GRE Encryption with IPSec | VPN Tunnels Part 2
Рет қаралды 33,417
5 жыл бұрынGRE Encryption with IPSec | VPN Tunnels Part 2
GRE tunnels do not have any native encryption! Fortunately, you can add IPSec encryption in transport mode to your tunnel.
First, we’ll have a quick look at how IPSec works. IPSec uses two security tunnels (called phase-1 and phase-2) for authentication, cipher and hash proposal, and session key exchange.
Some of the protocols used in this process include ESP (Encapsulating Security Payload), IKE (Internet Key Exchange), ISAKMP, AH (Authentication Header), and the Diffie-Hellman algorithm.
Once both sides agree on how these protocols will work, they will have built an SA (Security Association)
If you have NAT in your network, IPSec can detect and work around it with NAT-T
Try it yourself in the lab!
networkdirection.net/labsandq...
Part 1: How GRE Works - See the encapsulation process, as a packet moves from one side of the network to another
Part 2: GRE Encryption with IPSec - GRE is not encrypted by default! See the basics of IPSec, and how we can use it with GRE tunnels
Part 3: Improving GRE Stability - There are a few pitfalls to watch out for, including recursive routing. See some of the best practices that you can apply to make your tunnel stable
For more information, have a look at networkdirection.net/Advanced...
This video is useful for Cisco #CCNA and #CCNP certifications
🌏 / networkdirection
🌏 / netwrkdirection
🌏 / networkdirection
🌏 / networkdirection
🌏 www.networkdirection.net
@meinbherpieg4723 4 жыл бұрын
Clear, Concise, and, say it with me, HOLISTIC. Good job.
@blossoms2u 4 жыл бұрын
This is a GEM , Unexplored and untouched :D Great Tutorial . Simple and elegant
@prasadtalekar 5 жыл бұрын
I love the way you explain using animation ..its better way to understand and also build imagination
@sajjadmisrikoti2922 3 жыл бұрын
You make topics look simple..excellent
@NetworkDirection 3 жыл бұрын
Thanks!
@user-rl9ol5bi3b 5 жыл бұрын
Excellent guide! Thank you very much! Please keep up with the good work!
@NetworkDirection 5 жыл бұрын
I'm glad it's helpful to you!
@babakvelamkon 5 жыл бұрын
Very informative video. Nicely done with enough coverage. I loved the section which you went on actual the router and started highlighting. Thanks
@NetworkDirection 5 жыл бұрын
Thanks, this is really good feedback. Sometimes I think I overuse the router CLI in some videos. That's why I only used it a bit this time. Do you think this is better?
@babakvelamkon 5 жыл бұрын
Network Direction well, the thing is you have to recognise the level of your audience. I think the level of your videos are more ccnp and above ( thats why I follow your channel) for this sort of audience, CLI is music to their ears and they won’t get tired of it. I like the fact that in your videos, you are trying to cover areas in networking which are more grey and although heavily used, still there are alot of confusion around them. This sort of topic is tight to CLI. Well done
@NetworkDirection 5 жыл бұрын
That's good to hear. I was thinking that most of us see the CLI all day every day, so it might be nice to use it sparingly. I was concerned that I overuse it at times (the VRF videos for example). I appreciate the feedback, thanks
@MrAlazawi 4 жыл бұрын
really the best explaination on ever on GRE and IPSec,,, keep it going > new subscreiber
@donedeal51 5 жыл бұрын
Another good guide. Thank you for the video.
@NetworkDirection 5 жыл бұрын
Glad you like it! Part 3 out tomorrow
@ali_HA24 5 жыл бұрын
Excellent video as usual :)
@NetworkDirection 5 жыл бұрын
Thanks Ali!
@khalidmohamed6708 3 жыл бұрын
This is great video and in it there are well defined materials. Thank you for making a video like this
@NetworkDirection 3 жыл бұрын
You're welcome!
@NetworkDirection 5 жыл бұрын
Read more at: networkdirection.net/articles/routingandswitching/gretunnels/advancedgre/ Try the lab: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/ IMPORTANT UPDATE: I mention that there is a need to allow GRE through the firewall. This is only necessary if the tunnel is not encrypted. If we apply IPSec, as done in this video, the firewall will not see the traffic as GRE traffic. It will only see IPSec traffic, so you will not specifically need to allow GRE. (Thanks to Juergen from the Cisco Learning Network for pointing this out)
@cvjones009 5 жыл бұрын
So helpful and clear. Thanks!
@NetworkDirection 5 жыл бұрын
You're welcome!
@DDJThomas01 5 жыл бұрын
Learnt lots again!
@NetworkDirection 5 жыл бұрын
Glad to help Daniel, thanks!
@rowenarrow Жыл бұрын
Great video!
@davidk4682 4 жыл бұрын
Excellent video.
@YeshwanthSimhadri 5 жыл бұрын
very nice .... this helps a lot, cheers
@NetworkDirection 5 жыл бұрын
You're welcome!
@metraparla Жыл бұрын
👏👏👏very nice. thanks.
@RyanBreaker 5 жыл бұрын
This is the best guide I've found on the topic yet. Any chance for a video or article on DMVPN?
@NetworkDirection 5 жыл бұрын
YES! I very much want to do something on DMVPN. I've started making notes. It might take a few weeks (I have some other videos in production), but keep an eye out and it will happen!
@williebrown4266 5 жыл бұрын
Excellent
@NetworkDirection 5 жыл бұрын
Thanks!
@keshavkashyap166 3 жыл бұрын
08:28 UDP port 500 is for isakmp. Btw good job.
@NetworkDirection 3 жыл бұрын
You're exactly right, I misspoke. Protocol 50 is ESP, USP/500 is ISAKMP Unfortunately KZbin won't let me add a correction
@tommclaughlin7179 4 жыл бұрын
Good ol’ IPSec :-)
@robinkhn2547 3 жыл бұрын
Awesome video, could you do another where you do a configuration but with IKEv2? As far as I know, IKEv2 is the new standard and I'd like that to be explained, since I don't think that I have understood it fully.
@NetworkDirection 3 жыл бұрын
Yes, IKEv2 is better, although not used as often as it should be. I've added your request to my list. I'd like to update this with IKEv2 content.
Immersed
Рет қаралды 15 МЛН
Александр Мальков
Рет қаралды 2,8 МЛН