1
00:00:00,540 --> 00:00:02,670
Hello and welcome to this lecture.

2
00:00:02,670 --> 00:00:09,510
It is lecture we verify the whole set up the whole site to site VPN set up between the 40 gate firewall

3
00:00:09,540 --> 00:00:15,750
in the headquarter to the Cisco NSA in the branch to as we named it earlier.

4
00:00:15,750 --> 00:00:23,520
So now let's go and connect to the firewall and let's say again later and later

5
00:00:26,420 --> 00:00:33,380
and remember that in order for the VPN to trigger so to be established we have to have interesting traffic

6
00:00:33,410 --> 00:00:34,070
in the tunnel.

7
00:00:34,070 --> 00:00:38,990
So we have to generate some traffic between the two remote private lands.

8
00:00:39,170 --> 00:00:47,600
In this case between 1 and 2 1 6 8 1 0 and between 1 and 2 1 6 8 3 0 slash 24 for both of them.

9
00:00:47,600 --> 00:00:56,150
Now also in the previous lecture when I initiated an ICMP session a ping from VPC as one I was not wrong

10
00:00:56,180 --> 00:00:58,300
but I was saying some other thing.

11
00:00:58,940 --> 00:01:04,780
When when I was pinging basically this lan I was saying that I was pinging the VPC has too.

12
00:01:04,790 --> 00:01:07,040
But anyway I was pinging not one.

13
00:01:07,040 --> 00:01:13,180
So the inside the inside IP on the branch for the gate which is not wrong.

14
00:01:13,190 --> 00:01:18,930
But anyway you have to have connectivity between any IP is in the private lands.

15
00:01:19,010 --> 00:01:27,570
So that was that's why the IP sic VPN triggered and we have seen it in the upstate Another option would

16
00:01:27,570 --> 00:01:28,080
be.

17
00:01:28,290 --> 00:01:37,960
So let's go to if you don't want to ping if you go to the IP SEC tunnels Another option is to say right

18
00:01:37,960 --> 00:01:39,550
click or not here.

19
00:01:39,550 --> 00:01:41,160
Let's see.

20
00:01:41,190 --> 00:01:43,780
We think we know in the in the monitor one.

21
00:01:43,810 --> 00:01:45,040
So a basic monitor.

22
00:01:45,360 --> 00:01:45,630
Yeah.

23
00:01:45,640 --> 00:01:48,340
Here is right click and say bring up.

24
00:01:48,400 --> 00:01:57,390
But before we do that let's go in the log and report and let's go to VPN events and let's see if we

25
00:01:57,390 --> 00:02:01,080
can delete the everything we have here.

26
00:02:01,380 --> 00:02:13,460
So let's search for what download log do we have any clear log so I don't see any clear log here for

27
00:02:13,540 --> 00:02:19,520
disk details details if I want to see for a specific log OK.

28
00:02:19,530 --> 00:02:24,100
So we don't have any log but we have a timestamp here so a thirty three.

29
00:02:24,120 --> 00:02:24,420
Good.

30
00:02:24,900 --> 00:02:33,330
So let's try now to initiate the VPN and if it doesn't work we will see what what logs are generated

31
00:02:33,330 --> 00:02:34,030
here.

32
00:02:34,320 --> 00:02:35,210
So monitor.

33
00:02:35,250 --> 00:02:41,040
Let's go to IP monitor right click and say bring up good.

34
00:02:41,060 --> 00:02:45,890
So the VPN is up which means that the configuration was applied correctly.

35
00:02:46,190 --> 00:02:47,110
Let's go on.

36
00:02:47,150 --> 00:02:53,330
As you can see as you can see we have no incoming and outgoing data which means obviously no traffic

37
00:02:53,450 --> 00:02:59,210
no VPN traffic is traversing this side to side side by side tunnel.

38
00:02:59,210 --> 00:03:07,550
Now if you go in the log and report and go again to VPN events so it was a three So starting from here.

39
00:03:07,660 --> 00:03:18,100
We have we have some logs generated by by the by the gate firewall so date time stamp duration local

40
00:03:18,100 --> 00:03:20,290
IP received data.

41
00:03:20,560 --> 00:03:28,260
So something that was generated by the by the firewall so that the tunnel is triggered security.

42
00:03:28,720 --> 00:03:29,370
What else.

43
00:03:29,380 --> 00:03:31,490
Let's see negotiate progress.

44
00:03:31,540 --> 00:03:38,910
IP saying Phase 2 then I'd be sick I say install.

45
00:03:38,960 --> 00:03:42,410
So basically the parameters have been exchanged here.

46
00:03:42,410 --> 00:03:44,340
And because of them.

47
00:03:44,390 --> 00:03:51,540
Because we have we have had a match and I refer here to both Phase 1 and Phase 2.

48
00:03:51,540 --> 00:03:59,280
We have seen that ABC connection status changed it has changed meaning that it was it it changed it's

49
00:03:59,280 --> 00:04:00,780
changed to to upstate.

50
00:04:00,960 --> 00:04:04,910
So with each it triggered to action here tunnel up.

51
00:04:04,920 --> 00:04:09,010
So anyway no not necessarily by here not necessary.

52
00:04:09,150 --> 00:04:16,500
Well obviously most of us know the debugging process as a debug but you as you will see in the 40 gate

53
00:04:16,500 --> 00:04:23,710
world and 40 net world in general that the buying process it started with the diagnose command.

54
00:04:24,130 --> 00:04:31,710
But this is something we will do in the next section where we where we will break the configuration

55
00:04:31,980 --> 00:04:39,420
and see what the logs look like so that we we get accustomed to what to do in order to fix the configuration

56
00:04:39,420 --> 00:04:40,830
when is broken.

57
00:04:40,830 --> 00:04:42,330
So this is all for this section.

58
00:04:42,330 --> 00:04:42,960
Thanks a lot.

59
00:04:42,960 --> 00:04:44,460
See you in the upcoming section.