• Home
  • Cisco
  • 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) Dumps

Pass Your Cisco SVPN 300-730 Exam Easy!

100% Real Cisco SVPN 300-730 Exam Questions & Answers, Accurate & Verified By IT Experts

Instant Download, Free Fast Updates, 99.6% Pass Rate

300-730 Premium Bundle

$74.99

Cisco 300-730 Premium Bundle

300-730 Premium File: 188 Questions & Answers

Last Update: Jul 03, 2024

300-730 Training Course: 42 Video Lectures

300-730 Bundle gives you unlimited access to "300-730" files. However, this does not replace the need for a .vce exam simulator. To download VCE exam simulator click here
Cisco 300-730 Premium Bundle
Cisco 300-730 Premium Bundle

300-730 Premium File: 188 Questions & Answers

Last Update: Jul 03, 2024

300-730 Training Course: 42 Video Lectures

$74.99

300-730 Bundle gives you unlimited access to "300-730" files. However, this does not replace the need for a .vce exam simulator. To download your .vce exam simulator click here

Cisco SVPN 300-730 Practice Test Questions, Exam Dumps

Cisco 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Cisco 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Cisco SVPN 300-730 certification exam dumps & Cisco SVPN 300-730 practice test questions in vce format.

Basic

6. IKEv1 Configuration

Hello guys. Welcome to a new video. And in this new video, we are going to configure IPsec using IKE version 1. And on the video, before we describe what version one is and the two faces that IC uses to form this IPsec tonal, we're going to create this site-to-site VPN tonal. And we are going to be using a router—a Cisco router. And we are going to be using a Cisco Firewall here. So we'll build an IPsec IQversion one tunnel between a firewall and a router. Okay? So whenever you are going to configure this, there are two phases that you need to configure. The first phase The first phase is going to be phase one. And in phase one, the first thing I need to do is you need to create a cryptographic policy that we're going to create right now. Policy. See, if I remember, oh, it's the Isaacamp policy, and you give it a number for it, or it's actually a priority number, which is going to be number one. That's the only one I'm going to have. And then we do encryption, and we are going to be using the encryption. It's going to be just three desks. Then you have to provide a hashing algorithm. We'll be using MD, and the second number will be one of five different group numbers. And the authentication is going to be a preshare key. And then we need to give it a lifetime. And the lifetime is going to be—what is 86, 400, the highest one? Yes, 86,400. There you go. And these crypto policy parameters need to match on the ASA. So we need to match the encryption to the encryption. So we need to put three desks on the other side. We need to use the same hashing algorithm. So we need to put an empty five on the other side. The group number also needs to match. We need to put that on the other side of the authentication method. If you're going to use an appreciated key, or if you're going to use a certificate, which we aren't, and that needs to match as well. And the lifetime needs to be such that whoever initiates the towno has the longest lifetime. So if this one is higher, then the other one is to be either equal to or lower than this one. It cannot be higher if this one is going to initiate the tonal. Okay, so after we do that, we need to go ahead and create a preshow key. So our next step is to create the preserve key. So the way they do that, you do crypto. Come again. We're going to do keys. If you put a question mark here, we're going to do the key. We're going to be called CCMP Security, which is the EXM that I want to take next and that I want to take now. Right? That's why I'm doing all these configurations. And then we need to tell it which is going to be the peer that we want to authenticate with this key. And our peer's IP address is 30. That one. That one. That too. So let's go ahead and do that. There we go. So that is done. And after we do that, we have configured phase one. And for phase one, we're not going to do any show commands. Now let's go ahead and just configure phase one for the ASA, which is a little bit different than configuring the router. So, because of the crypto itemversion one, you want to enable it on the outside. That's the first thing that you want to do. And then after you do that, I believe you create a crypto ID one policy that they're going to configure for this. And the first thing that you want to do andwe need to match the same as the other one. So we're going to do authentication. We're going to use some pre-shared key encryption, which is going to be, what was the encryption for you guys? the hashing algorithm to provide data integrity. It's going to be 95 different group numbers. It's going to be 2:00 a.m. Am I missing anything? Then we got to the lifetime, and I want to match it. There we go. So that has been configured. Now after we do that, we want to go ahead and create that. Please share the key. And you do this by establishing a tunnel group, and you want to provide it to the same IP address as the peer, which is this one. That's how you do it. 31 to one. The type that we're going to use is IPsec Land-to-Land L2L, which means site to site.And then we are going to do a toner group. There we go, toner group 31. and we are going to configure the IP SEC attributes. And the only attribute that we're going to give it is going to be the pre-share key attribute, right? Preshore key CCMP security Check that it matches the same one on R 1. It is the same one. Okay, great. So they are matching. So we have configured Phase One for both devices. So what we have to do next is go ahead and configure phase two. So, let's begin with router number two. So with phase two, the first thing I need to do is create an extended access list. Let's go ahead and do that access list, and we're going to say that it's an extended one. We're just going to call it C MapACL, and this is what we're going to tell it. What you want to send to the trans What do you want to send into the tunnel? What do you want to encrypt? and what I want to encrypt is this one. Whenever a permit IP is coming from the source of this weird mask to the destination of our mask, I wanted to encrypt it. So I want to encrypt any package that arrives in this router and has a source and a destination. That's why I'm just telling it. Okay, after we do that, we need to go and configure a cryptographic IPsec or transform set. And we're going to do it like this: We're going to call CMAP TSET, and we're going to now provide what we want to do. So we want to encrypt using ESP and AES. And on the video before this one, I told you guys what ESP is in AES. We also have to do the hashing with ESP, whichshot, and we're going to use H Mac. There you go. So this encryption and this data integrity right here need to match on the ASA. So whenever we configure that, we need tomake sure that they are matching, otherwise wewon't be able to form a tunnel. Following that, we must specify that the mode will be tunnel. Okay, now we exit from here. And now after that, we need to go ahead and create a crypto map. And what the crypto map does is that it combines the access list that we created—the transform set. And also, we are going to match that PR IP address. And then after we do that, we are going to add it to the interface of Gigabytes One, which is outside. So let's go ahead and do that crypto map. The company is going to be called just VPN. and this one is going to be a sequence of one IPsec, Isaac Camp. And we are going to set the address so it says "Set Port to Charity." One, two, which is the ASA IP address you're going to set the transform set to, which was the transform set that we created, There we go. See? Map the set. And then we need to match the address. We are going to match what we want to encrypt, which is this access list that we created. There we go. So then, after all that is set, we need to go ahead and let me see. We need to go ahead and activate the crypto map by adding it to the interface. If you go to the interface Cloverzero One, we're going to do a crypto map VPN, and that's going to turn on Isaac Camp. As you can see, it was off. Now it is on. Great. So we are done with theconfiguration over here on the router. So now we need to go ahead and configure ASA phase two. for the ASA. Phase two. The first thing that we need to, that we need to do,we need to create an access list and it's just the sameas the router, but it's going to be the appetizer. So now the service is going to be this and the destination is going to be that. That's what I want to encrypt. So let's go ahead and do access lists. We're going to call it the same way we call it on the other side. It doesn't really need to match the permit. We want to permit one on each According to that one, ten. Remember that firewalls do not accept wildcard masks; instead, they accept subnet masks. And the source is this: Let's see, what did I miss? Always forget that permit ID. Of course I did. There we go. So after that is configured, we need to go ahead and configure how we want to encrypt it. So, at version one, we perform cryptographic IPsec. Transform set: CMAP transform set. And how do we want to do it? We want to use ESP with AES the same way we do it on the other side, and then ESP with SHA and H Mac.Right, let me verify that. Yup. ESP with AES to encrypt it, and ESP with HMAC And there we go. And we don't have to tell it that we're going to use the toner mode because by default, that's what it does. So we don't really need to say that. So it's going now what we need to dois we need to go ahead and combine everythingtogether like we did on the router. So we need to go ahead and create a crypto map, and we're just going to call it that way. Sequence then IPsec isocamp Whether I missed IPsec isacamp VPNIPsec isaac camp I think we need to do that. Okay, so let's go and do one address match, and we need to match the C map ACL, and then we need