage and roaming better. - Implement and configure the Layer3 Core switch 6509e (from zero stage until fulfill all network requirements which including VSS between Main and redundant core) - Implement and configure the L2 switches (Port channels with core switches Main and redundancy) - Install and configure Cisco Prime Infrastructure and make a wireless heat-map on it. - Implement and configure Telepresence system. - Install, implement and configure the IPTV system (prepare the servers and STB (set-top boxes)). - Configure and prepare the HSIA server which belongs to IPTV system. - Work with RMS (Room Management System) and BMS (Building Management System) which including the Integration with IP network. - Configure of CCTV system, installation and implementations. - Talented to lead the team to get a perfect result during site work. Appliances and servers: - 2960-s and 2960-x. - 6509e (main and redundant) - WLC 5508. - APs 1142N, 1500E, 1602N. - Gateway router 2951 series. - ASA firewall 5520. - UC servers UCS C210 M2 and UCS C200 M2 - Voice Gateway 2921. - Cisco Prime Infrastructure 2.2. - EX60 and EX90 Scope of design work: - Responsible to work in Low level and high level design for networking - Work on preparing BoQ of Cisco Networking components for several projects - Work with Low current system design I hope it would be valuable for every one! Follow me : LinkedIn: http://jo.linkedin.com/pub/mohammad-said/47/668/48 Twitter : https://twitter.com/#!/mohammadsaeed01 Facebook: https://www.facebook.com/mohammad.saeed.31 My Blog : http://cisco-learning-video.blogspot.com -~-~~-~~~-~~-~- Please watch: "How to configure IP phones Locally and remotely (VoIP) HD" https://www.youtube.com/watch?v=buMIA03OZIs -~-~~-~~~-~~-~-
Views: 9066 Cisco Saeed
Why gratuitous ARP is not always about ARP :)
 
06:33
Just did a quick & dirty explanation of why devices send gratuitous ARP after a failover of some sort occurs, even if MAC to IP mappings don't change.
Views: 24098 Ryan Lindfield
LabMinutes# SEC0114 - Cisco ISE 1.2 BYOD MDM Integration (Part 1)
 
19:35
Video Page http://www.labminutes.com/sec0114_ise_12_byod_mdm_integration_1 more ISE videos at http://www.labminutes.com/video/sec/ise The video walks you through Cisco ISE 1.2 integration with MobileIron MDM. You will be able to see all required configuration on both ISE and MDM to complete the integration process, and how user onboarding experience changes now that they need to register their devices to the MDM system. We will enforce MDM security policy using PIN lock as our example and allow differentiated level of access according to device posture information. At the end, we will review actions available to users on the MyDevices portal and demonstrate initiation of screen lock and corporate-wipe to iPhone and Android. Since MDM integration is an extension to ISE onboarding, this lab is built on top of the previous lab so please see SEC0113 - ISE 1.2 BYOD Wireless Onboarding Single SSID for detail of the completed configuration. Note that although this video is specific to MobileIron, the concept and majority of configuration steps are also applicable to other MDM vendors. Part 1 of this video shows configuration on ISE and MobileIron
Views: 7876 Lab Minutes
LabMinutes# SEC0039 - Cisco ISE 1.1 802.1X Switch and WLC Recommended Config (Part 2)
 
16:17
more ISE video at http://www.labminutes.com/video/sec/ISE Cisco Identity Services Engine Network Component Compatibility, Release 1.1.x http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html The video presents you with Cisco recommended switch and Wireless LAN Controller (WLC) configuration to interoperate with Cisco ISE. Most configurations are for enabling 802.1X and RADIUS, while the remaining (eg. SNMP, DHCP etc) are for providing additional information as part of ISE device profiling. Here we use a Cisco 3750 and vWLC in our demonstration, and we will also add them to Network Device. The video closes by going through the switch configuration validator. Part 2 of the video covers WLC configurations, Network Device addition, and config validator. Topic: - ISE Recommended 802.1X Switch Configuration - ISE Recommended WLC Configuration - Network Devices Group - Network Devices - ISE Configuration Validator
Views: 19400 Lab Minutes