Yes...!!😍😍 thank you very much sir, may God bless and increase your knowledge😁🙏. I just started this course in my university three weeks ago and I was so... Lucky to find your videos and they have helped me a lot💪. And also if I have any problem or questions I will make sure to ask you. Thanks again sir🙏👍
Thanks mr. Greg ❤!!. I have a question??. Example I have 3 department, Dept 1, Dept 2, and Dept 3. Dept 3 is the guest dept I want to know how to use firewall to block the guest dept from accessing dept 1 and dept 2.? Thank you for your time sir
Hi Issa, thanks for your comments. There are some limitations in Cisco Packet Tracer with this particular type of firewall model -ASA5505. There is a restriction of creating 3 VLANs (you can see this by running the command 'show version'. This doesn't allow us to create any more vlans (as we already have a inside, dmz, outside vlans). Another option rather than create vlans on the firewall, you could implement new vlans on a switch. You would need to expand out your network to allow the type of blocking to happen between departments. I demonstrate communication between vlans in a number of videos - e.g. creating VLANs so that some PC's can communicate whereas others are blocked...Another option to allow this type of scenario (of permitting and denying traffic) between departments/vlans is to review Access Control Lists (ACLs) - I hope this helps. Greg - ruclips.net/video/-KBxk1q_iGE/видео.html
Thanks for the videos! You're a very good teacher and you know how to keep your audience engaged, never got boring! I have one question - How would R1 be configured if there was one more router (let's say R4) that needed to communicate with both R1 and R3? So there would be a tunnel for R3 and R4.
Hi @Mateja - thanks for your feedback! In theory, yes, another site-to-site tunnel could be setup - So if you wanted to introduce another router and have secure communications with it e.g. R1 to R4 - you would need to establish another IPSec site-to-site tunnel. As you add this site (and more), you may be thinking this is a lot of configuration (IKE Phase 1 and IKE Phase 2 configs) for each and it is! Luckily there are other options: 2nd option would be to use Generic routing encapsulation (GRE) tunnels with IPSec profiles (easier to setup from cryptography perspective) but possibly best would be option 3: this would be used (in real networks with lots of sites e.g. 100 sites) dynamic multipoint VPNs (DMVPNs) -benefit of this protocol is that tunnels don't have to be statically configured (configure a main HQ site in such a way that it's willing to dynamically learn other sides of GRE tunnels & also other sites can directly connect to each other) - these tunnels can be setup securely and solution scales very well. Hope this helps, Greg
One Question, please, can we started with no connection between the two sites and let the VPN Tunnel become the way to set up that connection a long with the encryption -decryption protocols that came with it? Thanks.
Hi @hichembenjazia4537 - not sure on your exact question here but we configure an access control list e.g. ACL 100 to identify the traffic from the LAN on R1 to the LAN on R3 as interesting. This interesting traffic will trigger the IPsec VPN to be implemented when there is traffic between the R1 to R3 LANs. All other traffic sourced from the LANs will not be encrypted. This ACL could be changed to fit your requirements. Hope this helps, Greg
Hi guys, did you get it sorted? Did you check the below link - as i have the Cisco Packet Tracer file here along with exercise PDF so you can check the config step by step. Hope this helps - Thanks, Greg - bit.ly/2YXnwDr
Hi guys, did you get it sorted? Did you check the below link - as i have the Cisco Packet Tracer file here along with exercise PDF so you can check the config step by step. Hope this helps - Thanks, Greg - bit.ly/2YXnwDr
Actually the best video so far if anyone wants to do a VPN configuration on packet tracer! Thanks a lot.
Glad it helped and thanks for your feedback
Brilliant Material, Greg! Thanks so much for the videos, they were really helpful!
Glad you like them! Thanks for the feedback!
Yes...!!😍😍 thank you very much sir, may God bless and increase your knowledge😁🙏.
I just started this course in my university three weeks ago and I was so... Lucky to find your videos and they have helped me a lot💪. And also if I have any problem or questions I will make sure to ask you. Thanks again sir🙏👍
Thanks for your feedback. Delighted that they helped with your course in your University. All the best, Greg
WOW. What a explain. You are a great lecture.
