Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: MINIMUM SECURE configuration (baseline) -ipsec vpn

Firewall baseline configuration 4 years 2 months ago #38657

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
Skylimit,

You're very much welcome.
Regarding your questions, the 'Crypto MAP' is necessary for the VPN to be created. If you do not use the 'Crypto MAP', you cannot create a VPN.

The 'Crypto ACL' is the access list that defines what traffic will be passed inside the VPN.

As you can understand, you first create the VPN using the 'Crypto MAP' command and then specify the traffic to be sent inside the VPN using the Crypto ACLs.

If you don't use the Crypto ACL, all traffic will then be sent via the Internet and dropped at the ISP. The same thing will occur if you do not use the Crypto MAP configuration parameter.

Things to check in an IP Sec VPN:
- The IPSEC Transformation set should use hee highest possible encryption (not shown in the example)
- Ensure the Crypto ACL defines on the necessary traffic to be tunneled to the other side
- Ensure you use different ISAKMP key for every remote router
- Ensure no one has access to the routers as they will be able to view all password keys etc.
- Configure the highst possible encryption for isakmp - phase one (encr, hash etc)

I can't think of anything else at the moment, but if someone would like to add something, please feel free to do so.

Please let me know if you require any additional clarification or information.

Many thanks,

Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
  • Page:
  • 1
  • 2
Time to create page: 0.101 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup