tq, before seing this video i don't know weather a way to overcome IPSEC Network overlapping. now i got complete knowledge of ipsec tq so much
@marrr76114 ай бұрын
Your videos are awesome my friend! I sent you some money the other day.
@macs29894 жыл бұрын
Awesome scenario Bikash... really this should have wonderful game playing with NAT. And great job Bikash, you deserve it . God bless you...
@issamzgybi9761 Жыл бұрын
You are the best, this scenario helped me allot at professional level, thanks allot
@amarjeetkumar87352 жыл бұрын
Nice!! What about 2nd case where policy NAt option is unable in company B. So twice NAT need to configure
@jagatjyoti16 ай бұрын
Doubt: Do we really need the 2nd access policy from outside to inside ( 100.1.2.1 to 100.1.1.1) ? In ASA, vpn traffic is exempted for acl filtering on outside interface with "sysopt vpn traffic" command. However let's say it needed, then why we put the NAT IP of inside zone as destination in the rule rather the original subnet(10.1.1.0/24), as we know, after the destination nat look up ,policy look up will be happened. So post dest nat look up it will be changed to 10.1.1.0 and policy will check for destination as 10.1.1.0 not 100.1.1.0/24
@rathodv163 жыл бұрын
Very nicely explained the complex thing in simple way.
@BikashsTech3 жыл бұрын
Thank you 😊
@Gabru-RJ Жыл бұрын
In Nat Site1-to-site 2 you've configured Source and Destination nat with bidirectional . Then why we need Site2-to-site1 Natting ? I think Bidirectional Nat will work if traffic would be generated through site 2 . Please correct me if i am wrong
@mohamedqasim178926 күн бұрын
I have the same above question in my mind.. @bikash.. Can you please clarify it.
@jagadeeshg43 жыл бұрын
Can you please explain this comparing to the life of a packet flow in Palo alto ?? basically when return traffic-> 100.1.2 to 100.1.1- > first it will look for Destination NAT - As there is DNAT 100.1.1 to 10.1.1 but again it will check for the security policy in which there is no policy allowed from Outside to inside with source- 100.1.2 to 10.1.1 right ?? can you please answer to this doubt? am I missing anything?
@sanchitjain00073 жыл бұрын
I have the same doubt.. when dnat is checked first so second rule should have real ip address
@marrr76114 ай бұрын
Do you have a video on how to configure a windows pc on eve-ng? I tried with windows 11 virtual pc, but the hard drive size of the vm needs to be 80g and it would consume the hard drive space that I allocated for the eve-ng environment. I had to increase the size a couple times of the eve-ng hard disk to accommodate the virtual windows pc. What do you recommend is the best image to use in eve-ng which is the lighest and does not consume much disk space?
@BikashsTech3 ай бұрын
Hello Marrr, You can follow this video (kzbin.info/www/bejne/hKuXlpqgnrV3p6c). For eve ng i have allocated 500GB SSD, actually images and lab take more space.
@sanchitjain00073 жыл бұрын
Hi Bikash, great videos.. Thank you for them.. please help me understand if we are doing the static NAT why we are the whole network instead of single IP?
@mh631114 жыл бұрын
Very good explanation..!!
@Faithhh0714 жыл бұрын
At 24:07 your 2nd NAT rule is wrong. The destination zone is still the outside because it's not translated yet. What security zone did you put 100.1.1.0 and 100.1.2.0 in?
@sanchitjain00073 жыл бұрын
Also if we enabling bidirectional nat in first rule why we need another NAT?
@sandeepbhatt84543 жыл бұрын
Also, we are consuming entire /24 block of public ip.
@shivsankar4552 жыл бұрын
You are right
@Faithhh0712 жыл бұрын
@@shivsankar455 I actually wasn't right. For a moment think of a classic port-forwarding NAT rule you've added. E.g. webserver 443/tcp translated to an internal address. Your destination zone would still be the outside zone (WAN). And the translated address would belong to an internal zone (DMZ). That's because those who are visiting your webserver do NOT know of the internal addresses. And they are visiting using the WAN address. But with this IPSEC example, there are static routes in place for the internal addresses, so the destination zone is just your internal zone (LAN) and not the outside zone. The bidirectional option isn't needed. You've already created two rules in both directions. The bidirectional option never worked properly for me if you filled in the destination address values. It's just better to create two separate rules without that option.
@shivsankar4552 жыл бұрын
Hi From where you get 100 subnet ?? That part having confusion.
@JakesMike8 ай бұрын
Thanks bro
@ManojKumar-ju1dz Жыл бұрын
hello sir many video are missing please add missing video of palo alto
@kevins68864 жыл бұрын
thanks plz do some more such lab
@vivekprajapati79113 жыл бұрын
great...
@sunilsehrawatsunilsehrawat8584 жыл бұрын
👍👌
@sunilsehrawat14073 жыл бұрын
Great work done by you bro, can u upload one vedio for site 2 site vpn failover in paloalto.......
@omidsassani520810 ай бұрын
So many wrong IPs explained on the screen starting at 7:00. Please pre-check your content before start recording