States of Ipsec Tunnel in Cisco ASA

ISAKMP States in ASA : MM_WAIT_MSG2 : Initial DH public key sent to responder. Awating initial contact reply from other side. if stuck here it usually mean the other end is not responding. This could be due to no route to the far end does not have isakmp enabled on the […]

Modes in IPsec Tunnel

Phase 1 ( ISAKMP Phase ) It has 2 Modes Main Mode : It has 6 messages : 1. ISAKMP policy (encr/hash/dh), Vendor ID =======> 2. <======= ISAKMP policy, Vendor ID (If the route is not there it wont go through) If policy matched, 3. Nounce (Hash of its PSK), Key exchange =======> 4. […]

IPSec S2S VPN Firewall

Configuration on OLD ASA: Step 1: Configure Mirrored ACL/Crypto ACL for Interesting Traffic (config)# access-list <acl_name> permit host <source address> host <destination address> Step 2: Configure ISAKMP Policy (config)# crypto isakmp policy <priority> (config-policy)#encryption <encryptions> (config-policy)# hash <hash> (config-policy)# group <number> (config-policy)# authentication <authentication> (config-policy)# lifetime <time> [Default: 86400] Step 3: Define Tunnel Group [DIFFERENT FROM ROUTER] (config)# tunnel-group <destination ip address> type ipsec l2l […]

IPsec NAT – T

How Does NAT-T work with IPSec? Background: ESP  encrypts all critical information, encapsulating the entire inner TCP/UDP datagram within an ESP header. ESP is an IP protocol in the same sense  that TCP and UDP are IP protocols (OSI Network Layer 3), but it does not  have any port  information […]

Juniper VPN Configuration

set security ike proposal Magone authentication-method pre-shared-keys set security ike proposal Magone dh-group group2 set security ike proposal Magone authentication-algorithm sha1 set security ike proposal Magone encryption-algorithm 3des-cbc set security ike proposal Magone lifetime-seconds 28800 set security ike policy ike_pol_to_Magone mode main set security ike policy ike_pol_to_Magone proposals Magone set […]

Redundant Interface

A redundant interface is a logical interface made up of two physical interfaces. One physical interface serves as the active interface while the other serves as the standby. When active interface fails, the standby interface becomes active and starts passing traffic. 2 physical interface pair upto 2 redundant interface configured […]

NAT In ASA

Benefits of NAT as follows : Using this we can translate private to public for using in internet NAT hides the real address from other network, So attacker cannot learn the real address of a host. We can resolve ip routing problems, Such as overlapping network/address. NAT Priority :  NAT […]

Failover in ASA

Features of Hardware similarities Requirements : Model Number Type of Number Interface RAM SSM (If any) Flash (may vary) but should have the capacity Same amount of communication limitations Software Requirements : Same major and minor version (Supports for different patch release) Same mode of operation (Router/Transparent) (Single/Multiple) Liscense Requirement […]