Security

The video walks you through an installation of Cisco ACS 5.x (we use 5.3 for our demonstration) VMware version. We will guide you step-by-step through the installation process. At the end of this lab, you should have a working ACS server that you can use for RADIUS and TACACS+ authentication in future labs. No configuration, other than the setup process, is performed in this video. The video assumes that you have basic working knowledge of VMware ESXi.

The video walks you through an installation of Enterprise Certificate Authority (CA) and Network Device Enrollment Service (NDES) (aka SCEP) on a Windows 2008. We will test the server with a certificate request through web enrollment from a Windows client, as well as SCEP from a Cisco router. SCEP communication is captured and reviewed on Wireshark. At the end of the video, you should have a working CA server that you can use for certificate authentication in future labs.

The video combines the knowledge from our two previous videos on Object NAT and Twice NAT, and provides some guidelines on how to use them together on a single NAT table. We also discuss about pre-8.3 migration strategies and how the legacy command syntax (eg. nat, global, static, access-list) can be mapped to the new. We finish off the video with an experiment on the placement of destination NAT statement on the NAT table, and note its significance. We hope that you will have a better understanding on ASA 8.3 NAT by the end of this video.

The video looks at how to configure Twice NAT on a Cisco ASA 8.3. We go through NAT configuration syntax for different type of NAT scenarios and examine some characteristics specific to Twice NAT.

The video looks at how to configure Object NAT on a Cisco ASA 8.3. We go through NAT configuration syntax for different type of NAT scenarios and examine some characteristics specific to Object NAT.

The first half of the video shows you how to specify an interesting traffic that will cause a DMVPN spoke-to-spoke tunnel to be initiated, and utilized. In the second half, we will look at an ability to configure per-tunnel QoS from hub to spokes using NHRP group.

The video shows you how to build a redundant DMVPN network with dual-hub dual-cloud design. The failover capability is provided by routing protocol. With EIGRP chosen for demonstration in this video, we show how to perform a simple tweak in the routing metric to solve potential asymmetrical routing. The video concludes with failover testing and shows that spoke-to-spoke traffic is not interrupted upon a Hub failure.

The video shows you how to build a redundant DMVPN network with dual-hub dual-cloud design. The failover capability is provided by routing protocol. With EIGRP chosen for demonstration in this video, we show how to perform a simple tweak in the routing metric to solve potential asymmetrical routing. The video concludes with failover testing and shows that spoke-to-spoke traffic is not interrupted upon a Hub failure.

The video demonstrates another benefit of DMVPN Phase 3. We look at how DMVPN operates when a large network is partitioned into hierarchical regions for scalability and still maintain the capability of creating spoke-to-spoke tunnels. The video also points out some configuration pitfalls with the NHRP network id and tunnel key.

The video extends our previous knowledge on NHRP (see videos RS0015, RS0016) by adding IPSec and form DMVPN. We walk through the crypto configuration and point out the specific to support dynamic IPSec tunnel creation for spoke-to-spoke communication. DMVPN is one of the most popular forms of WAN connectivity over internet due to the low configuration requirement and ability to allow additional sites to be brought up with minimal effort, without modifying the Hub configuration.