Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Task 1: Prepare to Configure VPN Support

Task 1: Prepare to Configure VPN Support

Feb 10,2010 by alperen

small font medium font large font
image

This task consists of several steps to determine IKE and IPSec policies, ensure the network works before encryption, and ensure the PIX Firewall can support IPSec. Successful implementation of an IPSec network requires advance preparation before beginning configuration of individual devices.

Configuring IPSec encryption can be complicated and, at times, confusing. To reduce both, it’s essential to plan ahead. If you get in a hurry, this can only lead to lost time and frustration. Because this process was defined in detail in Chapter 10, it won’t be repeated here. Follow these basic planning steps:

Step 1.1: Determine IKE (IKE Phase one) policy to be used between IPSec peers, including whether to use preshared keys or CAs.

Step 1.2: Determine IPSec (IKE Phase two) policy, including the IPSec peer details, such as IP addresses and IPSec modes to be used when configuring the crypto maps.

Step 1.3: Check the current configuration to see if IPSec is currently being used on the devices. Use the write terminal, show isakmp [policy], show crypto map, and other show commands covered later in this chapter.

Step 1.4: Verify the network works without encryption. Verify basic connectivity among all devices with the ping command.


 Note 

All Cisco documentation includes this step, but it seems this should be Step 1. Without basic connectivity, the rest is just spinning your wheels. Consider it in “real world” implementations.

Step 1.5: Make sure any access lists are compatible with IPSec. Verify perimeter routers and the PIX Firewall outside interfaces permit IPSec traffic. Implicitly permit IPSec packets to bypass PIX Firewall access lists and conduits. Use the show access-lists command.


 Note 

As you learned in the VPN chapters, there might only be four or five major tasks, but each task can have a similar number of steps. To make this easier to track, we’ll again use a decimal notation to link tasks, steps, and substeps. For example, Step 1.5 indicates Task 1 Step 5. If Step 1.5 had multiple parts, they would be noted by a second decimal (Step 1.5.3).


194 times read

Related news
» Cisco IOS IPSec for Preshared Keys Review
by alperen posted on Sep 29,2009
» Task 1 Prepare for IKE and IPSec
by alperen posted on Sep 27,2009
» Cisco IOS IPSec Certificate Authority Support Review
by alperen posted on Oct 02,2009
» Configure IPSec Encryption Tasks
by alperen posted on Sep 27,2009
» Task 3 Configure IPSec
by alperen posted on Sep 27,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.