Overview. Route Based VPN Deployment with Cisco VPN Devices. In This Document:

Similar documents
Abstract. SZ; Reviewed: WCH 6/18/2003. Solution & Interoperability Test Lab Application Notes 2003 Avaya Inc. All Rights Reserved.

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

IPsec VPN Application Guide REV:

Packet Tracer Configuring VPNs (Optional)

Deploying IPSec VPN in the Enterprise

Configuring Tunnel Default Gateway on Cisco IOS EasyVPN/DMVPN Server to Route Tunneled Traffic

Configuring IPsec VPN Fragmentation and MTU

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION

Configure ISDN Backup and VPN Connection

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Virtual Private Network (VPN)

Lab Configure a PIX Firewall VPN

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

Point-to-Point GRE over IPsec Design and Implementation

Case Study for Layer 3 Authentication and Encryption

Lab 6.5.9b Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

OSPF Configuring Multi-Area OSPF

Cisco 1841 MyDigitalShield BYOG Integration Guide

LAN-Cell to Cisco Tunneling

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

How To Design An Ipsec Vpn Network Connection

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

VPN Configuration Guide. Cisco ASA 5500 Series

GregSowell.com. Mikrotik VPN

Case Studies. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study. Overview CHAPTER

Lab a Configure Remote Access Using Cisco Easy VPN

IPSec interoperability between Palo Alto firewalls and Cisco ASA. Tech Note PAN-OS 4.1. Revision A 2011, Palo Alto Networks, Inc.

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Firewall Troubleshooting

Cisco EXAM Implementing Cisco Secure Mobility Solutions (SIMOS) Buy Full Product.

VPNC Interoperability Profile

REMOTE ACCESS VPN NETWORK DIAGRAM

Link-State Routing Protocols

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Configuring a Leased Line

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Amazon Virtual Private Cloud. Network Administrator Guide API Version

How To Industrial Networking

7. Configuring IPSec VPNs

Quick Note 20. Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP)

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Triple DES Encryption for IPSec

Chapter 2 Lab 2-2, EIGRP Load Balancing

How To Configure A Cisco Router With A Cio Router

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring Remote Access IPSec VPNs

Interconnecting Cisco Networking Devices Part 2

Dynamic routing protocols over IPSec tunnels between Palo Alto Networks and Cisco routers

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Lab Configure Basic AP Security through IOS CLI

Industrial Classed H685 H820 Cellular Router User Manual for VPN setting

External Authentication with Cisco Router with VPN and Cisco EZVpn client Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

Application Notes SL1000/SL500 VPN with Cisco PIX 501

Route Based Virtual Private Network

Configuring SonicOS for Microsoft Azure

Using IPsec VPN to provide communication between offices

Lab Configure Remote Access Using Cisco Easy VPN

VPN SECURITY POLICIES

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

CCNA2 Chapter 11 Practice

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Configuring a Gateway of Last Resort Using IP Commands

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and SDM

Chapter 4 Virtual Private Networking

Layer 3 Routing User s Manual

TechNote. Configuring SonicOS for Amazon VPC

: Interconnecting Cisco Networking Devices Part 2 v1.1

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Network Security 2. Module 6 Configure Remote Access VPN

Configuring the PIX Firewall with PDM

Computer Networks Administration Help Manual Sana Saadaoui Jemai Oliver Wellnitz

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

CCIE R&S Lab Workbook Volume I Version 5.0

Module 6 Configure Remote Access VPN

How To Configure InterVLAN Routing on Layer 3 Switches

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

CCNA 2 v5.0 Routing Protocols Final Exam Answers

Scenario: IPsec Remote-Access VPN Configuration

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Introduction. Quick Configuration Guide (QCG) Configuring a VPN for Multiple Subnets in AOS

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Configuring a BANDIT Product for Virtual Private Networks

CCNP CISCO CERTIFIED NETWORK PROFESSIONAL LAB MANUAL

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Most Common DMVPN Troubleshooting Solutions

Transcription:

Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 In This Document: Overview Overview page 1 System and Installation Requirements page 2 Configuring VPN Tunnel page 2 Configuring VPN on a Cisco Router page 5 Testing a VPN tunnel establishment page 6 Configuring VPN Tunnel Interface (VTI) on VPN-1 module page 6 Configuring Tunnel Interface on Cisco router page 7 GRE over IPsec Configuration page 8 Testing VPN Connectivity Using VTIs page 9 Configuring Route Based VPN - Using Static Routes page 9 Configuring Route Based VPN - Using Dynamic Routing Protocols (OSPF) page 10 Configuration Verification and Connectivity Test page 12 Check that OSPF Adjacency is Established page 13 Final Connectivity Test page 13 This document describes a proper way of how to configure Route Based VPN between VPN-1 modules and interoperable Cisco devices that support IPsec, GRE and OSPF protocols. The document provides a step by step configuration flow, based on an example scenario of Check Point VPN-1 module and Cisco router (IOS 12.X - C2800 series). The main aspects covered in this example are: Establishing VPN (IPsec) tunnel between a VPN-1 module and an interoperable Cisco device (supporting GRE over IPsec) using a Simplified Policy. Creating a VPN Tunnel interface on a VPN-1 module (VTI). Copyright 2005 Check Point Software Technologies, Ltd. All rights reserved 1

System and Installation Requirements Creating tunnel interfaces on Cisco devices. Allow and configure GRE over IPsec support on VPN-1 and Cisco devices. Configure OSPF and establishing adjacency for VPN-1 and Cisco devices. Define Route Based VPN and provide connectivity. System and Installation Requirements The following components should be installed and configured: SPLAT Pro installed machines with a proper license. Check Point VPN-1 installed with internal and external interfaces defined. Cisco router. Clear text connectivity should be allowed and tested. Figure 1 Configuring VPN Tunnel 1. Enable VPN-1 module on all gateway objects. 2. In SmartDashboard, create an empty group. 3. In the Topology page of each gateway, define the VPN Domain as the empty encryption domain created in step 2. Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 2

Configuring VPN Tunnel Figure 2 4. Create an Interoperable device and configure it according to the Cisco router information (i.e., name IP addresses, etc.): Figure 3 5. On the Topology page of the Cisco device, click Add and enter the tunnel IP address information. This IP address is used in the Rule Base for security purposes and not related to connectivity. Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 3

Configuring VPN Tunnel Figure 4 6. Create a meshed community. In the Participating Gateways page, add the VPN-1 module(s) and Cisco object. Configure the required encryption methods and IKE authentication for the community. Note - In this example, define IKE authentication based on pre-shared secrets, however VPN-1 has full support of IKE PKI based on RSA digital signatures (certificates) with Interoperable devices. Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 4

Configuring VPN on a Cisco Router Figure 5 Figure 6 7. Create a rule in the security Rule Base which allows ICMP and OSPF services. Keep in mind that the VPN column should remain as Any Traffic. Additionally, there is no need to define Source and Destination. In this example, the focus is on the VPN dynamic routing, and not on creating a proper security Rule Base. Table 1 Sample Rule Source Destination VPN Service Action Track Any Any Any Traffic icmp accept Log ospf Note - VPN access control (VPN column), in Route Based VPN configurations, must be defined by "Directional VPN" only. Regular settings won't function and drop corresponding traffic. (For more information refer to the Directional VPN Enforcement chapter in the VPN User Guide). 8. Install the policy on the VPN-1 module. Configuring VPN on a Cisco Router Table 2 details the configuration for the Cisco device to establish basic VPN connectivity with the VPN-1 module: Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 5

