Hey Amin, great video. I would like to ask that at 10:20 , the specified key is clear-text when I do show run. Also service password-encryption command does not hide the key. Is there a way to hash that key similar to enable secret?
Very precise and accurate. Thank you for your effort. Only one thing to say @13:07 I believe network need to be advertised otherwise from where the interesting traffic will come. Please correct me if my understanding is wrong
Thanks for this demonstration! Some questions: would this config change when there are two ISP NAT routers in between the VPN routers? Does the ISP only has to forward ports 500 and 4500? Or do they also have to forward 47?
Hi, thanks for your comment. For the first question I would say as long as you can ping the other side, everything is ok there’s no need to change anything.
Hello and thanks to you Mr. Sedighfar . I have question for you... Did you ever try to connect two different device same as cisco router and a mikrotik with GRE over IPsec tunnel?
I guess the same as what we did here. GRE Tunnel is already protected, you set authentication, encryption, isakmp, etc. Sorry, I’m not sure if I addressed your question.
Hello, I did research and I found out, that gre over ipsec better to use ipsec profile instead crypto map, because, this is newer method, crypto map is legacy, ipsec profile is shorter to write and due to the duplication of commands with crypto map.
thanks for sharing, information on GRE & IPsec. i love this!
Thanks for your kind comment 🤓🙏🏻
Hey Amin, great video. I would like to ask that at 10:20 , the specified key is clear-text when I do show run. Also service password-encryption command does not hide the key. Is there a way to hash that key similar to enable secret?
Very precise and accurate. Thank you for your effort. Only one thing to say @13:07 I believe network need to be advertised otherwise from where the interesting traffic will come. Please correct me if my understanding is wrong
Thanks for your comment. But which network do you mean? Here they are connected via either static route or EIGRP.
very informative, thank you for sharing, hope to see more from you buddy
Thanks 🙏🏻
Very informative and easy to understand.
Thanks for your comment ❤️
Hello Amin...Thanks ...it's a brief and informative
I’m glad you found it useful 🙂
Thanks for this demonstration! Some questions: would this config change when there are two ISP NAT routers in between the VPN routers? Does the ISP only has to forward ports 500 and 4500? Or do they also have to forward 47?
Hi, thanks for your comment. For the first question I would say as long as you can ping the other side, everything is ok there’s no need to change anything.
For the next question, to be honest I don’t know, I think those ports are already forwarded on the ISPs side (by default).
great video. very informative
Thanks for your feedback
Hello and thanks to you Mr. Sedighfar . I have question for you... Did you ever try to connect two different device same as cisco router and a mikrotik with GRE over IPsec tunnel?
Hi, unfortunately I didn’t! However, I know it’s doable.
Hello can we do tunnel protection in gre mode multipoint ?
I guess the same as what we did here. GRE Tunnel is already protected, you set authentication, encryption, isakmp, etc.
Sorry, I’m not sure if I addressed your question.
Well done Amin!
Thanks 😊🙏
Hi @Amin, I see you didnt attached the ISAKMP Key to IPSEC Profile, does this required?
You don’t attach! It’s the encryption that must be the same on the both sides.
Thanks
What routers use?
@@workstation6606 you need to have the iOS first, then upload it to your router. I used C7200
hi sir, why you no need to enable the gre ip mode ?
To have an encrypted communication channel. In case someone captures your packets, he or she will not be able to understand it.
Hello, I did research and I found out, that gre over ipsec better to use ipsec profile instead crypto map, because, this is newer method, crypto map is legacy, ipsec profile is shorter to write and due to the duplication of commands with crypto map.
I also used the profile, thanks for your feedback.
Furthermore, I have another video about IPSEC and VPN ruclips.net/video/RE3T66KaSAc/видео.html