1 00:00:01,060 --> 00:00:06,530 Hello and welcome to this lecture in this lecture we apply the configuration on the HQ for the great 2 00:00:06,530 --> 00:00:15,530 firewall in order to be ready for the IP sex site to site VPN so let's now go to 172. 3 00:00:15,540 --> 00:00:24,060 That sixteen point one hundred that one when we should be able to log in right away and we have admin 4 00:00:25,130 --> 00:00:29,320 and we see later and remind later. 5 00:00:29,330 --> 00:00:35,230 And now let's navigate to the VPN menu so everything looks fine. 6 00:00:35,230 --> 00:00:36,820 Virtual Machine. 7 00:00:36,820 --> 00:00:43,720 It's an evaluation license and that's the reason why we cannot apply any advanced authentication and 8 00:00:43,720 --> 00:00:45,280 encryption algorithms. 9 00:00:45,280 --> 00:00:49,930 But anyway for demo and learning purposes it's absolutely perfect. 10 00:00:49,930 --> 00:00:58,110 So now let's navigate to IP SEC wizard and let's say that this is a side to side and side to side VPN 11 00:00:58,110 --> 00:01:02,980 tunnel and the remote device is going to be Cisco this time. 12 00:01:03,000 --> 00:01:08,700 Now let's name me let's say branch one let's say range. 13 00:01:09,440 --> 00:01:10,710 No not between sites. 14 00:01:10,740 --> 00:01:12,190 Oh now click on Next. 15 00:01:12,270 --> 00:01:17,700 So we can see here that the diagram has changed so I am configuring this for the gate I am connecting 16 00:01:17,700 --> 00:01:23,780 through internet so no net devices in between and the the remote device. 17 00:01:23,810 --> 00:01:25,460 It's a Cisco device. 18 00:01:25,500 --> 00:01:31,640 So now let's say next the IP address of the NSA was the IP address. 19 00:01:31,650 --> 00:01:36,980 Again I have forgotten to test the connectivity between the HQ for the gate and the NSA. 20 00:01:36,990 --> 00:01:38,040 So let's do that now. 21 00:01:38,760 --> 00:01:42,610 So HQ 48 and I will do a ping. 22 00:01:42,720 --> 00:01:51,750 So admin and they're executed being 100 100 or 100 1 or 2 23 00:02:00,200 --> 00:02:06,810 and let's say if we have connectivity and it is like it seems like we don't. 24 00:02:06,810 --> 00:02:13,050 So this is a perfect example of why you should test before applying the advanced configuration you should 25 00:02:13,470 --> 00:02:18,040 you should test basic connectivity and let's see why. 26 00:02:18,060 --> 00:02:20,990 Let's go to the NSA. 27 00:02:21,600 --> 00:02:29,310 And yes I remember I didn't apply any route any default route on the NSA pointing to pointing to the 28 00:02:29,310 --> 00:02:32,030 default gateway pointing to the Internet router. 29 00:02:32,130 --> 00:02:41,100 So if I say now show route I see I don't have any road going outside only connected and local. 30 00:02:41,550 --> 00:02:46,780 So see means connected and l means local only local and connected roads. 31 00:02:46,800 --> 00:02:49,890 So let's apply also the full road here. 32 00:02:49,890 --> 00:02:54,180 So it's a you see road and then you say what's the interface. 33 00:02:54,180 --> 00:03:02,370 In our case the interface is outside and will say that this is the default route and the address of 34 00:03:02,370 --> 00:03:05,880 the Gateway by which the foreign network is rich. 35 00:03:05,910 --> 00:03:07,430 So what's the next hub. 36 00:03:07,560 --> 00:03:11,640 The next top is 100 the 100 that 100 that 1 or 1. 37 00:03:11,730 --> 00:03:19,200 This is configured on the Internet router and let's say and let's also verify that the Internet rather 38 00:03:19,350 --> 00:03:26,400 has this IP address configured so enable show IP interface brief. 39 00:03:26,400 --> 00:03:30,000 Yes it is configured and it's in the up and up state. 40 00:03:30,000 --> 00:03:31,080 Perfect. 41 00:03:31,080 --> 00:03:34,310 So now let's try again from the HQ for the gate. 42 00:03:34,380 --> 00:03:39,430 Let's go again and run Bing and the Bing a successful. 43 00:03:39,430 --> 00:03:47,280 So now this is the moment where we can now start the configuration and with no fear that any layer one 44 00:03:47,280 --> 00:03:52,750 layer two earlier three meaning connectivity it's it's in between. 