SlideShare a Scribd company logo

Get vpn multicast for CCIE Security

Download as PPTX, PDF
Dhruv Sharma
Dhruv Sharma

This document will guide you on how to setup GET VPN using multicast mechanism over your network. This will come handy for all CCIE Security aspirants.

Education
1 of 22
GET VPN -Multicast Dhruv Sharma 6/30/2021
Introduction In this session we will review below points: • Building blocks in setting up GETVPN for Multicast • Review the implementation steps on KS and Group members • Lab fun 6/30/2021
Network Topology 6/30/2021
Introduction • In Ipsec VPN where new IP Address were added along with the outer header as shown below, in tunnel mode. • With GET VPN it ensure the private address is preserved. Which makes GET VPN, usable only on the private LAN. We cannot use Transport Mode as it might cause fragmentation errors. 6/30/2021
Introduction • Two Types of Keys: • KEK ( Key Encryption Key) • TEK (Traffic Encryption Key) • When the lifetime expires, we can configure our VPN to send rekey messages in either unicast ( with acknowledgement) or multicast mode ( no acknowledgement). 6/30/2021
• KS setup 6/30/2021
KS configuration – Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec transform-set ra-set esp-aes esp-sha-hmac mode tunnel ! ip access-list extended babi permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 ! crypto ipsec profile key1-profile set transform-set ra-set 6/30/2021
KS configuration – step 2 • Multicast configuration ! ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.1 255.0.0.0 ip pim dense-mode negotiation auto ! ip access-list extended multi permit ip host 11.11.11.1 host 239.1.1.1 ! 6/30/2021
KS configuration – step 3 • GDOI Configuration ! crypto gdoi group dhruv identity number 123 server local rekey address ipv4 multi rekey authentication mypubkey rsa rsa-keys sa ipsec 10 profile key1-profile match address ipv4 babi replay counter window-size 64 no tag address ipv4 11.11.11.1 6/30/2021 Crypto key generate rsa lablel rsa-keys mod 1024
• ISP setup 6/30/2021
ISP Configuration • ISP Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet2 ip address 12.12.12.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet3 ip address 13.13.13.100 255.0.0.0 ip pim dense-mode negotiation auto ! 6/30/2021
• GM setup 6/30/2021
GM Configuration Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 11.11.11.1 ! crypto ipsec transform-set cow-set esp-aes esp-sha-hmac mode tunnel ! 6/30/2021
GM Configuration Step 2 • Multicast Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 12.12.12.1 255.0.0.0 ip pim dense-mode ip igmp join-group 239.1.1.1 negotiation auto ! 6/30/2021
GM Configuration Step 3 • GDOI Configuration ! crypto gdoi group gm1 identity number 123 server address ipv4 11.11.11.1 crypto map crypto 10 gdoi set group gm1 ! interface GigabitEthernet1 crypto map crypto 6/30/2021
• Testing 6/30/2021
Testing • Ping Test 6/30/2021
Testing • Gdoi group status 6/30/2021
Testing • VPN status 6/30/2021
Testing 6/30/2021
• Lab Configure 6/30/2021
6/30/2021

Recommended

Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
CCNA Inter VLAN Routing
CCNA Inter VLAN RoutingCCNA Inter VLAN Routing
CCNA Inter VLAN Routing
Networkel
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricks
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
CCNA Routing Basics
CCNA Routing BasicsCCNA Routing Basics
CCNA Routing Basics
Networkel
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
NetProtocol Xpert
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
Networkel
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in NeutronKazunori Takeuchi
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 

Recommended

Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
CCNA Inter VLAN Routing
CCNA Inter VLAN RoutingCCNA Inter VLAN Routing
CCNA Inter VLAN Routing
Networkel
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricks
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
CCNA Routing Basics
CCNA Routing BasicsCCNA Routing Basics
CCNA Routing Basics
Networkel
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
NetProtocol Xpert
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
Networkel
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in NeutronKazunori Takeuchi
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
Romana Project
 
Networking in the cloud
Networking in the cloudNetworking in the cloud
Networking in the cloud
Cliff Chao-kuan Lu
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Liz Warner
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
Networkel
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3TommyBtown
 
