Chapter 6 - VPN - Part 2- IP Sec Configuring
-
Upload
cao-hong-minh -
Category
Documents
-
view
252 -
download
0
Transcript of Chapter 6 - VPN - Part 2- IP Sec Configuring
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 1/32
CCNA Advance
Chapter 6
Virtual Private Network - VPN
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 2/32
Configuring IPSec
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 3/32
3
Tasks to Configure IPSec
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 4/32
Task 1 – Prepare for IKE and IPSec
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 5/325
Task 1.1: IKE Phase 1 Policy Example
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 6/326
Task 1.2: IKE Phase 2 Policy Example
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 7/327
Task 1.3 – Check Current Configuration
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 8/32
8
Task 1.4 – Ensure The Network Works
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 9/32
9
Task 1.5 – Ensure ACLs are Compatible
with IPSec
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 10/32
Task 2 – Configuration IKE
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 11/32
11
Task 2.1, 2.2– Enable IKE, create policy
Task 2.1
Task 2.2
T k 2 2 C t IKE P li i
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 12/32
12
Task 2.2 – Create IKE Policies
with The crypto isakmp Command
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 13/32
13
Task 2.3 – Configure ISAKMP Identity
• IPSec peers authenticate each other during ISAKMP
negotiations using the preshared key and the ISAKMP
identity.
• The identity can either be the router IP address or hostname.
• Cisco IOS software uses the IP address identity method by
default.
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 14/32
14
Task 2.4 – Configure Pre-shared Keys
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 15/32
15
Task 2.4 – Configure Pre-shared Keys
Rout er A( conf i g) #crypto isakmp key cisco1234 address 172.30.2.2Rout er A( conf i g) #crypto isakmp policy 110Rout er A( conf i g- i sakmp) #hash md5Rout er A( conf i g- i sakmp) #authentication pre-share
Rout er B( conf i g) #crypto isakmp key cisco1234 address 172.30.2.1Rout er B( conf i g) #crypto isakmp policy 110Rout er B( conf i g- i sakmp) #hash md5Rout er B( conf i g- i sakmp) #authentication pre-share
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 16/32
16
Task 2.5 – Verify IKE Configuration
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 17/32
Task 3 – Configure IPSec
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 18/32
18
Task 3 – Configure IPSec
Task 3 1 Configure Transform Set
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 19/32
19
Task 3.1 – Configure Transform Set
Suites
A transform set defines the type of authentication,
integrity, and payload encryption you will use for your VPN
tunnel.
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 20/32
20
Task 3.1 - Transform Set Negotiation
Task 3 2 Configure Global IPSec Security
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 21/32
21
Task 3.2 – Configure Global IPSec Security
Association Lifetimes (Optional)
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 22/32
22
Task 3.2 - Purpose of Crypto ACLs
Task 3 3 – Create Crypto ACLs using
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 23/32
23
Task 3.3 Create Crypto ACLs using
Extended Access Lists
Task 3 3 - Configure Symmetrical Peer
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 24/32
24
Task 3.3 Configure Symmetrical Peer
Crypto Access Lists
Symmetrical Peer Crypto Access Lists MUST be done
T k 3 3 P f C t M
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 25/32
25
Task 3.3 - Purpose of Crypto Maps
T k 3 3 C t M P t
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 26/32
26
Task 3.3 - Crypto Map Parameters
Task 3.4 – Configure IPSec Crypto
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 27/32
27
g yp
Maps
Task 3.4 – IPSec Crypto Maps
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 28/32
28
yp p
Configuration Mode
Task 3.4 - Example Crypto Map
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 29/32
29
p yp p
Commands
Task 3.5 – Apply Crypto Maps to
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 30/32
30
pp y yp p
Interfaces
IPSec Configuration Summative
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 31/32
31
g
Examples
8/16/2019 Chapter 6 - VPN - Part 2- IP Sec Configuring
http://slidepdf.com/reader/full/chapter-6-vpn-part-2-ip-sec-configuring 32/32
Question ?
Thank you !