45 00:03:52,830 --> 00:03:54,720 So let's go again to 46 00:03:57,180 --> 00:03:58,910 this so the remote device. 47 00:03:58,920 --> 00:04:02,790 We need to we need to configure here the IP of the NSA. 48 00:04:02,850 --> 00:04:06,760 So again it's one hundred one hundred one hundred up one or two. 49 00:04:06,810 --> 00:04:18,530 So let's do that so one hundred not hundred of one hundred one or two port one detected the roaring 50 00:04:18,570 --> 00:04:19,170 lookup. 51 00:04:19,280 --> 00:04:20,800 Again the authentication method. 52 00:04:20,810 --> 00:04:23,520 Are we going to use appreciate key or certificate. 53 00:04:23,930 --> 00:04:27,850 So we will use pressure key now and let's say that this is fortunate. 54 00:04:28,570 --> 00:04:30,710 Now everything is good let's just click on. 55 00:04:30,830 --> 00:04:32,040 Next. 56 00:04:32,240 --> 00:04:33,740 Now the local interface. 57 00:04:33,740 --> 00:04:37,880 Again this means what's my private address space. 58 00:04:37,880 --> 00:04:45,270 This is one that one and I'm going to connect to remote subnets which should be 3.0. 59 00:04:45,420 --> 00:04:47,130 Let's look on the diagram. 60 00:04:47,220 --> 00:04:47,490 Yes. 61 00:04:47,490 --> 00:04:51,720 1 and 2 1 6 8 3.0 and this is a slash 24 mask. 62 00:04:51,900 --> 00:04:57,870 So let's go and configure this one line to that one 6 say that 3 0. 63 00:04:57,900 --> 00:05:00,750 And this is a slash 24. 64 00:05:00,770 --> 00:05:01,280 This is good. 65 00:05:01,280 --> 00:05:02,200 Perfect. 66 00:05:02,370 --> 00:05:03,410 In the Index is none. 67 00:05:03,500 --> 00:05:08,930 Let's just click on Create so this has been set up. 68 00:05:08,990 --> 00:05:11,470 Show tunnel list. 69 00:05:11,580 --> 00:05:14,290 Now we have a side to side for the gate. 70 00:05:14,310 --> 00:05:19,230 It's in the upstate and we have another one side to side with a Cisco device and it's inactive. 71 00:05:19,740 --> 00:05:22,680 Let's check now what's the configuration apply for both. 72 00:05:22,680 --> 00:05:30,270 Phase 1 and Phase 2 so that we are 100 percent sure of what's there and what needs to be configured 73 00:05:30,330 --> 00:05:31,460 on the end. 74 00:05:31,470 --> 00:05:39,700 On the other side on the AC so network this is the network authentication and Phase 1. 75 00:05:39,750 --> 00:05:41,520 So let's check what's configured here. 76 00:05:43,060 --> 00:05:50,590 Let's say that we only have again only this because it's in evaluation evolution mode of VM We are running 77 00:05:50,980 --> 00:05:56,740 encryption it's theirs and dedication it's SHA 1 we are running that if you have one group number 5 78 00:05:56,770 --> 00:05:59,560 and the lifetime is this. 79 00:05:59,560 --> 00:06:03,490 Let's take this value and we will not do. 80 00:06:03,520 --> 00:06:08,860 We will not change anything here but I want to make sure that we have the same configured for Phase 81 00:06:08,860 --> 00:06:09,590 2. 82 00:06:09,760 --> 00:06:15,580 Now if you click on the pencil which means added you'll have the possibility to click on the advanced 83 00:06:15,580 --> 00:06:19,690 here and see basically the Phase 2 proposal. 84 00:06:19,690 --> 00:06:28,330 Again we will use Des and Shell 1 so enable perfect forward for secrecy. 85 00:06:28,360 --> 00:06:33,220 Let's say we don't want that or we do anyway. 86 00:06:33,220 --> 00:06:34,150 Let's say we won. 87 00:06:34,150 --> 00:06:38,740 That again is this show one development group it's 5. 88 00:06:38,740 --> 00:06:39,930 Let's modify here. 89 00:06:39,940 --> 00:06:46,130 The second and I will say paste and just click OK. 90 00:06:46,690 --> 00:06:51,510 So this is the configuration we have applied on the on the 48 firewall. 91 00:06:51,520 --> 00:06:58,090 We have now to to run the wizard on the on the essay and match the 1 percent. 92 00:06:58,090 --> 00:07:01,120 The parameters here so that the VPN will come up. 93 00:07:01,660 --> 00:07:04,180 So thanks a lot and see you in the next lecture.