Create a Cisco IPsec protected tunnel interface!
ฝัง
- เผยแพร่เมื่อ 15 ต.ค. 2020
- Tunnels aren't enough, they also need to be encrypted. See how an IPsec profile on a tunnel interface on a Cisco router can protect the tunneled traffic.
Free TH-cam Playlists from Keith:
▶ Master Playlist for Cisco CCNA 200-301 ogit.online/sloth
🔐 Cisco CCNA 200-301 Security ogit.online/200-301_Security
💻 Cisco CCNA 200-301 IPv4 Subnetting ogit.online/subnet
💬 Join our Discord server (free) ogit.online/Join_OGIT_on_Discord
🏪 Keith Barker Amazon Affiliate Store www.amazon.com/shop/keithbarker
And…
🏫 Keith’s Content at CBT Nuggets ogit.online/Keith-CBT
#KeithBarker #CCNA #200-301
![แม่กลองสองใจ - ซีแกรม โตเกียว มิวสิค [ OFFICIAL MUSIC VIDEO ]](http://i.ytimg.com/vi/GSQfVjcr_f4/mqdefault.jpg)
![ความรักไม่ได้น่ากลัวขนาดนั้น (TRUST ME) - LYKN [ OFFICIAL MV ]](http://i.ytimg.com/vi/9np-lAtCRpQ/mqdefault.jpg)
Great explanation. Sometimes you can read about a topic, think you understand it, but there are grey areas between the components. This really helps put it all together in my head. Thanks!!
Hey, Mr. OG!
You have changed many lives, mine included.
Now I work with advanced networks, and a new thing (for me) can benefit from your amazing style of teaching. IPsec tunnels dual encryption using CA signed certificates. Don't even know where to start making even a lab for this. Different vendor devices participate in this type of layered security architecture. I am quite sure you know already. Guidance much much appreciated 😊
Thank you Kai Hu! And congratulations on all your accomplishments over the years!!!
All the best.
Although the routers can ping each other’s tunnel interfaces - R1 still requires an appropriate destination-route pointing down the tunnel for the /24 network at R2 (and vice versa). Without them, traffic will be default-routed in the clear to the gateway, which of course doesn’t guarantee it making it past the gateway. Great vid!
Thank you John! Spot on. Appreciate you taking time for the comments. More videos to come.
you are one of the top teacher i have seen so far on the youtube stay blessed
you are just awsome hats off and you deserve a salute, you explain and draft the lab in the most simplified /detailed and summarize way it is realy amazing
Keith I'm watching your videos on the Network + .. YOU ROCK !!!
Thank you Afakh Patel!
a pleasure to hear your explanation
Thank you Mehdi Hamid!
Thanks Keith, another well explained educational video. 😀
Thanks 👍
Thank you Keith this was a very well explained video, I appreciate it
Very welcome
now i will watch and recomend your channel
You are the best!! Your youtube channel should have more subscribers!!
Maybe one day!
Fabulous content like always
Thank you sina e!
Watchig this video on 4/11/2022. I also watch your videos on CBT nuggets.
great teacher I appreciate your efforts for network engineers community, i study online. Thanks
Thank you Lannet Solutions!
So interesting, keith!
Thank you!
Well done
Thank you S76!
you have so many videos it's impossible to find the one after this you've alluded too
Thank you, @theotherguy6155, for letting me know.
If you go to my channel, and use the search from there, along with the keyword or topic you are looking for, that may help you to find the content you are looking for.
Thanks again.
My pleasure!
Thank you for the content! Two items for feedback. One, I would have liked to see the IPSec profile creation because that is the part I struggle to remember. Two, I dig the new "lipstick" cam but it was tracking your face at times and that was slightly distracting. Just my views and wanted to share! Thank you again for sharing your knowledge with us!
Yes, it would be great to see the ISAKMP & IPSEC part of the config file....@Keith Barker please show us!
Noted, thank you Wayne!
Will be protected!
