Press "Enter" to skip to content

Posts published in “VPN”

Cisco ASA Remote Access VPN Configuration 1 – Clientless SSL VPN

1

Remote access VPNs let single users connect to a central site through a secure connection over a TCP/IP network such as the Internet. Unlike other common VPN client solutions, the Clientless SSL VPN does not require that a client download and install a VPN client, all communications to the central location (where the ASA is located) are done via Secure Socket…

Cisco IKEv1 Site-to-Site IPSec Configuration on IOS Routers (1) – High Availability IPSec

0

IPsec is a framework of open standards that provides data confidentiality, data integrity, and data authentication among participating peers. It provides these security services at the IP layer; it uses Internetwork Key Exchange (IKE) to handle negotiation of protocols and algorithms based on local policy, and to generate the encryption and authentication keys to be used by IPsec. You can…

Using Symantec SSL PKI to Authenticate Cisco IOS IPSec VPN – HA Deployment

0

Digital certificates as an authentication method for IPSec VPNs is becoming increasingly popular for both remote access and site-to-site deployments. The use of digital certificates requires some form of PKI infrastructure such as a CA server. In this post, Symantec public CA will be used as an example to authenticate certificates used between two IPSec VPN gateways. There are some…

Cisco IKEv1 Site-to-Site IPSec Configuration on IOS Routers (2) – Using Two Different CA Certificates

0

Pre-shared keys and digital certificates are two primary authentication methods in IKE that can be used in the context of IPSec VPN deployments. Digital certificates provide a means to digitally authenticate devices and individual users. An individual that wishes to send encrypted data obtains a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing…

Policy Based IPSec VPN Configuration Between SRX Firewalls

2

Juniper SRX support both Route-based and Policy-based VPN, which can be used in different scenarios based on your environments and requirements.  Difference between them (KB15745) With policy-based VPN tunnels, a tunnel is treated as an object that together with source, destination, application, and action, comprises a tunnel policy that permits VPN traffic. In a policy-based VPN configuration, a tunnel policy specifically references a…

Using PKI Build Route-Based IPSec VPN between Juniper SRX

0

There was a task to change IPSec authentication method from Pre-share key to PKI Certification based. It used on SRX240H and SRX1400 firewalls. This post records the steps and troubleshooting the errors I met during the configuration. 1. On both firewalls generate Public/Private key pair: {primary:node0}root@fw-1> request security pki generate-key-pair certificate-id PRO size 2048    node0: ————————————————————————–Generated key pair PRO,…

Certificate Import Failed with “% Failed to parse or verify imported certificate” because of Verisign Using new Intermediate CA Certs G4

0

Symptoms: Worked on IPSec VPN Certificate for whole morning to try to import a certificate, finally gave up to ask support from Verisign. I did this many times and had detailed documentation recorded for steps. But this time, situation is different.  My previous post clearly shows all steps I have to follow: Install Verisign SSL Certificates on a Cisco ISO…

Certification based Cisco IPSec VPN Down caused by ‘signature invalid’

0

Symptom: Recently, I were troubleshooting a IPSec VPN using Certificate issue. One IPSec VPN router got rebooted then IPSec tunnel was not able to be re-build. It tested fine with pre-share key. But when change back to certificate, ISAKMP authentication failure with ‘signature invalid‘ error. Dec 12 21:44:33.558: ISAKMP (0): received packet from 3.1.1.1 dport 500 sport 500 Global (N)…

VPN Lab between Cisco Router and Checkpoint Firewall

1

1. Checkpoint configuration a. Set up Checkpoint Gateway IPv4 address as the peer address showing in the cisco router. b. Create a new Interoperable Device for Cisco Router c. ISAKMP Settings and IPSec Settings d. Pre-shared key  e. Advanced ISAKMP Configurations and IPSec Configurations f. Set up access-list 2. Cisco Router Configuration crypto isakmp policy 10 encr aes 256 authentication pre-share group 2crypto…