1
00:00:00,480 --> 00:00:02,480
Hello and welcome to this lecture.

2
00:00:02,490 --> 00:00:07,560
So in this lecture we start the configuration of the headquarter or HQ for the great firewall.

3
00:00:08,190 --> 00:00:09,540
So let's see how we do it.

4
00:00:10,680 --> 00:00:14,730
Let's go now to the graphical user interface.

5
00:00:14,970 --> 00:00:19,970
So 172 the sixteen one hundred that one let's log in admin.

6
00:00:19,980 --> 00:00:22,590
No password so enter.

7
00:00:22,780 --> 00:00:25,750
I will change the password later.

8
00:00:25,750 --> 00:00:36,170
And anyway remind later so here it is now on the left side you have the menu of the user interface and

9
00:00:36,170 --> 00:00:46,680
we will go to VPN and let's go now to IP SEC Weezer just click on IP SEC Weezer and now we have to create

10
00:00:46,740 --> 00:00:47,340
the tunnel.

11
00:00:47,370 --> 00:00:53,430
So there are some templates available template type side to side remote access or custom if you want

12
00:00:53,430 --> 00:00:54,900
to define your own.

13
00:00:55,350 --> 00:01:03,210
And let's look what's available so I be tunnel template side to side so too for the Gates side to side

14
00:01:03,240 --> 00:01:08,080
with the Cisco dial up with a 40 gauge dial up with the Cisco firewall.

15
00:01:08,100 --> 00:01:09,300
Now in this case.

16
00:01:09,300 --> 00:01:16,970
So IP SEC IP SEC wizard in this case we are configuring a side to side and remote device type.

17
00:01:16,980 --> 00:01:18,090
It's a 48.

18
00:01:18,120 --> 00:01:21,570
So the default the default options are the ones that we need.

19
00:01:22,590 --> 00:01:25,220
So let's say here what's the VPN.

20
00:01:25,230 --> 00:01:26,400
What the VPN name.

21
00:01:26,400 --> 00:01:28,310
We will name it.

22
00:01:28,350 --> 00:01:29,160
We'll name it.

23
00:01:29,160 --> 00:01:30,240
What we'll name it.

24
00:01:30,240 --> 00:01:44,770
Branch let's say branch one for the gate too many letters branch one it's enough No not between sites

25
00:01:44,800 --> 00:01:51,700
because we have a direct connection like you see here on the right they are directly connected kind

26
00:01:51,700 --> 00:01:55,990
of directly connected but through the Internet no netting devices in between.

27
00:01:56,140 --> 00:01:57,410
So no net.

28
00:01:57,550 --> 00:02:03,420
Now let's click Next so here is what the configuration guide is asking for us.

29
00:02:03,480 --> 00:02:08,670
So the remote device IP address is and we have to provide it here.

30
00:02:08,820 --> 00:02:13,340
So it's ninety nineteen ninety and ninety dollars.

31
00:02:13,530 --> 00:02:21,090
Let's fill that in so 90 that 90 that 90 that the 90.

32
00:02:21,110 --> 00:02:21,800
You know what.

33
00:02:21,800 --> 00:02:27,120
This is one thing that I have told you but we haven't yet tested it.

34
00:02:27,170 --> 00:02:33,170
So before going through the configuration we should first we should first see that we have connectivity

35
00:02:33,200 --> 00:02:35,340
between the two to 48.

36
00:02:35,390 --> 00:02:46,050
So let's go to let's say that HQ 48 and I'll now want to ping so how do we do that.

37
00:02:46,110 --> 00:02:57,850
Let's say again let's say at mean and now we say execute execute ping and let's try to ping the other

38
00:02:57,860 --> 00:03:00,730
rental 90 that 90 that 90 not 90.

39
00:03:01,760 --> 00:03:07,780
Ok so now that the ping is successful we can continue with the with the configuration.

40
00:03:08,310 --> 00:03:13,980
So basically we're trying to make sure that nothing in between will provide any trouble.

41
00:03:13,980 --> 00:03:20,190
So that's the idea of making sure that connectivity is good before going on with with a configuration

42
00:03:20,190 --> 00:03:21,980
or advanced configuration.

43
00:03:21,990 --> 00:03:29,400
Now the authentication method is pressured key so signature meaning configuration using certificate.

44
00:03:29,510 --> 00:03:33,720
We're doing a basic site to site VPN so we'll use pressure key.

45
00:03:33,720 --> 00:03:41,860
Now the pressure key let's say it's fortunate and now we have to just click next now policy routing

46
00:03:41,920 --> 00:03:43,900
the local interface.

47
00:03:43,900 --> 00:03:48,370
So what's the local the local land IP address.

48
00:03:48,460 --> 00:03:55,600
So 1 9 2 1 6 8 1 that one so port number two and this is the local subnet 1 and 2 1 6 8 1 1.

49
00:03:56,230 --> 00:04:04,200
Now in the remote subnet we have to provide the remote lan subnets of 1 9 2 1 6 8 2 0 slash 24.

50
00:04:04,240 --> 00:04:11,430
Basically the traffic between these two subnets 1 9 2 1 6 8 1 0 in 2002 will be inserted in the tunnel.

51
00:04:11,440 --> 00:04:19,060
So this is where the this is where the VPN tunnel or the VPN wizard configuration knows exactly what

52
00:04:19,060 --> 00:04:22,890
traffic will be included and encrypted in the tunnel.

53
00:04:22,900 --> 00:04:28,210
So now we just have to play to click on Create and let's see.

54
00:04:28,270 --> 00:04:30,970
So VPN set up authentication policy writing this is done.

55
00:04:30,970 --> 00:04:36,980
The VPN has been setup for Phase 1 interface branch one local address branch one local.

56
00:04:37,000 --> 00:04:44,770
This is these are objects that have been defined in the 48 VM Phase 2 interface called also branch 1

57
00:04:45,220 --> 00:04:48,000
and some other configuration that has been added.

58
00:04:48,040 --> 00:04:56,460
Now I can say show tunnel list and we're going in this in this menu IP SEC tunnels and the status now

59
00:04:56,500 --> 00:05:02,610
it's inactive and it's obviously inactive because we haven't yet configured the IP tunnel on the other

60
00:05:02,610 --> 00:05:02,820
end.

61
00:05:02,850 --> 00:05:10,660
So on the branch if I now select it and click edit just for your reference we don't know by looking

62
00:05:10,660 --> 00:05:15,100
at this configuration what exactly included in Phase 1 and Phase 2.

63
00:05:15,100 --> 00:05:19,430
And if you want to know what this configuration in the template.

64
00:05:19,450 --> 00:05:21,490
Again this is a pre configured template.

65
00:05:21,490 --> 00:05:27,970
You'll you'll find it in the in the 40 get VM you will have to click on convert custom tunnel and now

66
00:05:27,970 --> 00:05:35,190
we can go and click on edit and see and also change the options that have been have been chosen.

67
00:05:35,610 --> 00:05:44,140
So for Phase 1 if I click on add it is going to use does and authentication and B5 and also another

68
00:05:44,200 --> 00:05:46,110
another essay proposal.

69
00:05:46,120 --> 00:05:53,910
So security association proposal does and show one division among groups 14 and five key lifetime and

70
00:05:53,910 --> 00:05:55,050
so on.

71
00:05:55,050 --> 00:06:02,370
So again not that the 48 firewall doesn't know Triple DES or a s or something like that but it's running

72
00:06:02,370 --> 00:06:08,010
in evaluation mode and these are the only option only options available here.

73
00:06:08,040 --> 00:06:09,820
The same for Phase 2.

74
00:06:09,870 --> 00:06:19,410
Now if I say edit so if I click on the pencil here basically is represented what's the local address

75
00:06:19,440 --> 00:06:24,470
and remote address meaning what traffic again will be encrypted or inserted in the tunnel.

76
00:06:24,990 --> 00:06:31,320
And if you also go into advanced you'll have the possibility like in Phase 1 to choose what's your encryption

77
00:06:31,380 --> 00:06:38,610
what's your authentication if you want to enable or not profess of perfect for secrecy by the way be

78
00:06:38,610 --> 00:06:45,300
a first means that after a period of time which in this case by default is for the four three two hundred

79
00:06:45,390 --> 00:06:53,000
seconds the the keys the keys used in the encryption and authentication will be changed.

80
00:06:53,010 --> 00:06:54,610
So new ones will be generated.

81
00:06:55,020 --> 00:06:56,610
That's what that's what peer means.

82
00:06:56,610 --> 00:06:58,470
It means using twice.

83
00:06:59,060 --> 00:07:05,730
So two times the keys and different keys but anyway we don't need to change anything here.

84
00:07:05,860 --> 00:07:11,080
It's just it's just that for your reference to understand more where do you go if you want to see the

85
00:07:11,380 --> 00:07:12,390
configuration applied.

86
00:07:12,790 --> 00:07:19,000
And what does what does the template mean to be more to be more precise.

87
00:07:19,000 --> 00:07:25,630
So anyway this is the configuration for the HQ 48 in the next lecture we will configure the branch location

88
00:07:25,660 --> 00:07:27,670
and see if the VPN comes up.

89
00:07:27,670 --> 00:07:28,420
Thanks a lot.