Thank you RITUALAOS! More videos to come, including pointing out some routing challenges. Get subscribed and stay tuned for more.
we need your more videos on fortinet and on paloalto
Great video! Extremely helpful for some troubleshooting I have to do this coming week! Glad I found this. One thing I am having trouble with is configuring an ipsec profile on my router. Can you point me to video where this is explained by any chance?
Hi, I couldn't find any from Keith regarding the ipsec profile configuration but I found another video that might help: th-cam.com/video/xZrzcJxla4o/w-d-xo.htmlfeature=shared
Great use of color. Of the many different parts of the configuration, the colors help separate and focus on them as you’re presenting.
Thanks so much!
The traffic won't be forwarded unless a static route or a dynamic routing protocol is configured on both Routers so that the Routers will know/learn where to send the traffic.
Thanks Keith
Thank you Ibrahim Alazawi! Perfectly correct. More vids to come.
Will it work in cisco asa firewalls
about the last question, so where is the video that is going to discuss it? a little confusing as you have a ton of very insightful videos =)
Yes the traffic is encrypted/protected from PC1 to PC2.
Thank you ROHID AHAMAD! More videos to come, including details on how routing is required to get this working. Stay tuned.
Hi Keith, what simulation program are you using these days for your demonstrations and labs? VIRL 199$?
Thank you for the question ARSHAM EQ. I have a license for CML personal edition (from Cisco), but often use Eve-NG. Both get the job done for most of what I am working on.
Looking at 3:22 clearly there's no route from 10.2.0.0 to 10.1.0.0 other than the default "internet" route, therefore it won't go through the tunnel. Just as many comments already pointed, it will need a route (something like #ip route 10.1.0.0 255.255.255.0 10.12.12.2)
Thank you Andrei Craciun! Perfectly correct.
Andre, thanks for the help with that.
Your face tracking is neat but extremely distracting. Thank for the great content in the CBT Nuggets CCNA Course im currently taking
Noted! Will be correcting that. Thank you Josh Kindy!
We call it "GRE over IPSEC" or "IPSEC over GRE" ?
I’m here
Thank you Dennis Reyes! Welcome.
PC1 to PC2 bound (vice versa) traffic will work and be protected via GRE / IPSec tunnel. Why and how? GRE Tunnel is up. Both Tunnel interfaces have reachability.
Question for you Keith - which emulation software was used for packet capture? Thanks!
Following
you have missed an important point (Routing), therefore the traffic won't be forwarded unless a static route or dynamic routing protocol is configured on both Routes so that the Routers will now where to send the traffic.
@@MrAlazawi if we don't have a route , how can the ping work ?
@@mehdifar995 and also missing access list
@@mehdifar995 ping worked because Keith pinged an IP Adresse which belongs to a connected network 10.12.12.0/24
for connected networks we don't need neither static route nor dynamic routing protocol for the Router to know where to send the packet to.
Regards
Hey Keith, I am subscribed for all your courses but I am not getting alerts. hmm weird
Thank you G. BadrichIndian
I will check my settings, thank you for the heads up, and welcome.
need to get into the configuration more, not very in depth on this one
Hey Keith, what is the diference between this and a VPN? This seems easier, but is it the same? Can i use this in the real world? How?
Thank you for the question Rene Gonzalez. This is one of several ways to implement an IPsec VPN tunnel. The fancy name for it is a Virtual Tunnel Interface (VTI). More VPN videos coming. Get subscribed, and stay tuned for more.
thanks a lot @@KeithBarker i´m a huge fan, i´ve been learning from you for over a decade. Thanks for the reply.
Keith, I challenge you to create a IPSec protected tunnel between a Cisco ISR and a Meraki MX.
Thank you David. I may not be that brave.
@@KeithBarker You chose wisely
Is there a reason this is different for IPSEC than the video from 11yrs ago did something change, that makes Keith's older video not relevant?
Thank you very much for your explanation, the colours used makes it really easy to visualise and undertsand the concept. Love your videos too! Just wanted to add on for those who are wondering for the ipsec profile configuration, I found this video that might help: th-cam.com/video/xZrzcJxla4o/w-d-xo.htmlfeature=shared
Thank you @riwz1603!