SlideShare a Scribd company logo

Ccna sv2 instructor_ppt_ch8

S
SalmenHAJJI1

This document discusses implementing virtual private networks (VPNs) using IPsec and describes how to configure a site-to-site IPsec VPN with pre-shared key authentication using the command line interface. It covers VPN concepts and benefits, the IPsec protocol components including IKE negotiation, and provides step-by-step instructions for configuring ISAKMP policies, IPsec policies, crypto maps, and verifying the VPN tunnel is operational. The objectives are to explain the purpose and operation of IPsec VPNs and to configure a site-to-site IPsec VPN using CLI.

Internet
1 of 64
CCNA Security v2.0 Chapter 8: Implementing Virtual Private Networks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 8.0 Introduction 8.1 VPNs 8.2 IPsec VPN Components and Operations 8.3 Implementing Site-to-Site IPsec VPNs with CLI 8.4 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Describe VPNs and their benefits. • Compare site-to-site and remote-access VPNs.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 VPN Benefits: • Cost Savings • Security • Scalability • Compatibility
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Remote-Access VPN Site-to-Site VPN Access
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Upon completion of this section, you should be able to: • Describe the IPsec protocol and its basic functions. • Compare AH and ESP protocols. • Describe the IKE protocol.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 IPsec Implementation ExamplesIPsec Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Confidentiality with Encryption:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Encryption Algorithms:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Hash Algorithms Security of Hash Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Peer Authentication Methods PSK
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 RSA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Diffie-Hellman Key Exchange
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 AH Protocols
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Router Creates Hash and Transmits to Peer Peer Router Compares Recomputed Hash to Received Hash
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Apply ESP and AH in Two Modes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 ESP Tunnel Mode
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Upon completion of this section, you should be able to: • Describe IPsec negotiation and the five steps of IPsec configuration. • Configure the ISAKMP policy. • Configure the IPsec policy. • Configure and apply a crypto map. • Verify the IPsec VPN.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 IPsec VPN Negotiation: Step 2 - R1 and R2 negotiate an IKE Phase 1 session. IPsec VPN Negotiation: Step 1 - Host A sends interesting traffic to Host B. IPsec VPN Negotiation: Step 3 - R1 and R2 negotiate an IKE Phase 2 session.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 IPsec VPN Negotiation: Step 4 - Information is exchanged via IPsec tunnel. IPsec VPN Negotiation: Step 5 - The IPsec tunnel is terminated.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 XYZCORP Security Policy Configuration Tasks Encrypt traffic with AES 256 and SHA 1. Configure the ISAKMP policy for IKE Phase 1 Authentication with PSK 2. Configure the IPsec policy for IKE Phase 2 Exchange keys with group 24 3. Configure the crypto map for IPsec policy ISAKMP tunnel lifetime is 1 hour 4. Apply the IPsec policy IPsec tunnel uses ESP with a 15-min. lifetime 5. Verify the IPsec tunnel is operational
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 ACL Syntax for IPsec Traffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Permitting Traffic for IPsec Negotiations
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 The crypto isakmp key Command
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Pre-Shared Key Configuration
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 The IKE Phase 1 Tunnel Does Not Exist Yet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Configure an ACL to Define Interesting Traffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 The crypto ipsec transform-set Command
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 The crypto ipsec transform-set Command
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Crypto Map Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Crypto Map Configuration:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Crypto Map Configuration:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Use Extended Ping to Send Interesting Traffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Verify the ISAKMP Tunnel is Established
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Verify the IPsec Tunnel is Established
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Chapter Objectives: • Explain the purpose of VPNs. • Explain how IPsec VPNs operate. • Configure a site-to-site IPsec VPN, with pre-shared key authentication, using the CLI.
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Recommended

Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2SalmenHAJJI1
 
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10SalmenHAJJI1
 

Recommended

Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11Ccna security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2SalmenHAJJI1
 
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1SalmenHAJJI1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9Babaa Naya
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5Babaa Naya
 
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)Yuichi Ito
 
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talkMOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talkJeff Squyres
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and FaultsInfrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and FaultsDiego Kreutz
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02computerlenguyen
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Securemohannadalhanahnah
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the NetworkCisco Canada
 
Nagios-yating
Nagios-yatingNagios-yating
Nagios-yatingyating yang
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
Arduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoArduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoSANTIAGO PABLO ALBERTO
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptxCCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptxRichardChecca1
 

More Related Content

What's hot

Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1SalmenHAJJI1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9Babaa Naya
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5Babaa Naya
 
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)Yuichi Ito
 
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talkMOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talkJeff Squyres
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and FaultsInfrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and FaultsDiego Kreutz
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceAlfredo Boiero Sanders
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the NetworkCisco Canada
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 

What's hot (20)

Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)Nexus DataCenter Switch の概要 (2014/8/06 webcast)
Nexus DataCenter Switch の概要 (2014/8/06 webcast)
 
MOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talkMOSSCon 2013, Cisco Open Source talk
MOSSCon 2013, Cisco Open Source talk
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
 
Infrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and FaultsInfrastructure Resilience against Attacks and Faults
Infrastructure Resilience against Attacks and Faults
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
 
Nagios-yating
Nagios-yatingNagios-yating
Nagios-yating
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
 
Arduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoArduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para Arduino
 

Similar to Ccna sv2 instructor_ppt_ch8

Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptxCCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptxRichardChecca1
 
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8newbie2019
 
It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7newbie2019
 
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9SalmenHAJJI1
 
It nv51 instructor_ppt_ch6
It nv51 instructor_ppt_ch6It nv51 instructor_ppt_ch6
It nv51 instructor_ppt_ch6newbie2019
 
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveNetwork Automation Forum
 
Chapter 4 Network Access
Chapter 4 Network AccessChapter 4 Network Access
Chapter 4 Network Accessnewbie2019
 
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1newbie2019
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASACisco Russia
 
Experiencias aumentadas por la red
Experiencias aumentadas por la redExperiencias aumentadas por la red
Experiencias aumentadas por la redschangan1
 
Chapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating SystemChapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating Systemnewbie2019
 
Chapter 3 Network Protocol and Communications
Chapter 3 Network Protocol and CommunicationsChapter 3 Network Protocol and Communications
Chapter 3 Network Protocol and Communicationsnewbie2019
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Canada
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Canada
 
What network architects need to know about the evolving software lifecycle (S...
What network architects need to know about the evolving software lifecycle (S...What network architects need to know about the evolving software lifecycle (S...
What network architects need to know about the evolving software lifecycle (S...Marco Coulter
 
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersDEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersCisco DevNet
 

Similar to Ccna sv2 instructor_ppt_ch8 (20)

Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
 
CCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptxCCNASv2_InstructorPPT_CH8.en.es.pptx
CCNASv2_InstructorPPT_CH8.en.es.pptx
 
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
 
It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7It nv51 instructor_ppt_ch7
It nv51 instructor_ppt_ch7
 
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
 
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptxCCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
 
It nv51 instructor_ppt_ch6
It nv51 instructor_ppt_ch6It nv51 instructor_ppt_ch6
It nv51 instructor_ppt_ch6
 
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
 
Chapter 4 Network Access
Chapter 4 Network AccessChapter 4 Network Access
Chapter 4 Network Access
 
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
 
Experiencias aumentadas por la red
Experiencias aumentadas por la redExperiencias aumentadas por la red
Experiencias aumentadas por la red
 
Brksec 2101 deploying web security
Brksec 2101 deploying web securityBrksec 2101 deploying web security
Brksec 2101 deploying web security
 
Chapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating SystemChapter 2 Configure a Network Operating System
Chapter 2 Configure a Network Operating System
 
Chapter 3 Network Protocol and Communications
Chapter 3 Network Protocol and CommunicationsChapter 3 Network Protocol and Communications
Chapter 3 Network Protocol and Communications
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment Routing
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
 
What network architects need to know about the evolving software lifecycle (S...
What network architects need to know about the evolving software lifecycle (S...What network architects need to know about the evolving software lifecycle (S...
What network architects need to know about the evolving software lifecycle (S...
 
