SlideShare una empresa de Scribd logo

Cisco ez vpn easy vpn

Descargar como DOCX, PDF
IT Tech
IT Tech

Cisco ez vpn easy vpn.

Tecnología
1 de 4
Cisco EzVPN – EASY VPN A Cisco EZVPN client is basically hardware VPN client that is always ON. It helps simplify deployment of branch locations where their public IP is handed out by a DHCP server and constantly changes. Today I’m setting up a Cisco EzVPN (Easy VPN) between a Cisco ASA5505 and a Cisco 800 Series IOS router in NEM – Network extension mode. The Cisco ASA will be acting as the VPN server and the Cisco router will be the client. EzVPN NEM –Network Extension Mode With NEM, you will be able to reach IPs on the client side of the tunnel from the server where was in CLIENT mode, all traffic is PAT from the client router, thus you will only be able to initiate traffic from the client side. Below is the network diagram I’m using to display my setup. Devices on either end of the tunnel will be able to reach each other bidirectionally. ie. the desktop should be able to ping the laptop and the laptop should also be able to ping the desktop. Cisco ASA EzVPN Server end configuration on ASA OS 8.3+ - First define the client subnet you want to reach using a network object. This is the IP subnet range on the client side. You can then use this object to define your encryption traffic as shown below in the static NAT statement. object network NAT0_EZVPN1 subnet 10.3.201.0 255.255.255.0 nat (INSIDE,OUTSIDE) source static any any destination static NAT0_EZVPN1 NAT0_EZVPN1 route-lookup Next setup the PHASE 1 encryption parameters. crypto ikev1 enable OUTSIDE crypto ikev1 policy 9 authentication pre-share encryption aes-256 hash sha group 2
lifetime 86400 Then setup your Phase 2 parameters and apply it to the interface. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto dynamic-map OUTSIDE_CRYPTO_DYNAMAP 65535 set ikev1 transform-set ESP-AES-256-SHA crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic OUTSIDE_CRYPTO_DYNAMAP Setup a split tunnel access-list in order to define traffic that will be routed over from the client side. This access-list will be pushed out to the client upon establishment of the VPN tunnel. access-list EZVPN_SPLIT_TUNNEL standard permit 10.0.0.0 255.240.0.0 Next you will need to define a group policy for the client. All these settings will be pushed out to the client upon connectivity to the VPN. Make note of the NEM enable option on the last line, as this will enable the Network Extension mode option. Also, you will need the password-storage enable option to allow the client username to be stored on the device. Otherwise you will be prompted to enter the username and password each time you establish the tunnel. group-policy EZVPN1 internal group-policy EZVPN1 attributes dns-server value 10.3.128.7 10.1.0.92 vpn-tunnel-protocol ikev1 ikev2 password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value EZVPN_SPLIT_TUNNEL default-domain value domain.local secure-unit-authentication disable user-authentication disable nem enable Create a username that you will be using on the client to connect to the server. Like the software VPN, this is the user credentials supplied for additional authentication. username EZVPN_USER password /n7KO5aHcX87RASZ encrypted Apply the group policy settings in a tunnel-group. This is where you enter the preshared key for your phase 1 authentication. tunnel-group EZVPN1 type remote-access tunnel-group EZVPN1 general-attributes default-group-policy EZVPN1 tunnel-group EZVPN1 ipsec-attributes ikev1 pre-shared-key secret
Cisco IOS Router EzVPN configuration - First setup a DHCP server on the router to assign an IP to the laptop. You can ignore this part of the setting if you wish to assign your IPs statically. ip dhcp pool LAPTOP import all host 10.3.201.2 255.255.255.248 client-identifier 01f0.def1.836d.2d option 150 ip 10.1.0.192 domain-name domain.local default-router 10.3.201.1 dns-server 10.3.128.7 8.8.8.8 4.2.2.2 - Set the domain and the DNS server settings on your router. This may be useful if you are going to use DNS names to reach your VPN server. ip domain name domain.local ip name-server 8.8.8.8 ip name-server 4.2.2.2 -Configure the Phase 1 parameters on the client end. This is where you specify the pre-shared key along with the NEM option, and the username and password used in the extended authentication. crypto isakmp key secret hostname CISCOASA crypto isakmp keepalive 10 periodic crypto ipsec client ezvpn EZVPN connect auto group EZVPN1 key secret mode network-extension peer X.X.X.X username EZVPN_USER password secret xauth userid mode local -Define your inside and outside interfaces. Here I have used Fe4 as the outside interface and assigned the EZVPN profile to it. I used interface Vlan2 as my inside interface. interface FastEthernet4 ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto crypto ipsec client ezvpn EZVPN interface Vlan2 ip address 10.3.201.1 255.255.255.0
ip nat inside ip virtual-reassembly in crypto ipsec client ezvpn EZVPN inside -Lastly for use with split tunnel, I’ve added this statement in to ensure the users on the client side is able to reach the internet without going through the tunnel. You don’t need this line for the VPN to work. ip nat inside source list NAT_ACL interface FastEthernet4 overload ip access-list extended NAT_ACL permit ip 10.2.201.0 0.0.0.255 any More Related Cisco Network Tips: Create IPv6 LAN-to-LAN VPN Tunnel on Cisco ASAs Cisco ASA IPS Module Configuration Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Recomendados

VPN client to site tren GNS3
VPN client to site tren GNS3VPN client to site tren GNS3
VPN client to site tren GNS3Khỉ Lùn
 
Vpn Site-to-site trên Cisco
Vpn Site-to-site trên CiscoVpn Site-to-site trên Cisco
Vpn Site-to-site trên CiscoTài Bùi
 
Vpn : client to site và vpn site to site
Vpn : client to site và vpn site to siteVpn : client to site và vpn site to site
Vpn : client to site và vpn site to siteKhỉ Lùn
 
Anninhmang
AnninhmangAnninhmang
Anninhmangviethoa1
 
Easy vpn
Easy vpnEasy vpn
Easy vpnHồ Đắc Biên
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 

Recomendados

VPN client to site tren GNS3
VPN client to site tren GNS3VPN client to site tren GNS3
VPN client to site tren GNS3Khỉ Lùn
 
Vpn Site-to-site trên Cisco
Vpn Site-to-site trên CiscoVpn Site-to-site trên Cisco
Vpn Site-to-site trên CiscoTài Bùi
 
Vpn : client to site và vpn site to site
Vpn : client to site và vpn site to siteVpn : client to site và vpn site to site
Vpn : client to site và vpn site to siteKhỉ Lùn
 
Anninhmang
AnninhmangAnninhmang
Anninhmangviethoa1
 
Easy vpn
Easy vpnEasy vpn
Easy vpnHồ Đắc Biên
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & consIT Tech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Más contenido relacionado

Más de IT Tech

Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & consIT Tech
 

Más de IT Tech (20)

Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngips
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & cons
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Cisco ez vpn easy vpn

  • 1. Cisco EzVPN – EASY VPN A Cisco EZVPN client is basically hardware VPN client that is always ON. It helps simplify deployment of branch locations where their public IP is handed out by a DHCP server and constantly changes. Today I’m setting up a Cisco EzVPN (Easy VPN) between a Cisco ASA5505 and a Cisco 800 Series IOS router in NEM – Network extension mode. The Cisco ASA will be acting as the VPN server and the Cisco router will be the client. EzVPN NEM –Network Extension Mode With NEM, you will be able to reach IPs on the client side of the tunnel from the server where was in CLIENT mode, all traffic is PAT from the client router, thus you will only be able to initiate traffic from the client side. Below is the network diagram I’m using to display my setup. Devices on either end of the tunnel will be able to reach each other bidirectionally. ie. the desktop should be able to ping the laptop and the laptop should also be able to ping the desktop. Cisco ASA EzVPN Server end configuration on ASA OS 8.3+ - First define the client subnet you want to reach using a network object. This is the IP subnet range on the client side. You can then use this object to define your encryption traffic as shown below in the static NAT statement. object network NAT0_EZVPN1 subnet 10.3.201.0 255.255.255.0 nat (INSIDE,OUTSIDE) source static any any destination static NAT0_EZVPN1 NAT0_EZVPN1 route-lookup Next setup the PHASE 1 encryption parameters. crypto ikev1 enable OUTSIDE crypto ikev1 policy 9 authentication pre-share encryption aes-256 hash sha group 2
  • 2. lifetime 86400 Then setup your Phase 2 parameters and apply it to the interface. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto dynamic-map OUTSIDE_CRYPTO_DYNAMAP 65535 set ikev1 transform-set ESP-AES-256-SHA crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic OUTSIDE_CRYPTO_DYNAMAP Setup a split tunnel access-list in order to define traffic that will be routed over from the client side. This access-list will be pushed out to the client upon establishment of the VPN tunnel. access-list EZVPN_SPLIT_TUNNEL standard permit 10.0.0.0 255.240.0.0 Next you will need to define a group policy for the client. All these settings will be pushed out to the client upon connectivity to the VPN. Make note of the NEM enable option on the last line, as this will enable the Network Extension mode option. Also, you will need the password-storage enable option to allow the client username to be stored on the device. Otherwise you will be prompted to enter the username and password each time you establish the tunnel. group-policy EZVPN1 internal group-policy EZVPN1 attributes dns-server value 10.3.128.7 10.1.0.92 vpn-tunnel-protocol ikev1 ikev2 password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value EZVPN_SPLIT_TUNNEL default-domain value domain.local secure-unit-authentication disable user-authentication disable nem enable Create a username that you will be using on the client to connect to the server. Like the software VPN, this is the user credentials supplied for additional authentication. username EZVPN_USER password /n7KO5aHcX87RASZ encrypted Apply the group policy settings in a tunnel-group. This is where you enter the preshared key for your phase 1 authentication. tunnel-group EZVPN1 type remote-access tunnel-group EZVPN1 general-attributes default-group-policy EZVPN1 tunnel-group EZVPN1 ipsec-attributes ikev1 pre-shared-key secret
  • 3. Cisco IOS Router EzVPN configuration - First setup a DHCP server on the router to assign an IP to the laptop. You can ignore this part of the setting if you wish to assign your IPs statically. ip dhcp pool LAPTOP import all host 10.3.201.2 255.255.255.248 client-identifier 01f0.def1.836d.2d option 150 ip 10.1.0.192 domain-name domain.local default-router 10.3.201.1 dns-server 10.3.128.7 8.8.8.8 4.2.2.2 - Set the domain and the DNS server settings on your router. This may be useful if you are going to use DNS names to reach your VPN server. ip domain name domain.local ip name-server 8.8.8.8 ip name-server 4.2.2.2 -Configure the Phase 1 parameters on the client end. This is where you specify the pre-shared key along with the NEM option, and the username and password used in the extended authentication. crypto isakmp key secret hostname CISCOASA crypto isakmp keepalive 10 periodic crypto ipsec client ezvpn EZVPN connect auto group EZVPN1 key secret mode network-extension peer X.X.X.X username EZVPN_USER password secret xauth userid mode local -Define your inside and outside interfaces. Here I have used Fe4 as the outside interface and assigned the EZVPN profile to it. I used interface Vlan2 as my inside interface. interface FastEthernet4 ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto crypto ipsec client ezvpn EZVPN interface Vlan2 ip address 10.3.201.1 255.255.255.0
  • 4. ip nat inside ip virtual-reassembly in crypto ipsec client ezvpn EZVPN inside -Lastly for use with split tunnel, I’ve added this statement in to ensure the users on the client side is able to reach the internet without going through the tunnel. You don’t need this line for the VPN to work. ip nat inside source list NAT_ACL interface FastEthernet4 overload ip access-list extended NAT_ACL permit ip 10.2.201.0 0.0.0.255 any More Related Cisco Network Tips: Create IPv6 LAN-to-LAN VPN Tunnel on Cisco ASAs Cisco ASA IPS Module Configuration Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel