For many IT workers remotely involved with networking, it is quite common to need to expose your Intranet application to the outside world in a secured manner. Unfortunately, we work most of the time from private IP networks, be that at the workplace, at home or at the coffee shop. The router(s) or firewall (s) that stands between our workstation…
Posts published in “VPN”
1. Clear VPN Configuration: clear configure crypto map VPN_AAAA 2. Debug and show commands: Enable logging: ciscoasa#terminal monitor ciscoasa(config)# logging buffer-size 1048576 ciscoasa(config)# logging buffered 7 ciscoasa(config)# logging monitor 7 ciscoasa(config)# debug crypto condition peer 10.10.10.10 ciscoasaa(config)# ciscoasa(config)# debug crypto ipsec 127
Symptoms: One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine. From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway. Error Messages: “VPNThe AnyConnect package on the secure…
What is Differences between IKEv1 and IKE v2? 1. Different negotiation processes − IKEv1 IKEv1 SA negotiation consists of two phases. IKEv1 phase 1 negotiation aims to establish the IKE SA. This process supports the main mode and aggressive mode. Main mode uses six ISAKMP messages to establish the IKE SA, but aggressive mode uses only three. Therefore, aggressive mode…
There was a VPN issue to troubleshoot recently. It was between Juniper SRX and Cisco Router. It seems straightforward but it took quite a long time to troubleshoot because of communication. All steps listed here for my future reference. Some other related posts: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting…
I am not sure if there is other better way to do it. There is no good documentation from Cisco or somewhere else regarding how you should do on renewing your ssl certificates once it is expired. Every a couple of years, I have to face this problem, renewing all routers ssl certificates. As far as I know, you can…
IPSec over GRE means Outer Header is GRE. In other words, IPSec is riding over GRE. Please refer: Chapter: Point-to-Point GRE over IPSec Design and Implementation IPSEC over GRE Tunnel IPsec over GRE – Configuration and Explanation (CCIE Notes) The order for IPsec over GRE is IPsec first, GRE second. This order will result in these operations: 1.) Original header…
Basic Cisco Configuration Professional (CCP) configuration has been posted before at following link: Cisco CCP Installation and Basic Configuration This Post will demonstrate how to use CCP to configure SSL VPN on an IOS Router. 1. Confirm SSL-VPN License Installed You can review another post regarding how to add Cisco license into a router. From Command Line: VPN-1#show license detailIndex:…
Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed
0It is always not easy when troubleshooting a vpn issue. You will meet many situations. Here is one of examples I used to meet during configuring ipsec vpn.Other examples to troubleshoot IPSec VPN issue: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy…