You have a remarkable gift for teaching in plain language; I have watched a few of your videos on YT and gained in understanding, even though I am not an IT novice - I sense you enjoy what you do: thanks for taking the time to assist others.

This stuff was pure gibberish before I started studying Cisco; now it's pure gold. Thank you very much CBT Nuggets.

Your enthusiasm made this much easier to understand

Thank you for not having a monotone voice!

You are very welcome Samer! Best wishes, Keith

You teach amazingly well. I can see the hard work you put into first explain the theory and then back it up with a practical example.

Hello Ashwin- Yes, you've got it. The outside IP header will have the source IP of the VPN gateway sending the packet, with a destination IP header of the remote VPN gateway who will be receiving the packet over the internet. When the receiving router gets the packet, it will de-encapsulate and throw away the old outside header, decrypt the contents (which include the initial IP header addresses the client was using) and continue to route the packet. Keith

great job by keith barker and one of the best trainer on the internet

Thanks. Been doing site to site VPN for years now. Still is reliable for small and medium sized businesses :)

AH would've been good to mention as well. You do teach very well Keith!

Simple. Easy to Understand. Straight to the point. Awesome!

This is one of the coolest explanations I've seen ..You've got talent.. Kudos

The way you explain it makes it seem so easy to the point where it becomes funny!!, thank you

You Deserved 5 star ⭐ believe me

Excellent, learned something new. thanks for showing packet tracer working in the background

This was incredible. Simple, clear, well-paced, sticks to the subject, practical use-case. Just very well done.

I hadn't realised how old this vid is until I saw the Windows XP Start button! Still good, though, thanks.

Your style of explaining is second to none. 👍🙏🙏🙏

My pleasure! Glad you liked the video. Keth

Hi Keith, thank you for taking the time and answering my question. Great video!

Man you're way of teaching is just awesome.. pls keep on doing what you're doing..

Best of the best! Super simplified nugget, this is the best explanation of IPsec I have seen, very informative and useful. Thank you so much, Keith!

thanks for this detailed explanation with the actual ping request!

Amazing! I'm blown away. Thank you for the intelligent explanation.

Great description and even I got. :) Very good voice to match the video tutorial. Thanks Keith!!

This is just so fun, thanks man!!

Thanks for the vid Mr. Barker...you take complicated topics and explain them so i can understand, keep up the great work!!

This series is awesome.

The the crypto ACL says any-any, there are 2 challenges. The two peers will need to agree on that to bring up a tunnel, and then secondly, all traffic leaving the VPN peers would be sent to the peer on the other side. There may be some corner cases where something similar to that would work, but for general site to site VPNs it would be a configuration/design error.

You are amazing! I've never heard someone explain something so well! Brilliant!

Awesome video, love your enthusiasm! :)

Good Job Keith!

Nice explanation. What i'm missing is: Who to do this? How do i create R1 and R2? After all, it's about. How to get this to work.

How can someone thumb down this video, fantastic explanation.

Thanks for the video, what did you use to draw on the screen? Is that a pad you can hook up to a computer?

The VPN client installed in our home machines will do the ESP encapsulation at machine itself before it sends to our ISP ? Is that right ? In this example you said Router R1(ISP's router) is doing it.

Man! You mad helpful! So glad I found ya!

This was so well illustrated and explained. Thanks

شكرا للدكتور هيازع البارقي خبير امن نظم المعلومات

Brilliant video...simple and practical example ...loved it.

Brilliant.. Thanks a lot for simplifying it.

To check the data integrity of the packets as they are sent means they undergo tests like CRC (cyclic redundacy checking).

Dear Sir, you teach very very nice "super nice" than the other

Hi Keith, I have a short question. Why do we not use SSL universally/predominantly for VPNs but use IPSec? One good reason to use SSL as opposed to IPSec is the popularity of port on which it works (443). The positive is that it's open everywhere! Am I missing something?? Maybe one similar question should be - What prevents us from using SSL instead of IPSEC protocol suite in Site-to-site tunnels?

Hi Keith, At around 3:05 you say the packet is going to be encapsulated. Does this mean that the Packet basically has 2 Destination and 2 Source IP adresses, from which only 1 Destination and 1 Source Address are visable when the packet is send over the Internet?

Your channel enlighten some dark spots i had in networking, I'd like to thank you I have my network security exam at the end of this month. Otherwise, would you tell me what software are you using for the facilitation of the course?

Great Explanation in Simple Language

How were you able to capture the packets sent from machine to router? Then router to web?

Hi Keith..What tool are you using in creating your topology? and also the tool you use to capture the packet

What I never understood is why a VPN is necessary at all - why not send a regular IP packet with encrypted payload? But I am getting the feeling that this is *exactly* what VPN (or rather IPsec) is doing. It always seemed to me that the encapsulation part, which was always presented as one of the two critical components of a VPN (the other being encryption), was a VPN-exclusive thing, but I guess when two PCs in their respective local networks talk to each other, encapsulation is *always* present - is that correct?

Superb! Got it exact

Hi Keith, Can u help with something. I have this network that I'm working on packet tracer. I have two sites site A and B. Site A is ASN 10 and B is ASN 20. In the middle is an ISP router on the ASN 50. I use OSPF for the interior routing on my two sites and bgp has been configured successfully on all three routers and I managed to get IP connectivity from hosts on site A to B and vice versa. The thing is when I implemented the IPsec VPN tunnel, the hosts on site A can reach until the router that connects the destination hosts but never reached them. The thing is the pings from a host in A reaches all networks inside site B except the network of the destination host. Like if 192.168.1.0 / 24 is the source network in site A and 192.168.2.0 / 24 is the destination network on B, the hosts on A can reach all networks except the network on which my destination hosts live. Pls help me understand what could have gone wrong

Subscribed thanks to this video. You sound so happy talking about this lol. Thanks for the vid!

Would IP sec need to be configured both ways?

Keith that was amazing .. many thanks :)

Excellent teacher!!! Thanks.

Great tutorial man! Great work, Great examples!

hi , thanks for your nice video but, software did you use??

IPSec or OpenVPN, which would you suggest in terms of security?

Nice one. Cheers.

So.. the routing table of R1 is supposed to contain the entire range of IPs of PCs under R2, or else how does it understand which of the requests are to be encrypted and sent to R2's IP ???? (and vice versa)

Excellent. You did a great job. Simple to understand. Thanks!

ipsec uses 2 protocols ESP for encryption and AH for authentication . using sha1 sha2 or md5 and using aes for authentication

Thanks. But how do you connect two routers with each other? Do you use Public IP addres forwarding to each Router? For Example....How can i RDP from 172.16.0.2 to 192.168.0.20 ?

Does Ipsec add latency to voip calls because it has to encrypt the message? When would I turn on or off ipsec? Any help would be appreciated.

Is the data bridge trottled

Thank you sir...You know exactly how to teach things..wonderful video

Hi, I just wanna ask. What will happen if I use an access-list with permit ip any any in Ipsec VPN? Will the network be able to browse the internet?

Thank you for such a great explanation.

Great video on VPN tunnels. I was trying to setup S2S VPN in AWS and what I did not understand is role of Inside IPv4 addresses (typically 169.254.0.0/16 range). It would be great if you could help me understand what these inside IPs are, why they are used, are these actual IPs?

I don't get it with the source ip adresses. The router would change the source private ip address anyway if it is ipsec or not if it goes through the internet. It also encapsulates the whole packet with HDLC or whatever protocol the router is using to connect to the ISP router. No one could ever see the private ip address even if ipsec is not used. Could you please elaborate on that one?I really don't get it

if I get the videos on your CBT Nuggets, would subtitles in my language?

Great explanantion. Am new to networks and have a (stupid) question. Doesn't HTTPS communication provide this (Encryption/Security) already ? If so then why do we need a tunnel? why don't we just use SSL protocol for communication.

Bro I loved this video. Thank you so much haha you have a gift at teaching simply

thanks. good one. well explained. short and to the point.

in order to decrypt the data in the other router, does the other router need to install ipsec too or it will automatically decrypt it?

hi sir keith, what is the difference between ipsec and ssl vpn? thanks

Thanks so much, really simple and clear explanation.

what ports? and IPsec uses what kind of routing paths? bgp? and how do they open sessions with eachother? sorry

What if both PCs had the same IP address like 192.168.1.123 before setting up the VPN? Do the subnets have to be different at each site?

When PC1 pings 192.168.0.20, how does router 1 know that private IP is at site 2 rather than any other company using the same private address for a host? I mean it's on the internet right? it could go anywhere, that has me confused. Can you please explain?

Excelente !!!!!!!!!!! Congrats!!!!!!!!!!!

CBT Nuggets licenses access to it directly from their web site. Keith

Made it so clear and easy! Great job!

What this tracer called ?

What app you used to trace ping packages:

Thank you so much, so well explained

Thank you. Awesome work

Great explanation! Thank you!!!

Can we use black or dark mode in you videos please instead of bright white backgrounds please???

Does a vpn tunnel have to go through an isp to even be called a vpn tunnel?

very professional video. thanks!

HOW ENCRYPTION DECRYPTION WORKS, WHERE ARE KEYS PRESENT?

right on one can see your private ip address and what about your data is your data is secure on the network ipsec does it for vpn

Great video :) Thanks again!

Danke Bre

This was great! :D

Great facilitated! thanks

Thank for this video!

What happens if the customer using the same address range as ours at pc1 and pc2?I mean the private address range