Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Published byLogan Jennings Modified over 8 years ago

Similar presentations

Presentation on theme: "Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside."— Presentation transcript:

1

2

3

4

5

6

7

8

9

10

11 Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside IP tunnels Creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork Uses IP for transport Uses an additional header to support any other OSI Layer 3 protocol as payload (for example, IP, IPX, AppleTalk)‏

12 GRE over IPsec Encapsulation  GRE encapsulates an arbitrary payload.  IPsec encapsulates unicast IP packet (GRE): Tunnel mode (default): IPsec creates a new tunnel IP packet Transport mode: IPsec reuses the IP header of the GRE (20 bytes less overhead than tunnel mode)‏

13 Module 3 – Lesson 4 Configuring IPsec VPN using SDM

14 Configuring GRE over IPsec Site-to-Site Tunnel Using SDM 5. 6. 2. 1. 3.4.

15 IKE Proposals  You can now use a predefined IKE policy, or click the Add button and enter the required information to create a custom IKE policy: You can also modify the existing policies by selecting an individual policy and clicking the Edit button  When adding or editing an IKE policy, define the required parameters that appear in the Add IKE Policy window –IKE proposal priority –Encryption algorithm (most commonly 3DES or AES; Software Encryption Algorithm [SEAL] can also be used to improve crypto performance on routers that do not have hardware IPsec accelerators; DES is no longer advised)‏ –HMAC (SHA-1 or MD5)‏ –Authentication method (pre-shared key or digital certificates)‏ –DH group (1, 2, or 5)‏ –IKE lifetime –When you finish adding or editing IKE proposals, click Next button on the IKE proposals window to proceed to next task

16 IKE Proposals

17 Creating a Custom IKE Policy Define all IKE policy parameters: Priority Encryption algorithm: DES, 3DES, or AES HMAC: SHA-1 or MD5 Authentication method: preshared secrets or digital certificates Diffie-Hellman group: 1, 2, or 5 IKE lifetime

18 VPN Configuration Page 2. 1. 3. Wizards for IPsec solutions Individual IPsec components

19 Configuring the Transform Set 1. 2. 3.

20 Test Tunnel Configuration and Operation 1. 2. 4. 6. 3. 5.

21 Test Results 7.

22 Testing and Monitoring GRE Tunnel Configuration show crypto isakmp sa router#  To display all current IKE SAs, use the show crypto isakmp sa command in EXEC mode. QM_IDLE status indicates an active IKE SA show crypto ipsec sa router#  To display the settings used by current SAs, use the show crypto ipsec sa command in EXEC mode. Non-zero encryption and decryption statistics can indicate a working set of IPsec SA show interfaces router#  Use the show interfaces command to display statistics for all interfaces that are configured on the router, including the tunnel interfaces

23 Troubleshooting GRE Tunnel Configuration debug crypto isakmp router# Debugs IKE communication Advanced troubleshooting can be performed using the Cisco IOS CLI Troubleshooting requires knowledge of Cisco IOS CLI commands

24 Module 3 – Lesson 7 An Introduction to Cisco Easy VPN

25 Small or Medium Business Deployment Mobile Worker With VPN Software Client On Laptop Teleworker With DSL Or Cable Modem & Cisco 806 or uBR900 With Easy VPN Remote Support Nontechnical Users Can Use CRWS GUI To Set Up Easy VPNs Internet Remote Office With Cisco 800 or Cisco 1700 Series Router With Easy VPN Remote Support Company Main Site Cisco 1700, Cisco 2600 Or Cisco 3600 Series Router With Support To Terminate Cisco VPN Clients VPN Tunnels

26 Easy VPN Server and Easy VPN Remote Operation Step 1The VPN client initiates the IKE Phase 1 process Step 2The VPN client establishes an ISAKMP SA Step 3The Easy VPN Server accepts the SA proposal Step 4The Easy VPN Server initiates a username and password challenge Step 5The mode configuration process is initiated Step 6The RRI process is initiated Step 7IPsec quick mode completes the connection

27 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 27 Module 3 – Lesson 9 Implementing the Cisco VPN Client

28 Cisco VPN Client Configuration Tasks 1.Install Cisco VPN Client 2.Create a new client connection entry 3.Configure the client authentication properties 4.Configure transparent tunneling 5.Enable and add backup servers 6.Configure a connection to the Internet through dialup networking

29 Create a New Client Connection Entry—Main Window (Task 2)‏ 2. 1. VPN Client Main Window

30 DPD Configuration Example Router will first try primary peer. If primary peer is not available or becomes unavailable (DPD failure detection), the router tries backup peers in order as listed in the crypto map.

31 HSRP for Default Gateway at Remote Site All remote devices use virtual IP as the default gateway. The backup router is only used when the primary router is down.

32 HSRP for Head-End IPsec Routers Remote sites peer with virtual IP address (HSRP) of the head-end. RRI or HSRP can be used on the inside interface to ensure a proper return path.

33 Using an IPsec VPN to Back Up a WAN Connection IGP used to detect PVC failures Reroute to GRE over IPsec tunnel Example Using GRE over IPsec

34

Download ppt "Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside."

Similar presentations

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
Kapitel 7: Securing Site-to-Site Connectivity

Kapitel 7: Securing Site-to-Site Connectivity
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

Similar presentations

Ads by Google