Testing a VPN tunnel establishment Table 2 crypto isakmp policy 20 encr 3des authentication pre-share group 2 crypto isakmp key 123456 address 192.168.65.50 crypto isakmp peer address 192.168.65.50 crypto ipsec security-association lifetime seconds 120 crypto ipsec transform-set testset esp-3des esp-sha-hmac crypto map testmap 73 ipsec-isakmp set peer 192.168.65.50 set transform-set testset match address 141 interface FastEthernet0/0 ip address 10.10.120.10 255.255.255.0 speed 100 full-duplex crypto map testmap access-list 141 permit ip host 10.10.120.10 host 194.29.43.63 access-list 141 permit ip host 194.29.43.63 host 10.10.120.10 Testing a VPN tunnel establishment Check that a basic VPN tunnel is successfully established between the VPN-1 module and the Cisco device by performing an ICMP (ping) connectivity test. Using the SPLAT Pro command prompt on the VPN-1 module, ping an external interface of the Cisco device. The same should be done in the other direction. Ping an external interface of the VPN-1 module from the Cisco device. In SmartView Tracker, check that IKE key exchanges were completed without errors and failures and the ICMP traffic is encrypted and decrypted by the VPN-1 module. Check that proper logs are received by SmartTracker. Configuring VPN Tunnel Interface (VTI) on VPN-1 module For the detailed description of how to configure VTI using VPN SHELL command line interface, refer to the Route Based VPN chapter and VPN Shell appendix in the VPN User Guide. Using the VPN Shell, create a VTI attached to a Cisco interoperable device object, with local IP 22.22.22.1 and remote IP 22.22.22.2: Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 6

Configuring Tunnel Interface on Cisco router Table 3 vpn shell i a n 22.22.22.1 22.22.22.2 cisco Interface 'vt-cisco' was added successfully to the system [admin@gw_a ~]$ vpn shell i s d vt-cisco vt-cisco Type:numbered MTU:1500 inet addr:22.22.22.1 P-t-P:22.22.22.2 Mask:255.255.255.255 Peer:cisco Peer ID:10.10.120.10 Status:attached Confirm that the VTI was fetched and properly configured in the Topology page of the VPN-1 module. When this is confirmed, install the policy. Figure 7 Configuring Tunnel Interface on Cisco router Table 4 Create and configure a tunnel interface on the Cisco device with the settings in Table 4: interface Tunnel0 ip address 22.22.22.2 255.255.255.0 ip ospf network point-to-point ip ospf mtu-ignore tunnel source FastEthernet0/0 tunnel destination 192.168.65.50 Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 7

GRE over IPsec Configuration GRE over IPsec Configuration In SmartDashboard, 1. Navigate to the VPN > VPN Advanced page of the interoperable object (Cisco device). Figure 8 Table 5 Table 6 2. Select Custom settings > One VPN tunnel per Gateway pair. 3. In the drop down menu, select GRE on IPsec. 4. Install policy. 5. On the Cisco device, GRE encapsulation should be enabled by default. To confirm this, see Table 5. Cisco# show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 22.22.22.2/24 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 10.10.120.10 (FastEthernet0/0), destination 194.29.43.63 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled 6. Edit a current access-list on the Cisco device, which allows GRE traffic between two IPsec endpoints as shown in Table 6. access-list 141 permit gre host 10.10.120.10 host 192.168.65.50 access-list 141 permit gre host 192.168.65.50 host 10.10.120.10 Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 8

Testing VPN Connectivity Using VTIs Testing VPN Connectivity Using VTIs To confirm connectivity between the VPN-1 module and the Cisco device, proceed as follows: 1. On the VPN-1 module, ping the IP address of the Cisco device (22.22.22.2) from the command line. 2. On the Cisco device, ping the address of the VPN-1 module (22.22.22.1). Before proceeding to the next step: Check that pinging was successful when initiated from both sides. Check that proper logs of IKE successful negotiation and Encrypt/Decrypt are received within ICMP connection. See Encrypt/Decrypt log information and check that GRE is used. Configuring Route Based VPN - Using Static Routes To provide Route based VPN connectivity between the VPN-1 module and Cisco device, define static routes in the operating system, where a dedicated interface device should be a chosen VTI. Create a following static routes: On the VPN-1 module: route add -net 30.1.1.0 netmask 255.255.255.0 dev vt-cisco On the Cisco device: ip route 10.65.50.0 255.255.255.0 tunnel 0 Confirm that the static routes are defined in the operating system routing tables on the VPN-1 module: [admin@gw_a ~]$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 224.0.0.2 * 255.255.255.255 UHD 0 0 0 lo 22.22.22.2 * 255.255.255.255 UH 0 0 0 vt-cisco 22.22.22.1 localhost.local 255.255.255.255 UGH 0 0 0 lo 1.1.1.1 localhost.local 255.255.255.255 UGH 0 0 0 lo localhost.local * 255.255.255.255 UH 0 0 0 lo 30.1.1.0 * 255.255.255.0 U 0 0 0 vt-cisco 192.168.65.0 * 255.255.255.0 U 0 0 0 eth0 10.65.50.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0-255.0.0.0!D 0-0 - default 192.168.65.1 0.0.0.0 UG 0 0 0 eth0 Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 9

Configuring Route Based VPN - Using Dynamic Routing Protocols (OSPF) Confirm that the static routes are defined in the operating system routing tables on the Cisco device: show ip route Gateway of last resort is 10.10.120.1 to network 0.0.0.0 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Tunnel0 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.10.120.0/24 is directly connected, FastEthernet0/0 S 10.65.50.0/24 is directly connected, Tunnel0 30.0.0.0/24 is subnetted, 1 subnets C 30.1.1.0 is directly connected, FastEthernet0/1 S* 0.0.0.0/0 [1/0] via 10.10.120.1 Perform cross "ping" from one of the hosts allocated in internal networks behind the VPN-1 module and the Cisco device. For example, if the host IP address behind VPN-1 is 10.65.50.2, and host's IP behind Cisco is 30.1.1.2 - then establish a ping session from both hosts: VPN-1-host: ping 30.1.1.2 ; Cisco-host: ping 10.65.50.2 ICMP traffic to and from the VPN-1 gateways should be encrypted and decrypted properly and the correct logs should be received by SmartView Tracker. Configuring Route Based VPN - Using Dynamic Routing Protocols (OSPF) If static routes have been configured, which represent internal networks of both VPN peers, these routes are removed before beginning OSPF configuration. 1. On the VPN-1 module, verify that the operating system is equipped with SPLAT Pro license, which supports Advanced routing suite (dynamic routing daemon). 2. From the SPLAT Pro command prompt run one of the following commands to enter into the GateD CLI shell: router or cligated Follow the commands in Table 7 to configure OSPF on the VPN-1 module. Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 10

Configuring Route Based VPN - Using Dynamic Routing Protocols (OSPF) Table 7 [admin@gw_a ~]$ router localhost.localdomain>ena localhost.localdomain#conf t localhost.localdomain(config)#router ospf 1 localhost.localdomain(config-router-ospf)#router-id 192.168.65.50 localhost.localdomain(config-router-ospf)#network 22.22.22.2 0.0.0.0 area 0.0.0.0 localhost.localdomain(config-router-ospf)#redistribute kernel localhost.localdomain(config-router-ospf)#end Review the settings: localhost.localdomain#show running-config Building configuration... router ospf 1 router-id 192.168.65.50 network 22.22.22.2 0.0.0.0 area 0.0.0.0 redistribute kernel exit Check that VTI is OSPF related interface: localhost.localdomain#show ip route ospf Codes: C - connected, S - static, R - RIP, B - BGP, O - OSPF D - DVMRP, 3 - OSPF3, I - IS-IS, K - Kernel A - Aggregate localhost.localdomain#show ip ospf interface vt-cisco is up Internet Address 22.22.22.1, Area 0.0.0.0 Network Type Point-To-Point, Cost: 10 Transmit Delay is 1 sec, State Pt2Pt, Priority 1 No Designated Router on this network No Backup Designated Router on this network Timer intervals configured, Hello 10, Dead 40, Retransmit 5 Neighbor Count is 0 localhost.localdomain# Note - We have chosen redistribution policy - "kernel", to advertise kernel routes allocated in SPLAT Pro OS routing table. There are different policies supported by GateD dynamic routing daemon (for example, bgp, direct, ospf, rip, and static). Refer to additional documents, describing how to use all redistribute policy options. 3. Create a kernel (static) route in SPLAT Pro OS routing table which is considered as a VPN encryption domain and advertised via VTI towards the Cisco device. Table 8 illustrates how to redistribute specific range located behind a VPN-1 gateway: Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 11

