ipsec

The video demonstrates configuration of remote access IPSec VPN with Windows software client on Cisco ASA firewall. We will look at both simple pre-shared key authentication as well as using client certificate. The client is placed behind a NAT router to demonstrate the significance of NAT Transparency, and compare it to raw IPSec, IPSec over UDP and IPSec over TCP. The order of precedence on encapsulation types will be investigated when they are all enabled simultaneously. 

The video takes the site-to-site L2L IPSec VPN to the next level by combining what we have learnt from the previous videos with the concept of Virtual Routing Forwarding (VRF). We will look at how you can segregate different type of L2L VPN into their own logical routing domain, while they all share the same physical hardware. Basic understanding of VRF is recommended before viewing this video

The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall using certificate authentication. You will see that choosing the type of identity to send and match becomes very important as the certificate does not get exchanged until later in Phase 1 negotiation. Using aggressive mode allows the device identity contained in the certificate to be revealed sooner but at a risk of identity exposure. Aggressive mode will also be reviewed in this video.

The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall. This is probably the simplest form of L2L IPSec using 'crypto map' and crypto ACL to match interesting traffic. You will see that you can apply the same configuration thought process to both router and ASA, while ASA having slight variation on the use of Tunnel-group and Group-policy. We will also look at how to restrict traffic over the tunnel using an access-list (ACL). 

The video demonstrates configuration of remote access IPSec VPN with Windows software client on Cisco router. We will look at both simple pre-shared key authentication as well as using client certificate. The client is placed behind a NAT router to demonstrate the significance of NAT Transparency, and compare it to raw IPSec and cTCP (IPSec over TCP). The video finishes off by showing how client can be allowed access to local subnet when a non-split tunnel is used.

The video shows you how to enable Cisco Tunneling Control Protocol, also known as, IPSec over TCP, on Cisco router Easy VPN (EZVPN) connection. cTCP can potentially be a solution when you need to establish a VPN through a device or network that does not support ESP protocol. TCP encapsulation makes IPSec traffic NAT-friendly at the cost of additional overhead of TCP header. In this lab, we will simulate an unsupported network using ACL to block ESP and shows how cTCP provides a workaround.

• EZVPN with cTCP (aka IPSec over TCP)

The video desmonstrates the configuration of Easy VPN (EZVPN) using Dynamic Virtual Tunnel Interface (DVTI) on Cisco routers and explains its benefit over the conventional EZVPN with 'crypto map' or tunnel interface with GRE. Here we introduce the concept of Virtual-Template. The second half of the video shows example of additional features that you can implement with VTI using QoS and multicasting. 

The video demonstrates three different operational modes available on Cisco Easy VPN (EZVPN) router hardware client, namely Client, Network Extension, and Network Extension Plus, and explains when they should be used. We will also look at how to support multiple remote subnets, and NAT compatibility specifically when you run Network Extension or Network Extension Plus. These configurations only pertain to the hardware client side.

The video demonstrates various methods of EZVPN hardware client to initiate an IPSec connection. In this lab, the headend router is setup with Easy VPN (EZVPN) with Pre-shared key authentication, while the client is configured to run in Client Mode. We then explore different 'connect' and 'xauth' configuration options on the client side.