1 00:00:00,360 --> 00:00:06,330 Hello and welcome to this lecture in this lecture we'll do some verification and check the results both 2 00:00:06,330 --> 00:00:10,440 on HQ and branch 48 firewalls. 3 00:00:10,530 --> 00:00:13,110 So let's log in now to. 4 00:00:13,140 --> 00:00:19,930 This is the branch 1 and click on later. 5 00:00:19,960 --> 00:00:21,250 Something wrong with the browser. 6 00:00:21,260 --> 00:00:37,190 I will just close it and open it up again so 172 16 one hundred one and 172 16 208 1. 7 00:00:38,020 --> 00:00:46,620 If I log in now to the user interface let's say later remind me later and I will do the same on the 8 00:00:46,620 --> 00:00:47,500 branch one. 9 00:00:47,610 --> 00:01:00,140 So admin log in and later and later let us examine now what was different or if anything happened here 10 00:01:00,140 --> 00:01:03,530 in the in the VPN in the VPN menu. 11 00:01:03,530 --> 00:01:05,340 So I be sick tunnels. 12 00:01:05,720 --> 00:01:10,400 We see that we have a tunnel so going to branch one through Port one. 13 00:01:10,430 --> 00:01:14,650 This is the template that has been used when configuring this site to site VPN. 14 00:01:14,930 --> 00:01:17,410 But we see that the status is inactive. 15 00:01:17,480 --> 00:01:18,950 Can you guess why. 16 00:01:19,010 --> 00:01:25,820 I mean if the configuration is correct probably we we should see here that the status is upright or 17 00:01:25,820 --> 00:01:27,940 something like enabled or I don't know. 18 00:01:28,040 --> 00:01:30,770 But anyway not inactive but probably active. 19 00:01:30,860 --> 00:01:39,380 So something something else still has to be has to be done in order for the VPN to to work to be functional. 20 00:01:39,380 --> 00:01:45,830 Now remember from the from the previous and the beginning lecture we said that the end goal of the VPN 21 00:01:46,310 --> 00:01:53,960 of the site to site VPN configuration is that we are able to ping from one LAN P.C. to the other lan 22 00:01:53,960 --> 00:01:57,040 P.C. as if they were directly connected. 23 00:01:57,200 --> 00:02:01,370 And when we configured both the HQ and the branch firewalls we said that. 24 00:02:01,370 --> 00:02:03,350 Well interesting traffic. 25 00:02:03,350 --> 00:02:08,650 Well interesting meaning that traffic that has to be encrypted it's where the source wanted to once 26 00:02:08,660 --> 00:02:14,780 except one that one going to two dozen euro or the other way around traffic the traffic coming from 27 00:02:14,780 --> 00:02:17,540 two that zero going to one that zero. 28 00:02:17,870 --> 00:02:25,370 And this VPN tunnel it's on demand type meaning that the VPN tunnel will be up will be active only when 29 00:02:25,370 --> 00:02:33,590 traffic from this P.C. or from this LAN will be seen by this HQ firewall going to this subnet. 30 00:02:33,740 --> 00:02:38,890 So as as of now we don't have any traffic going between these two sites. 31 00:02:38,900 --> 00:02:46,380 So that's why this is the reason why we're seeing the the tunnel being as inactive now anyway. 32 00:02:46,390 --> 00:02:52,150 If the if the configuration is correct we should see that the status should change when we try again 33 00:02:52,150 --> 00:02:57,620 to ping let's say from this P.C. going to this P.C. list right now. 34 00:02:57,760 --> 00:03:11,220 So let's go to VPC is one so this is VPC this one and I will try to ping so let's say being a question 35 00:03:11,220 --> 00:03:18,930 mark I want to have multiple packets minus C as the option so being Minus C. Let's say one hundred packets 36 00:03:19,340 --> 00:03:28,560 to the destination 1 9 2 1 6 say that 2 that 0 so we will say being this 37 00:03:33,120 --> 00:03:33,590 and now. 38 00:03:33,600 --> 00:03:34,340 Question mark. 39 00:03:34,710 --> 00:03:46,260 And now we have the option so again minus C one hundred and let's wait time out time out time out. 40 00:03:48,420 --> 00:03:56,010 Actually the IP address is not correct so it's not too that 0 but it's 2 that 1 2 2 0 0 is the something. 41 00:03:56,160 --> 00:03:57,540 And here it is. 42 00:03:57,570 --> 00:04:05,550 So we have connectivity between Test B C or land P.S. 1 Going to the the P.S. On the other side of the 43 00:04:05,550 --> 00:04:05,940 network. 44 00:04:06,600 --> 00:04:07,330 So guess what. 45 00:04:08,400 --> 00:04:11,030 Let's see if the tunnel has changed. 46 00:04:11,460 --> 00:04:18,170 So I'll just say click on something else and go back to our basic tunnels and the status is up. 47 00:04:18,180 --> 00:04:19,760 So this is the desired. 48 00:04:19,760 --> 00:04:22,370 This is the desired output you would like to see. 49 00:04:22,440 --> 00:04:25,360 So now going in the monitor menu. 50 00:04:25,380 --> 00:04:30,350 So we were here we are in the VPN and IP tunnels. 51 00:04:30,480 --> 00:04:37,720 When you click on on the tunnel and specifically click on up it will jump to monitor section and IP 52 00:04:37,880 --> 00:04:38,370 monitor. 53 00:04:38,880 --> 00:04:44,870 So we see that we are on the branch the branch firewall we see we have HQ as the name. 54 00:04:45,030 --> 00:04:47,640 It is a side to side the remote IP is this. 55 00:04:47,640 --> 00:04:55,740 The stat is up incoming data outgoing data is good and we have this specific kilobytes of of traffic 56 00:04:57,440 --> 00:04:58,090 also. 57 00:04:58,130 --> 00:05:04,790 We would like to look maybe in the log and report and if we go into VPN events we should see something 58 00:05:04,790 --> 00:05:14,090 here because some some negotiation has happened before before before having this this VPN up so we can 59 00:05:14,090 --> 00:05:15,960 see some failures here. 60 00:05:15,980 --> 00:05:19,590 Failure failure failure and now we see our success. 61 00:05:19,880 --> 00:05:27,420 So if you click so this is basically for troubleshooting and troubleshooting and reporting purposes. 62 00:05:27,470 --> 00:05:35,760 So if something happens you would like to see basically how how everything happened and get get more 63 00:05:35,760 --> 00:05:36,300 details. 64 00:05:36,300 --> 00:05:42,310 Double click on any row and you can see here more detail so log description progress through IP sic 65 00:05:42,330 --> 00:05:42,980 Phase 1. 66 00:05:43,890 --> 00:05:52,680 And we have let's say we have we have used this port for no UDP 500 and this is the remote IP remote 67 00:05:53,010 --> 00:05:57,420 remote port five hundred main mode progress. 68 00:05:57,660 --> 00:06:02,370 Let's see log remote roll which is something I don't need. 69 00:06:02,370 --> 00:06:06,220 Phase 1 Phase 1 Install IP SEC assay. 70 00:06:06,330 --> 00:06:11,490 So this means that the the IP SEC Phase 1 has been successful. 71 00:06:11,490 --> 00:06:19,770 And then you can see here IP Sig Phase 2 status change so let's see what happened from route with this 72 00:06:19,770 --> 00:06:21,420 IP address. 73 00:06:21,600 --> 00:06:23,160 Action Phase 2 up. 74 00:06:23,160 --> 00:06:29,520 So now we have also Phase 2 up which means when you have also Phase 1 and Phase 2 up that traffic can 75 00:06:29,520 --> 00:06:32,130 pass can pass in the tunnel. 76 00:06:32,130 --> 00:06:36,690 And anyway you would have to you have to play with these options a little bit so that you understand 77 00:06:36,690 --> 00:06:37,300 more. 78 00:06:37,530 --> 00:06:39,160 But this is where we go. 79 00:06:39,180 --> 00:06:44,750 So again logger report to see what has happened and what were the steps when the tunnel was negotiated. 80 00:06:44,850 --> 00:06:51,000 And when you just want to see the status obviously the menu it's monitor and you go to IP sic monitor 81 00:06:51,360 --> 00:06:55,860 and get more details about your your side to side tunnel. 82 00:06:55,860 --> 00:06:58,860 So this is all with this section. 83 00:06:58,860 --> 00:06:59,430 Thanks a lot. 84 00:06:59,430 --> 00:07:02,010 In the next section we will do some. 85 00:07:02,010 --> 00:07:03,950 I would say more advanced configuration. 86 00:07:03,950 --> 00:07:10,530 We will try to set up a site to site VPN between a fortunate firewall and a Cisco AC. 87 00:07:10,530 --> 00:07:11,070 Thanks a lot.