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersDEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
 

Recently uploaded

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
 

Recently uploaded (12)

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
Stay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design TrendsStay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design Trends
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 

Ccna sv2 instructor_ppt_ch8

  • 1. CCNA Security v2.0 Chapter 8: Implementing Virtual Private Networks
  • 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 8.0 Introduction 8.1 VPNs 8.2 IPsec VPN Components and Operations 8.3 Implementing Site-to-Site IPsec VPNs with CLI 8.4 Summary
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Describe VPNs and their benefits. • Compare site-to-site and remote-access VPNs.
  • 4. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
  • 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 VPN Benefits: • Cost Savings • Security • Scalability • Compatibility
  • 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 7
  • 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Remote-Access VPN Site-to-Site VPN Access
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Upon completion of this section, you should be able to: • Describe the IPsec protocol and its basic functions. • Compare AH and ESP protocols. • Describe the IKE protocol.
  • 12. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 12
  • 13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 IPsec Implementation ExamplesIPsec Framework
  • 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Confidentiality with Encryption:
  • 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Encryption Algorithms:
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Hash Algorithms Security of Hash Algorithms
  • 17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Peer Authentication Methods PSK
  • 18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 RSA
  • 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Diffie-Hellman Key Exchange
  • 20. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 20
  • 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 AH Protocols
  • 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Router Creates Hash and Transmits to Peer Peer Router Compares Recomputed Hash to Received Hash
  • 24. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • 26. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Apply ESP and AH in Two Modes
  • 27. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 ESP Tunnel Mode
  • 28. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 28
  • 29. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • 30. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 31. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 32. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Upon completion of this section, you should be able to: • Describe IPsec negotiation and the five steps of IPsec configuration. • Configure the ISAKMP policy. • Configure the IPsec policy. • Configure and apply a crypto map. • Verify the IPsec VPN.
  • 33. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 33
  • 34. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 IPsec VPN Negotiation: Step 2 - R1 and R2 negotiate an IKE Phase 1 session. IPsec VPN Negotiation: Step 1 - Host A sends interesting traffic to Host B. IPsec VPN Negotiation: Step 3 - R1 and R2 negotiate an IKE Phase 2 session.
  • 35. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 IPsec VPN Negotiation: Step 4 - Information is exchanged via IPsec tunnel. IPsec VPN Negotiation: Step 5 - The IPsec tunnel is terminated.
  • 36. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • 37. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 XYZCORP Security Policy Configuration Tasks Encrypt traffic with AES 256 and SHA 1. Configure the ISAKMP policy for IKE Phase 1 Authentication with PSK 2. Configure the IPsec policy for IKE Phase 2 Exchange keys with group 24 3. Configure the crypto map for IPsec policy ISAKMP tunnel lifetime is 1 hour 4. Apply the IPsec policy IPsec tunnel uses ESP with a 15-min. lifetime 5. Verify the IPsec tunnel is operational
  • 38. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 ACL Syntax for IPsec Traffic
  • 39. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Permitting Traffic for IPsec Negotiations
  • 40. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  • 41. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 41
  • 42. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  • 43. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  • 44. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  • 45. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 The crypto isakmp key Command
  • 46. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Pre-Shared Key Configuration
  • 47. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 47
  • 48. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 The IKE Phase 1 Tunnel Does Not Exist Yet
  • 49. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Configure an ACL to Define Interesting Traffic
  • 50. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 The crypto ipsec transform-set Command
  • 51. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 The crypto ipsec transform-set Command
  • 52. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 52
  • 53. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  • 54. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Crypto Map Configuration Commands
  • 55. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Crypto Map Configuration:
  • 56. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Crypto Map Configuration:
  • 57. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  • 58. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 58
  • 59. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Use Extended Ping to Send Interesting Traffic
  • 60. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Verify the ISAKMP Tunnel is Established
  • 61. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Verify the IPsec Tunnel is Established
  • 62. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Chapter Objectives: • Explain the purpose of VPNs. • Explain how IPsec VPNs operate. • Configure a site-to-site IPsec VPN, with pre-shared key authentication, using the CLI.
  • 64. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Editor's Notes

  1. 8.1.1.1 Introducing VPNs
  2. 8.1.1.2 Layer 3 IPsec VPNs
  3. 8.1.2.1 Two Types of VPNs
  4. 8.1.2.2 Components of Remote-Access VPNs
  5. 8.1.2.3 Components of Site-to-Site VPNs 8.1.2.4 Activity – Compare Remote-Access and Site-to-Site VPNs
  6. 8.2.1.1 IPsec Technologies
  7. 8.2.1.2 Confidentiality
  8. 8.2.1.2 Confidentiality (Cont.)
  9. 8.2.1.3 Integrity
  10. 8.2.1.4 Authentication
  11. 8.2.1.4 Authentication (Cont.)
  12. 8.2.1.5 Secure Key Exchange 8.2.1.6 Activity – Identify the Components fo the IPsec Framework
  13. 8.2.2.1 IPsec Protocol Overview
  14. 8.2.2.2 Authentication Header
  15. 8.2.2.2 Authentication Header (Cont.)
  16. 8.2.2.3 ESP
  17. 8.2.2.4 ESP Encrypts and Authenticates
  18. 8.2.2.5 Transport and Tunnel Modes
  19. 8.2.2.5 Transport and Tunnel Modes (Cont.) 8.2.2.6 Activity – Compare AH and ESP
  20. 8.2.3.1 The IKE Protocol
  21. 8.2.3.2 Phase 1 and 2 Key Negotiation
  22. 8.2.3.3 Phase 2: Negotiating Sas 8.2.3.4 Video Tutorial – IKE Phase 1 and Phase 2
  23. 8.3.1.1 IPsec Negotiation
  24. 8.3.1.1 IPsec Negotiation (Cont.)
  25. 8.3.1.2 Site-to-Site IPsec VPN Topology
  26. 8.3.1.3 IPsec VPN Configuration Tasks
  27. 8.3.1.4 Existing ACL Configurations
  28. 8.3.1.4 Existing ACL Configurations (Cont.)
  29. 8.3.1.5 Introduction to GRE Tunnels 8.3.1.6 Activity – Order the IPsec Negotiation Steps
  30. 8.3.2.1 The Default ISAKMP Policies
  31. 8.3.2.2 Syntax to Configure a New ISAKMP Policy
  32. 8.3.2.3 XYZCORP ISAKMP Policy Configuration
  33. 8.3.2.4 Configuring a Pre-Shared Key
  34. 8.3.2.4 Configuring a Pre-shared Key (Cont.)
  35. 8.3.3.1 Define Interesting Traffic
  36. 8.3.3.1 Define Interesting Traffic (Cont.)
  37. 8.3.3.2 Configure IPsec Transform Set
  38. 8.3.3.2 Configure IPsec Transform Set (Cont.)
  39. 8.3.4.1 Syntax to Configure a Crypto Map
  40. 8.3.4.1 Syntax to Configure a Crypto Map (Cont.)
  41. 8.3.4.2 XYZCORP Crypto Map Configuration
  42. 8.3.4.2 XYZCORP Crypto Map Configuration (Cont.)
  43. 8.3.4.3 Apply the Crypto Map
  44. 8.3.5.1 Send Interesting Traffic 8.3.5.2 Verify ISAKMP and IPsec Tunnels
  45. 8.3.5.2 Verify ISAKMP and IPsec Tunnels
  46. 8.3.5.2 Verify ISAKMP and IPsec Tunnels (Cont.)
  47. 8.4.1.1 Video Demonstration – Site-to-Site IPsec VPN Configuration 8.4.1.2 Packet Tracer – Configure and Verify a Site-to-Site IPsec VPN 8.4.1.3 Lab – Configuring a Site-to-Site VPN 8.4.1.4 Chapter 8: Implementing Virtual Private Networks
  48. https://www.netacad.com