Configuration Verification and Connectivity Test Table 8 [admin@gw_a ~]$ route add -net 10.65.50.0 netmask 255.255.255.128 gw 10.65.50.1 [admin@gw_a ~]$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 224.0.0.2 * 255.255.255.255 UHD 0 0 0 lo 22.22.22.2 * 255.255.255.255 UH 0 0 0 vt-cisco 22.22.22.1 localhost.local 255.255.255.255 UGH 0 0 0 lo 224.0.0.6 * 255.255.255.255 UHD 0 0 0 lo 224.0.0.5 * 255.255.255.255 UHD 0 0 0 lo 1.1.1.1 localhost.local 255.255.255.255 UGH 0 0 0 lo localhost.local * 255.255.255.255 UH 0 0 0 lo 10.65.50.0 10.65.50.1 255.255.255.128 UG 0 0 0 eth1 192.168.65.0 * 255.255.255.0 U 0 0 0 eth0 10.65.50.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0-255.0.0.0!D 0-0 - default 192.168.65.1 0.0.0.0 UG 0 0 0 eth0 In this example, the internal interface is 10.65.50.1 and has 24-bit, we created a route which has the same network 10.65.50.0, but with netmask of 25-bit. 4. On Cisco device, define the following settings: router ospf 1 router-id 10.10.120.10 log-adjacency-changes redistribute static subnets network 22.22.22.0 0.0.0.255 area 0.0.0.0 5. Create static routes, that point to a host located behind the Cisco device: ip route 30.1.1.2 255.255.255.255 FastEthernet0/1 Configuration Verification and Connectivity Test On the VPN-1 module, enter into the GateD CLI shell and check the OSPF settings: localhost.localdomain#show running-config Building configuration... router ospf 1 router-id 192.168.65.50 network 22.22.22.2 0.0.0.0 area 0.0.0.0 redistribute kernel exit localhost.localdomain# Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 12

Check that OSPF Adjacency is Established Check that OSPF Adjacency is Established On the Cisco device, confirm adjacency as follows: localhost.localdomain#show ip ospf neighbor Routing Process "ospf 1": Neighbor 10.10.120.10, interface address 22.22.22.2 In area 0.0.0.0 interface vt-cisco Neighbor priority is 1, state is Full 6 state changes DR is 0.0.0.0 BDR is 0.0.0.0 Options is 18 Dead timer is due in 36 seconds Cisco routes are shown on the VPN-1 module. Check that proper routes from the Cisco device are learned by the VPN-1 module and appear in the OS routing table via Cisco's VTI: localhost.localdomain#show ip route ospf Codes: C - connected, S - static, R - RIP, B - BGP, O - OSPF D - DVMRP, 3 - OSPF3, I - IS-IS, K - Kernel A - Aggregate 22.22.22.0/24 [11121/10] via 22.22.22.2, 00:12:41, vt-cisco 30.1.1.2/32 [10/150] via 22.22.22.2, 00:04:46, vt-cisco localhost.localdomain# On the Cisco device, check that adjacency and route injection have the same configuration: router ospf 1 router-id 10.10.120.10 log-adjacency-changes redistribute static subnets network 22.22.22.0 0.0.0.255 area 0.0.0.0 Final Connectivity Test Confirm that both the VPN-1 module and the Cisco device contain redistributed routes which function as additional encryption domains. VPN-1 module: O 30.1.1.2/32 10/150] via 22.22.22.2, 00:04:46, vt-cisco Cisco device: O E2 10.65.50.0/25 [110/1] via 22.22.22.1, 00:07:59, Tunnel0 Cisco#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.65.50 0 FULL/ - 00:00:36 22.22.22.1 Tunnel0 Check routing table: Cisco#show ip route ospf 10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks E2 10.65.50.0/25 [110/1] via 22.22.22.1, 00:07:59, Tunnel0 Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 13

Final Connectivity Test Perform ping tests between hosts located behind VPN-1 and Cisco devices. Connection should be successfully established within encryption and decryption of all traffic. Check that proper logs are received in SmartView Tracker. Route Based VPN Deployment with Cisco VPN Devices December 24, 2006 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information