When it comes to creating a site to site VPN on Cisco IOS, I have a clear understanding of that from a 1-1 perspective4. However, I now need to extend that site to site VPN to have now more like a hub and spoke, 1 to many.
So basically for a 1 to 1 site mapping I would do something like below. I would appreciate some suggestions on how to extend this or redesign it to suit. Thanks
crypto isakmp policy 10
crypto isakmp key nik address 0.0.0.0 0.0.0.0
crypto ipsec transform-set mySet ah-md5-hmac
crypto map myMap 5 ipsec-isakmp
set peer xx.0.0.2
set transform-set mySet
match address CW-VIC
ip address xx.0.0.2 255.255.255.x
crypto map myMap
ip access-list extended VPN-TRAF
permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
I am glad that you worked out a solution for your own problem. Sometimes these are the best lessons that we learn. Thank you for posting back to the forum that you had solved it and wat the solution was. +5 to you for this.
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...