by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN Stateful High Availability Search for: IPsec VPN “Stateful” failover In the case of Cisco ASA HA, config sync and stateful failover are built-in features In the case of Cisco IOS HA, requires more manual configuration HSRP is used to determine device role...
by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN Stateless High Availability Search for: IPsec VPN “stateless” failover IPsec VPN uses R1 and R2 tunnel as a primary path IPsec VPN uses R1 and R2 tunnel as a backup path Only 1 IPsec peer is active at a time, in this case it’s the primary path If primary...
by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN Fragmentation Problem Search for: GRE over IPsec fragmentation problem IPsec plaintext MTU (inside IPsec SA) is not reliable IPsec plaintext MTU is 1466 bytes, but real plaintext IP MTU is 1442 bytes GRE IP MTU (1476 bytes) is not synced with IPsec plaintext...
by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN Data Plane Packets Search for: (1) The ESP Packet Construction Overview Total frame size = 174 bytes 14 bytes of “Ethernet header” 20 bytes of “IP header” 54 bytes of “ESP header” 20 bytes of “IP header” 8 bytes of “ICMP header” 78 bytes of “ICMP data” 3DES...
by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN Control Plane Packets Search for: ISAKMP/IKE Phase 1 – Main Mode MM1 – Figure 1 MM2 – Figure 2 MM3 – Figure 3 MM4 – Figure 4 MM5 – Figure 5 MM6 – Figure 6 ISAKMP/IKE Phase 1 – Aggressive Mode AM1 – Figure 1 AM2...
by admin | May 9, 2021 | Cisco, Security, VPN
IPsec VPN With DMVPN Example Search for: Configuration !! HUB R1 !! !! Spoke R2 !! ! Routing ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 10.0.14.4 ip route 10.0.22.0 255.255.255.0 Tunnel123 172.16.123.2 ip route 10.0.33.0 255.255.255.0 Tunnel123 172.16.123.3 !...
Recent Comments