IPSec Site to MultiSite Part 2

Рет қаралды 2,487

CCNP Seth

Күн бұрын

Пікірлер: 11

@abdullahasim8010 Жыл бұрын

good job

@karimsalah6991 5 жыл бұрын

Great work .. thank you... what is maximum branches can i configure on R1 ?

@ccnpseth4563 5 жыл бұрын

When it comes to IPSEC tunnels, it all depends on the platform you are using. The more tunnels, the more resources that are going to be consumed. Therefore, there are line cards that can be used to offload the processing power from the Route processor to hardware.

@karimsalah6991 5 жыл бұрын

@@ccnpseth4563 Suppose that the headquarters of the company has a very strong router with a high-speed Internet socket .... Do these specifications allow me to create 6 encrypted tunnels associated with the company's branches. ?? With this technique I can create many branches online instead of using v35 connection

@mitpatel4268 5 жыл бұрын

Hi Seth, Thank you for publishing such wonderful videos. I have a question, however. If we want to build 3 tunnels - 1 HQ and 3 Remote offices, can we use a single ISAKMP policy and a single transform set, given that the peers and keys are appropriately and uniquely configured? Sorry if this was a silly one and I was missing out something basic but, my ultimate query is - can we reuse one ISAKMP policy for multiple tunnels? And how about IPSEC policy reuse?

@ccnpseth4563 5 жыл бұрын

Yes, keep the transform set the same for all peers and define interesting traffic for all peers in the ACL

@mitpatel4268 5 жыл бұрын

@@ccnpseth4563 thanks for prompt response! So it's all about segregating using the crypto ACLs and of course the policies should match? We can make this work using a single phase 1 and 2 policy sets...? Provided the proposals are matching and accepted and PSKs match as well...

@ccnpseth4563 5 жыл бұрын

@@mitpatel4268 yes

@mitpatel4268 5 жыл бұрын

@@ccnpseth4563 Thank you

@anandpathak4311 8 жыл бұрын

so as per video we dont need any configuration on the other end routers . R4 and R3 in this case.

@ccnpseth4563 8 жыл бұрын

you do, the two isakmp policies and transform sets matched the configs for r3 and r4. for ipsec and crypto maps, both sides need to have the same configs except the IP addresses and ACLs, which need to flipped. that's why I didn't show r3 & r4 configs.