I just recently took over this network and I'm not a firewall guru by any means, however I can read the config and under the basic configuration. One of the first things I've done, beside changing passwords, was to download the config of each router, switch and of the PIX. As I looked through the configuration on the routers there was no sign of IPSEC, from my research the firmware wouldn't support it anyway. However on the PIX he did setup IPSEC and I saw DES in the configuration as well ("isakmp policy 21 encryption des"). This is where it gets confusing for me, why would he put encryption on the firewall and now where else? Is it so data leaving and entering is encrypted? If that is the case then what is decrypting the data on the other end? If I send a request to view the cisco.com is that being request being encrypted, if so how does the Cisco network decrypt that request? Also what about data that's not going through the firewall, data that is going from machine to server. Also I could use a some reading material on this, if anyone has any suggestions feel free.... Thanks......
Ok that help make some sense, I see -- crypto map "name" "counter" match address "ACL-NAME" -- I'm looking at the ACL-Name and only shows 4 local IPs pointing to 5 outside IP addresses. So that tells me that only the people with those 4 local IP address data is going to be encrypted when it goes to one of those 5 outside address, right? Ok then that brings me to--- crypto map "name" "counter" set peer "IP-Address" -- I've found that entry and the IP address is in the same subnet of the other outside address, so that' where it's there being decrypted, right? Is there a reference somewhere that would tell me what each entry stands for? Thanks again....
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :