SlideShare una empresa de Scribd logo

Get vpn multicast for CCIE Security

Descargar como PPTX, PDF
Dhruv Sharma
Dhruv Sharma

This document will guide you on how to setup GET VPN using multicast mechanism over your network. This will come handy for all CCIE Security aspirants.

Educación
1 de 22
GET VPN -Multicast Dhruv Sharma 6/30/2021
Introduction In this session we will review below points: • Building blocks in setting up GETVPN for Multicast • Review the implementation steps on KS and Group members • Lab fun 6/30/2021
Network Topology 6/30/2021
Introduction • In Ipsec VPN where new IP Address were added along with the outer header as shown below, in tunnel mode. • With GET VPN it ensure the private address is preserved. Which makes GET VPN, usable only on the private LAN. We cannot use Transport Mode as it might cause fragmentation errors. 6/30/2021
Introduction • Two Types of Keys: • KEK ( Key Encryption Key) • TEK (Traffic Encryption Key) • When the lifetime expires, we can configure our VPN to send rekey messages in either unicast ( with acknowledgement) or multicast mode ( no acknowledgement). 6/30/2021
• KS setup 6/30/2021
KS configuration – Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec transform-set ra-set esp-aes esp-sha-hmac mode tunnel ! ip access-list extended babi permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 ! crypto ipsec profile key1-profile set transform-set ra-set 6/30/2021
KS configuration – step 2 • Multicast configuration ! ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.1 255.0.0.0 ip pim dense-mode negotiation auto ! ip access-list extended multi permit ip host 11.11.11.1 host 239.1.1.1 ! 6/30/2021
KS configuration – step 3 • GDOI Configuration ! crypto gdoi group dhruv identity number 123 server local rekey address ipv4 multi rekey authentication mypubkey rsa rsa-keys sa ipsec 10 profile key1-profile match address ipv4 babi replay counter window-size 64 no tag address ipv4 11.11.11.1 6/30/2021 Crypto key generate rsa lablel rsa-keys mod 1024
• ISP setup 6/30/2021
ISP Configuration • ISP Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet2 ip address 12.12.12.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet3 ip address 13.13.13.100 255.0.0.0 ip pim dense-mode negotiation auto ! 6/30/2021
• GM setup 6/30/2021
GM Configuration Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 11.11.11.1 ! crypto ipsec transform-set cow-set esp-aes esp-sha-hmac mode tunnel ! 6/30/2021
GM Configuration Step 2 • Multicast Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 12.12.12.1 255.0.0.0 ip pim dense-mode ip igmp join-group 239.1.1.1 negotiation auto ! 6/30/2021
GM Configuration Step 3 • GDOI Configuration ! crypto gdoi group gm1 identity number 123 server address ipv4 11.11.11.1 crypto map crypto 10 gdoi set group gm1 ! interface GigabitEthernet1 crypto map crypto 6/30/2021
• Testing 6/30/2021
Testing • Ping Test 6/30/2021
Testing • Gdoi group status 6/30/2021
Testing • VPN status 6/30/2021
Testing 6/30/2021
• Lab Configure 6/30/2021
6/30/2021

Recomendados

Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
CCNA Inter VLAN Routing
CCNA Inter VLAN RoutingCCNA Inter VLAN Routing
CCNA Inter VLAN Routing
Networkel
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricks
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
CCNA Routing Basics
CCNA Routing BasicsCCNA Routing Basics
CCNA Routing Basics
Networkel
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
NetProtocol Xpert
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
Networkel
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
Kazunori Takeuchi
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 

Recomendados

Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
CCNA Inter VLAN Routing
CCNA Inter VLAN RoutingCCNA Inter VLAN Routing
CCNA Inter VLAN Routing
Networkel
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricks
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
CCNA Routing Basics
CCNA Routing BasicsCCNA Routing Basics
CCNA Routing Basics
Networkel
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
NetProtocol Xpert
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
Networkel
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
Kazunori Takeuchi
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
Romana Project
 
Networking in the cloud
Networking in the cloudNetworking in the cloud
Networking in the cloud
Cliff Chao-kuan Lu
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Liz Warner
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
Networkel
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
TommyBtown
 
Nexus 1000 v access guide
Nexus 1000 v access guideNexus 1000 v access guide
Nexus 1000 v access guide
networkershome
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
NetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
NetProtocol Xpert
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
Iuwne10 S02 L07
Iuwne10 S02 L07Iuwne10 S02 L07
Iuwne10 S02 L07
Ravi Ranjan
 
NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .
networkershome
 
Configuracao de switch
Configuracao de switchConfiguracao de switch
Configuracao de switch
Douglas Santiago
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 
IP anycasting
IP anycasting IP anycasting
IP anycasting
Bangladesh Network Operators Group
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
Andrew Dampf
 
Class 3
Class 3Class 3
Class 3
mozaharulhoq
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Ftp configuration in cisco packet tracer
Ftp configuration in cisco packet tracerFtp configuration in cisco packet tracer
Ftp configuration in cisco packet tracer
Arjun Das
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)
Suraj Kumar
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
IT Tech
 

Más contenido relacionado

La actualidad más candente

Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Liz Warner
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
TommyBtown
 

La actualidad más candente (20)

Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
 
Networking in the cloud
Networking in the cloudNetworking in the cloud
Networking in the cloud
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
 
Nexus 1000 v access guide
Nexus 1000 v access guideNexus 1000 v access guide
Nexus 1000 v access guide
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
 
Iuwne10 S02 L07
Iuwne10 S02 L07Iuwne10 S02 L07
Iuwne10 S02 L07
 
NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .NETWORKERS HOME Cisco UCS PPT .
NETWORKERS HOME Cisco UCS PPT .
 
Configuracao de switch
Configuracao de switchConfiguracao de switch
Configuracao de switch
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 
IP anycasting
IP anycasting IP anycasting
IP anycasting
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
 
Class 3
Class 3Class 3
Class 3
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
 
Ftp configuration in cisco packet tracer
Ftp configuration in cisco packet tracerFtp configuration in cisco packet tracer
Ftp configuration in cisco packet tracer
 

Similar a Get vpn multicast for CCIE Security

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
Tariq Sheikh
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713
John Yu
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
LinuxCon ContainerCon CloudOpen China
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
ali raza
 

Similar a Get vpn multicast for CCIE Security (20)

Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713
 
Implementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case studyImplementation of DNS Anycast - a case study
Implementation of DNS Anycast - a case study
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
 
Day 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulationDay 18 2 serial point to-point encapsulation
Day 18 2 serial point to-point encapsulation
 
Vpn
VpnVpn
Vpn
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 
GeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutionsGeoVision : CCTV Solutions : Multicast solutions
GeoVision : CCTV Solutions : Multicast solutions
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
 

Más de Dhruv Sharma

Más de Dhruv Sharma (17)

RAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptxRAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptx
 
Load Balance with NSX-T.pptx
Load Balance with NSX-T.pptxLoad Balance with NSX-T.pptx
Load Balance with NSX-T.pptx
 
NSX_Troubleshooting.pptx
NSX_Troubleshooting.pptxNSX_Troubleshooting.pptx
NSX_Troubleshooting.pptx
 
ASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptxASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptx
 
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
 
Routebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptxRoutebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptx
 
Ansible Network Automation session1
Ansible Network Automation session1Ansible Network Automation session1
Ansible Network Automation session1
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
 
Route tags with OSPF
Route tags with OSPFRoute tags with OSPF
Route tags with OSPF
 
Aci vmware integration_youtube
Aci vmware integration_youtubeAci vmware integration_youtube
Aci vmware integration_youtube
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
 
Unquoted service path exploitation
Unquoted service path exploitationUnquoted service path exploitation
Unquoted service path exploitation
 
Getting started kali linux
Getting started kali linuxGetting started kali linux
Getting started kali linux
 

Último

Último (20)

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

Get vpn multicast for CCIE Security

  • 1. GET VPN -Multicast Dhruv Sharma 6/30/2021
  • 2. Introduction In this session we will review below points: • Building blocks in setting up GETVPN for Multicast • Review the implementation steps on KS and Group members • Lab fun 6/30/2021
  • 4. Introduction • In Ipsec VPN where new IP Address were added along with the outer header as shown below, in tunnel mode. • With GET VPN it ensure the private address is preserved. Which makes GET VPN, usable only on the private LAN. We cannot use Transport Mode as it might cause fragmentation errors. 6/30/2021
  • 5. Introduction • Two Types of Keys: • KEK ( Key Encryption Key) • TEK (Traffic Encryption Key) • When the lifetime expires, we can configure our VPN to send rekey messages in either unicast ( with acknowledgement) or multicast mode ( no acknowledgement). 6/30/2021
  • 7. KS configuration – Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec transform-set ra-set esp-aes esp-sha-hmac mode tunnel ! ip access-list extended babi permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 ! crypto ipsec profile key1-profile set transform-set ra-set 6/30/2021
  • 8. KS configuration – step 2 • Multicast configuration ! ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.1 255.0.0.0 ip pim dense-mode negotiation auto ! ip access-list extended multi permit ip host 11.11.11.1 host 239.1.1.1 ! 6/30/2021
  • 9. KS configuration – step 3 • GDOI Configuration ! crypto gdoi group dhruv identity number 123 server local rekey address ipv4 multi rekey authentication mypubkey rsa rsa-keys sa ipsec 10 profile key1-profile match address ipv4 babi replay counter window-size 64 no tag address ipv4 11.11.11.1 6/30/2021 Crypto key generate rsa lablel rsa-keys mod 1024
  • 11. ISP Configuration • ISP Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 11.11.11.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet2 ip address 12.12.12.100 255.0.0.0 ip pim dense-mode negotiation auto ! interface GigabitEthernet3 ip address 13.13.13.100 255.0.0.0 ip pim dense-mode negotiation auto ! 6/30/2021
  • 13. GM Configuration Step 1 • VPN Configuration crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 11.11.11.1 ! crypto ipsec transform-set cow-set esp-aes esp-sha-hmac mode tunnel ! 6/30/2021
  • 14. GM Configuration Step 2 • Multicast Configuration ip multicast-routing distributed ! interface GigabitEthernet1 ip address 12.12.12.1 255.0.0.0 ip pim dense-mode ip igmp join-group 239.1.1.1 negotiation auto ! 6/30/2021
  • 15. GM Configuration Step 3 • GDOI Configuration ! crypto gdoi group gm1 identity number 123 server address ipv4 11.11.11.1 crypto map crypto 10 gdoi set group gm1 ! interface GigabitEthernet1 crypto map crypto 6/30/2021
  • 18. Testing • Gdoi group status 6/30/2021