Hi Udara- glad you liked my explanations- good luck with your study
This is amazing series, i saw all of them, they are very helpful.
Glad you like them! Thanks for the feedback. All the best, Greg
Thank you! I'm going to go back to the first video and try this myself.
Nice one Edward - all the best, Greg
Thank you so much for help
Glad the videos helped. Greg
Thank you very much for this explanation. It helped me a lot to understand the concept!
Glad it was helpful Jonas!Thanks for the feedback, Greg
You really helped! Thanks!
I followed all the steps
Thanks mr. Greg ❤!!.
I have a question??.
Example I have 3 department, Dept 1, Dept 2, and Dept 3. Dept 3 is the guest dept I want to know how to use firewall to block the guest dept from accessing dept 1 and dept 2.? Thank you for your time sir
Hi Issa, thanks for your comments. There are some limitations in Cisco Packet Tracer with this particular type of firewall model -ASA5505. There is a restriction of creating 3 VLANs (you can see this by running the command
'show version'. This doesn't allow us to create any more vlans (as we already have a inside, dmz, outside vlans). Another option rather than create vlans on the firewall, you could implement new vlans on a switch. You would need to expand out your network to allow the type of blocking to happen between departments. I demonstrate communication between vlans in a number of videos - e.g. creating VLANs so that some PC's can communicate whereas others are blocked...Another option to allow this type of scenario (of permitting and denying traffic) between departments/vlans is to review Access Control Lists (ACLs) - I hope this helps. Greg - ruclips.net/video/-KBxk1q_iGE/видео.html
Thanks for the videos! You're a very good teacher and you know how to keep your audience engaged, never got boring!
I have one question - How would R1 be configured if there was one more router (let's say R4) that needed to communicate with both R1 and R3? So there would be a tunnel for R3 and R4.
Hi @Mateja - thanks for your feedback! In theory, yes, another site-to-site tunnel could be setup - So if you wanted to introduce another router and have secure communications with it e.g. R1 to R4 - you would need to establish another IPSec site-to-site tunnel. As you add this site (and more), you may be thinking this is a lot of configuration (IKE Phase 1 and IKE Phase 2 configs) for each and it is! Luckily there are other options: 2nd option would be to use Generic routing encapsulation (GRE) tunnels with IPSec profiles (easier to setup from cryptography perspective) but possibly best would be option 3: this would be used (in real networks with lots of sites e.g. 100 sites) dynamic multipoint VPNs (DMVPNs) -benefit of this protocol is that tunnels don't have to be statically configured (configure a main HQ site in such a way that it's willing to dynamically learn other sides of GRE tunnels & also other sites can directly connect to each other) - these tunnels can be setup securely and solution scales very well. Hope this helps, Greg
@@GregSouth Thank you very much! I will definitely look into it and try it out! :)
One Question, please, can we started with no connection between the two sites and let the VPN Tunnel become the way to set up that connection a long with the encryption -decryption protocols that came with it? Thanks.
Hi @hichembenjazia4537 - not sure on your exact question here but we configure an access control list e.g. ACL 100 to identify the traffic from the LAN on R1 to the LAN on R3 as interesting. This interesting traffic will trigger the IPsec VPN to be implemented when there is traffic between the R1 to R3 LANs. All other traffic sourced from the LANs will not be encrypted. This ACL could be changed to fit your requirements. Hope this helps, Greg
Pls, help, what is a problem: The interesting traffic can not be encrypted, IKE (ISAKMP) needs to negotatiate IPSec SAs
Yeah I just followed the steps too, doesn't encrypt the data for some reason. Did you figure it out?
Hi guys, did you get it sorted? Did you check the below link - as i have the Cisco Packet Tracer file here along with exercise PDF so you can check the config step by step. Hope this helps - Thanks, Greg - bit.ly/2YXnwDr
Hi guys, did you get it sorted? Did you check the below link - as i have the Cisco Packet Tracer file here along with exercise PDF so you can check the config step by step. Hope this helps - Thanks, Greg - bit.ly/2YXnwDr