Nexus 1000 v access guide
Nexus 1000 v access guideNexus 1000 v access guide
Nexus 1000 v access guide
networkershome
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
NetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
NetProtocol Xpert
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
Iuwne10 S02 L07
Iuwne10 S02 L07Iuwne10 S02 L07
Iuwne10 S02 L07Ravi Ranjan
 
NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .
networkershome
 
Configuracao de switch
Configuracao de switchConfiguracao de switch
Configuracao de switch
Douglas Santiago
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 
IP anycasting
IP anycasting IP anycasting
IP anycasting
Bangladesh Network Operators Group
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
Andrew Dampf
 
Class 3
Class 3Class 3
Class 3
mozaharulhoq
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Ftp configuration in cisco packet tracer
Ftp configuration in cisco packet tracerFtp configuration in cisco packet tracer
Ftp configuration in cisco packet tracer
Arjun Das
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)Suraj Kumar
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
IT Tech
 

More Related Content

What's hot

Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
Romana Project
 
Networking in the cloud
Networking in the cloudNetworking in the cloud
Networking in the cloud
Cliff Chao-kuan Lu
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Liz Warner
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
Networkel
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3TommyBtown
 
Nexus 1000 v access guide
Nexus 1000 v access guideNexus 1000 v access guide
Nexus 1000 v access guide
networkershome
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
NetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
NetProtocol Xpert
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .
networkershome
 
Configuracao de switch
Configuracao de switchConfiguracao de switch
Configuracao de switch
Douglas Santiago
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
Andrew Dampf
 
Class 3
Class 3Class 3
Class 3
mozaharulhoq
 
Ftp configuration in cisco packet tracer
Ftp configuration in cisco packet tracerFtp configuration in cisco packet tracer
Ftp configuration in cisco packet tracer
Arjun Das
 

What's hot (20)

Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
 
Networking in the cloud
Networking in the cloudNetworking in the cloud
Networking in the cloud
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
 
Nexus 1000 v access guide
Nexus 1000 v access guideNexus 1000 v access guide
Nexus 1000 v access guide
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
 
Iuwne10 S02 L07
Iuwne10 S02 L07Iuwne10 S02 L07
Iuwne10 S02 L07
 
NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .
 
Configuracao de switch
Configuracao de switchConfiguracao de switch
Configuracao de switch
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 
IP anycasting
IP anycasting IP anycasting
IP anycasting
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
 
Class 3
Class 3Class 3
Class 3
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
 
Ftp configuration in cisco packet tracer
Ftp configuration in cisco packet tracerFtp configuration in cisco packet tracer
Ftp configuration in cisco packet tracer
 

Similar to Get vpn multicast for CCIE Security

Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
IT Tech
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Servermmoizuddin
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLETariq Sheikh
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
Kapil Sabharwal
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713John Yu
 
Implementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case studyImplementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case study
A. S. M. Shamim Reza
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
Shannon McFarland
 
Day 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulationDay 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulation
CYBERINTELLIGENTS
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
Verry Hendroprasetyo
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
Amazon Web Services
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
LinuxCon ContainerCon CloudOpen China
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
GeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutionsGeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutions
TSOLUTIONS
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
Jean-Baptiste Trystram
 

Similar to Get vpn multicast for CCIE Security (20)

Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713
 
Implementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case studyImplementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case study
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
 
Day 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulationDay 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulation
 
Vpn
VpnVpn
Vpn
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 
GeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutionsGeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutions
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
 

More from Dhruv Sharma

RAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptxRAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptx
Dhruv Sharma
 
Load Balance with NSX-T.pptx
Load Balance with NSX-T.pptxLoad Balance with NSX-T.pptx
Load Balance with NSX-T.pptx
Dhruv Sharma
 
NSX_Troubleshooting.pptx
NSX_Troubleshooting.pptxNSX_Troubleshooting.pptx
NSX_Troubleshooting.pptx
Dhruv Sharma
 
ASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptxASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptx
Dhruv Sharma
 
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Dhruv Sharma
 
Routebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptxRoutebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptx
Dhruv Sharma
 
Ansible Network Automation session1
Ansible Network Automation session1Ansible Network Automation session1
Ansible Network Automation session1
Dhruv Sharma
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0
Dhruv Sharma
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
Dhruv Sharma
 
Route tags with OSPF
Route tags with OSPFRoute tags with OSPF
Route tags with OSPF
Dhruv Sharma
 
Aci vmware integration_youtube
Aci vmware integration_youtubeAci vmware integration_youtube
Aci vmware integration_youtube
Dhruv Sharma
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
Dhruv Sharma
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
Dhruv Sharma
 
Unquoted service path exploitation
Unquoted service path exploitationUnquoted service path exploitation
Unquoted service path exploitation
Dhruv Sharma
 
Getting started kali linux
Getting started kali linuxGetting started kali linux
Getting started kali linux
Dhruv Sharma
 

More from Dhruv Sharma (17)

RAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptxRAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptx
 
Load Balance with NSX-T.pptx
Load Balance with NSX-T.pptxLoad Balance with NSX-T.pptx
Load Balance with NSX-T.pptx
 
NSX_Troubleshooting.pptx
NSX_Troubleshooting.pptxNSX_Troubleshooting.pptx
NSX_Troubleshooting.pptx
 
ASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptxASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptx
 
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
 
Routebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptxRoutebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptx
 
Ansible Network Automation session1
Ansible Network Automation session1Ansible Network Automation session1
Ansible Network Automation session1
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
 
Route tags with OSPF
Route tags with OSPFRoute tags with OSPF
Route tags with OSPF
 
Aci vmware integration_youtube
Aci vmware integration_youtubeAci vmware integration_youtube
Aci vmware integration_youtube
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
 
Unquoted service path exploitation
Unquoted service path exploitationUnquoted service path exploitation
Unquoted service path exploitation
 
Getting started kali linux
Getting started kali linuxGetting started kali linux
Getting started kali linux
 

Recently uploaded

Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
gb193092
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 

Recently uploaded (20)

Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 

Get vpn multicast for CCIE Security

  • 1. GET VPN -Multicast Dhruv Sharma 6/30/2021
  • 2. Introduction In this session we will review below points: • Building blocks in setting up GETVPN for Multicast • Review the implementation steps on KS and Group members • Lab fun 6/30/2021
  • 4. Introduction • In Ipsec VPN where new IP Address were added along with the outer header as shown below, in tunnel mode. • With GET VPN it ensure the private address is preserved. Which makes GET VPN, usable only on the private LAN. We cannot use Transport Mode as it might cause fragmentation errors. 6/30/2021
  • 5. Introduction • Two Types of Keys: • KEK ( Key Encryption Key) • TEK (Traffic Encryption Key) • When the lifetime expires, we can configure our VPN to send rekey messages in either unicast ( with acknowledgement) or multicast mode ( no acknowledgement). 6/30/2021
  • 7. KS configuration – Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec transform-set ra-set esp-aes esp-sha-hmac mode tunnel ! ip access-list extended babi permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 ! crypto ipsec profile key1-profile set transform-set ra-set 6/30/2021
  • 8. KS configuration – step 2 • Multicast configuration ! ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.1 255.0.0.0 ip pim dense-mode negotiation auto ! ip access-list extended multi permit ip host 11.11.11.1 host 239.1.1.1 ! 6/30/2021
  • 9. KS configuration – step 3 • GDOI Configuration ! crypto gdoi group dhruv identity number 123 server local rekey address ipv4 multi rekey authentication mypubkey rsa rsa-keys sa ipsec 10 profile key1-profile match address ipv4 babi replay counter window-size 64 no tag address ipv4 11.11.11.1 6/30/2021 Crypto key generate rsa lablel rsa-keys mod 1024
  • 11. ISP Configuration • ISP Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet2 ip address 12.12.12.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet3 ip address 13.13.13.100 255.0.0.0 ip pim dense-mode negotiation auto ! 6/30/2021
  • 13. GM Configuration Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 11.11.11.1 ! crypto ipsec transform-set cow-set esp-aes esp-sha-hmac mode tunnel ! 6/30/2021
  • 14. GM Configuration Step 2 • Multicast Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 12.12.12.1 255.0.0.0 ip pim dense-mode ip igmp join-group 239.1.1.1 negotiation auto ! 6/30/2021
  • 15. GM Configuration Step 3 • GDOI Configuration ! crypto gdoi group gm1 identity number 123 server address ipv4 11.11.11.1 crypto map crypto 10 gdoi set group gm1 ! interface GigabitEthernet1 crypto map crypto 6/30/2021
  • 18. Testing • Gdoi group status 6/30/2021