Create a Cisco IPsec protected tunnel interface!

Рет қаралды 20,472

Күн бұрын

Tunnels aren't enough, they also need to be encrypted. See how an IPsec profile on a tunnel interface on a Cisco router can protect the tunneled traffic.
Free KZbin Playlists from Keith:
▶ Master Playlist for Cisco CCNA 200-301 ogit.online/sloth
🔐 Cisco CCNA 200-301 Security ogit.online/20...
💻 Cisco CCNA 200-301 IPv4 Subnetting ogit.online/su...
💬 Join our Discord server (free) ogit.online/Jo...
🏪 Keith Barker Amazon Affiliate Store www.amazon.com...
And…
🏫 Keith’s Content at CBT Nuggets ogit.online/Ke...
#KeithBarker #CCNA #200-301

Пікірлер: 80

@kaihu6776 Жыл бұрын

Hey, Mr. OG! You have changed many lives, mine included. Now I work with advanced networks, and a new thing (for me) can benefit from your amazing style of teaching. IPsec tunnels dual encryption using CA signed certificates. Don't even know where to start making even a lab for this. Different vendor devices participate in this type of layered security architecture. I am quite sure you know already. Guidance much much appreciated 😊

@KeithBarker Жыл бұрын

Thank you Kai Hu! And congratulations on all your accomplishments over the years!!! All the best.

@John-pp8qv 4 жыл бұрын

Although the routers can ping each other’s tunnel interfaces - R1 still requires an appropriate destination-route pointing down the tunnel for the /24 network at R2 (and vice versa). Without them, traffic will be default-routed in the clear to the gateway, which of course doesn’t guarantee it making it past the gateway. Great vid!

@KeithBarker 4 жыл бұрын

Thank you John! Spot on. Appreciate you taking time for the comments. More videos to come.

@TheWextin 5 ай бұрын

Great explanation. Sometimes you can read about a topic, think you understand it, but there are grey areas between the components. This really helps put it all together in my head. Thanks!!

@KeithBarker 2 ай бұрын

Thank you @TheWextin!

@tamoorali5768 Жыл бұрын

you are one of the top teacher i have seen so far on the youtube stay blessed

@tamoorali5768 Жыл бұрын

you are just awsome hats off and you deserve a salute, you explain and draft the lab in the most simplified /detailed and summarize way it is realy amazing

@lannetsolutions1042 2 жыл бұрын

Watchig this video on 4/11/2022. I also watch your videos on CBT nuggets. great teacher I appreciate your efforts for network engineers community, i study online. Thanks

@KeithBarker Жыл бұрын

Thank you Lannet Solutions!

@kwiatriot6190 4 жыл бұрын

Thank you for the content! Two items for feedback. One, I would have liked to see the IPSec profile creation because that is the part I struggle to remember. Two, I dig the new "lipstick" cam but it was tracking your face at times and that was slightly distracting. Just my views and wanted to share! Thank you again for sharing your knowledge with us!

@tamaspeter3599 4 жыл бұрын

Yes, it would be great to see the ISAKMP & IPSEC part of the config file....@Keith Barker please show us!

@KeithBarker 4 жыл бұрын

Noted, thank you Wayne!

@afakhpatel8522 4 жыл бұрын

Keith I'm watching your videos on the Network + .. YOU ROCK !!!

@KeithBarker 4 жыл бұрын

Thank you Afakh Patel!

@danielmamaniaguilar4609 4 жыл бұрын

You are the best!! Your youtube channel should have more subscribers!!

@KeithBarker 4 жыл бұрын

Maybe one day!

@TranquilityResort 3 жыл бұрын

Hi Keith, what simulation program are you using these days for your demonstrations and labs? VIRL 199$?

@KeithBarker 3 жыл бұрын

Thank you for the question ARSHAM EQ. I have a license for CML personal edition (from Cisco), but often use Eve-NG. Both get the job done for most of what I am working on.

@tamoorali5768 Жыл бұрын

now i will watch and recomend your channel

@sunkoko1 2 жыл бұрын

a pleasure to hear your explanation

@KeithBarker 2 жыл бұрын

Thank you Mehdi Hamid!

@OutJoke 4 жыл бұрын

Thanks Keith, another well explained educational video. 😀

@KeithBarker 4 жыл бұрын

Thanks 👍

@theotherguy6155 6 ай бұрын

you have so many videos it's impossible to find the one after this you've alluded too

@KeithBarker 6 ай бұрын

Thank you, @theotherguy6155, for letting me know. If you go to my channel, and use the search from there, along with the keyword or topic you are looking for, that may help you to find the content you are looking for.

@jesusmendoza4166 2 жыл бұрын

Great video! Extremely helpful for some troubleshooting I have to do this coming week! Glad I found this. One thing I am having trouble with is configuring an ipsec profile on my router. Can you point me to video where this is explained by any chance?

@riwz1603 9 ай бұрын

Hi, I couldn't find any from Keith regarding the ipsec profile configuration but I found another video that might help: kzbin.info/www/bejne/rovVq5aArdGUatEfeature=shared

@eslammohamedahmed4601 2 жыл бұрын

So interesting, keith!

@KeithBarker 2 жыл бұрын

Thank you!

@umairm8595 4 жыл бұрын

Thank you Keith this was a very well explained video, I appreciate it

@KeithBarker 4 жыл бұрын

Very welcome

@tamoorali5768 Жыл бұрын

we need your more videos on fortinet and on paloalto

@kevinpunya 3 жыл бұрын

about the last question, so where is the video that is going to discuss it? a little confusing as you have a ton of very insightful videos =)

@qudratullahludin 5 ай бұрын

Will it work in cisco asa firewalls

@KeithBarker 2 ай бұрын

Thank you for the question @qudratullahludin. ASA firewalls, as well as the older PIX firewalls both have the ability to implement IPsec VPN tunnels.

@MrAlazawi 4 жыл бұрын

The traffic won't be forwarded unless a static route or a dynamic routing protocol is configured on both Routers so that the Routers will know/learn where to send the traffic. Thanks Keith

@KeithBarker 4 жыл бұрын

Thank you Ibrahim Alazawi! Perfectly correct. More vids to come.

@MohammedIrfan-wc3zm 4 жыл бұрын

PC1 to PC2 bound (vice versa) traffic will work and be protected via GRE / IPSec tunnel. Why and how? GRE Tunnel is up. Both Tunnel interfaces have reachability. Question for you Keith - which emulation software was used for packet capture? Thanks!

@tajammulhsyed 4 жыл бұрын

Following

@MrAlazawi 4 жыл бұрын

you have missed an important point (Routing), therefore the traffic won't be forwarded unless a static route or dynamic routing protocol is configured on both Routes so that the Routers will now where to send the traffic.

@mehdifar995 4 жыл бұрын

@@MrAlazawi if we don't have a route , how can the ping work ?

@tajammulhsyed 4 жыл бұрын

@@mehdifar995 and also missing access list

@MrAlazawi 4 жыл бұрын

@@mehdifar995 ping worked because Keith pinged an IP Adresse which belongs to a connected network 10.12.12.0/24 for connected networks we don't need neither static route nor dynamic routing protocol for the Router to know where to send the packet to. Regards

@navneet6121986 2 жыл бұрын

We call it "GRE over IPSEC" or "IPSEC over GRE" ?

@renegonzalez8181 4 жыл бұрын

Hey Keith, what is the diference between this and a VPN? This seems easier, but is it the same? Can i use this in the real world? How?

@KeithBarker 4 жыл бұрын

Thank you for the question Rene Gonzalez. This is one of several ways to implement an IPsec VPN tunnel. The fancy name for it is a Virtual Tunnel Interface (VTI). More VPN videos coming. Get subscribed, and stay tuned for more.

@renegonzalez8181 4 жыл бұрын

thanks a lot @@KeithBarker i´m a huge fan, i´ve been learning from you for over a decade. Thanks for the reply.

@S76-e9n 2 жыл бұрын

Well done

@KeithBarker 2 жыл бұрын

Thank you S76!

@joshkindy4826 4 жыл бұрын

Your face tracking is neat but extremely distracting. Thank for the great content in the CBT Nuggets CCNA Course im currently taking

@KeithBarker 4 жыл бұрын

Noted! Will be correcting that. Thank you Josh Kindy!

@jetmelt 3 жыл бұрын

Great use of color. Of the many different parts of the configuration, the colors help separate and focus on them as you’re presenting.

@KeithBarker 3 жыл бұрын

Thanks so much!

@andreicraciun7870 4 жыл бұрын

Looking at 3:22 clearly there's no route from 10.2.0.0 to 10.1.0.0 other than the default "internet" route, therefore it won't go through the tunnel. Just as many comments already pointed, it will need a route (something like #ip route 10.1.0.0 255.255.255.0 10.12.12.2)

@KeithBarker 4 жыл бұрын

Thank you Andrei Craciun! Perfectly correct.

@gordonasturias6604 6 ай бұрын

Andre, thanks for the help with that.

@sinae7409 4 жыл бұрын

Fabulous content like always

@KeithBarker 4 жыл бұрын

Thank you sina e!

@gbadri1 4 жыл бұрын

Hey Keith, I am subscribed for all your courses but I am not getting alerts. hmm weird

@KeithBarker 4 жыл бұрын

Thank you G. BadrichIndian I will check my settings, thank you for the heads up, and welcome.

@RITUALAOS 4 жыл бұрын

Will be protected!

@KeithBarker 4 жыл бұрын

Thank you RITUALAOS! More videos to come, including pointing out some routing challenges. Get subscribed and stay tuned for more.

@JoeSmith-gb6mq 2 жыл бұрын

Is there a reason this is different for IPSEC than the video from 11yrs ago did something change, that makes Keith's older video not relevant?

@rohidahamad1023 4 жыл бұрын

Yes the traffic is encrypted/protected from PC1 to PC2.

@KeithBarker 4 жыл бұрын

Thank you ROHID AHAMAD! More videos to come, including details on how routing is required to get this working. Stay tuned.

@Ebraptus Жыл бұрын

need to get into the configuration more, not very in depth on this one

@Kazuha_oppa 4 жыл бұрын

Keith, I challenge you to create a IPSec protected tunnel between a Cisco ISR and a Meraki MX.

@KeithBarker 4 жыл бұрын

Thank you David. I may not be that brave.

@Kazuha_oppa 4 жыл бұрын

@@KeithBarker You chose wisely

@dennisreyes3872 4 жыл бұрын

I’m here

@KeithBarker 4 жыл бұрын

Thank you Dennis Reyes! Welcome.

@riwz1603 9 ай бұрын

Thank you very much for your explanation, the colours used makes it really easy to visualise and undertsand the concept. Love your videos too! Just wanted to add on for those who are wondering for the ipsec profile configuration, I found this video that might help: kzbin.info/www/bejne/rovVq5aArdGUatEfeature=shared

@KeithBarker 8 ай бұрын

Thank you @riwz1603!