to go ahead and configure that. VPN to configure and see if I remember enabling transform. Let's see. So we put the map down, then we put "Let's see if I'm missing anything." We have the transformer set. Let's see if we can complete the transform set. It looks like it is good. Okay, after we do that, we then need to go ahead and compare the interface outside. The Crypto Map has an incomplete entry. So what did I mean? Crypto, crypto, right. Crypto map VPN sequence of one. Oops, I forgot to match. Did I not make the match? I think I made the match. Let me see. Transform set. I did not do the match. Okay, so we'll match, and we'll match the address to via C map ACL. Then it's going to be put on the outside interface. There we go. So what I was missing when it gave me that warning was that it was incomplete because I forgot to do the thing to add the access list. So now, after adding the access list and the transformset, it looks like it is ready to go. Do we need to use the peer IP address? Let's see cryptomapvpn sequence number one setup peer, and the pier is going to be there we go.And then we can just go back and add it again just to make sure. There we go. So I did add the peer, I added the interface a couple of times, the match, and I also added the transform set. So now we are ready to go. So this should not be working yet because I need to go into the ASDM. So we are going to log in to the ASDM, and what we need to do is allow that traffic to come back in. So let's go and launch the ASM. Always trust. Okay, so what we want to do is that whenever somebody tries to reach the Isa on the outside interface from either this IP address or with this other IP address, I want to automatically allow it in. So let's go ahead and do it right here. Let's go inside the firewall. And first, I want to create some network objects. The first object that I want to create is going to be Router 1. It'll be a host 30—the one that one. And then we're going to do another one, which is router one inside the network. It's going to be a great network ten 00:24 great.So now let's go ahead and go into the access rules, let's go into the outside, and let's add a couple of rules. So the first one that I want to add is that I want to allow this router to be able to come in to the destination of the inside network, and I want to allow ICMP, and also I want to allow IP done.And I also want to add another one, which is the router inside going into the inside network. And I want to allow IP and ICMP. There we go. Apply and send it. So now we can go into this device and try to ping one and two, that one is eight, that one and one. As you can see, we can toping from one device to another. Now let's see if we're able to ping from the ASDM device to this web device. I mean, we should be able to because it allowed the packets to come back. So ping, ten, two. You see, it's working. Let me verify that I paint well. Actually I want to pin itfrom this device something that one. So it looks like it is now working. So packets are now permitted to enter. So I believe this is because—let's put it over here so we can see if it gets activated whenever we configure firewall service policies. Let's edit this MP. Let's allow us MP. So it's still not letting me ping this. I'm not sure why because it is loading the ICMP. Let's see what's going on over here. So I allow IP and ICMPs. Let me see if I can ping into 31 from this web. Two. I think I chose the incorrect policies.Okay, there we go. So I was pinging because there's an issue. It's not an issue. It's just what the ASA does. So whenever you try to ping an ASA interface, like the inside interface, it does not allow pings by default. So that's why you need to ping this device over here. So when I ping that device, I am able to do that. So now that we have our opinion and we're doing all this good stuff, we are done with the ASDM. So we can put this down. If we go into the ASA, what we could do is do some verification commands for phase one of the ASA. And you should do it in a cryptographic manner. You can see one. There is one tunnel that is active; it looks like it is working correctly. And the other one is for phase two, where you can do a cryptoIPsec or showcrypto I keep going to show cryptography for IPsec SA. And there we go. As you can see right here, they have encapsulated 23 and 73 packages. as you can see. Take a look at this number: 23 and 71. And now what we're going to do is we're going to ping the ASDM, and those packets are going to go up by this many. Okay, I guess that's good. So now let's get into the ACM. Remember 23 and 71? Let's do it again. As you can see right now, it encrypted 37 and decrypted 87. That means that it is working. So now, when you go into the router, you just do some show commands to verify. Show crypto Ipsegsa, as seen here, as well as 85 and 37. And let's try to ping three times. one, two, and three and grab that. So now let's go ahead and go back over here. So now this one should be 88 and 37, right? Let's see. There we go. 88 and 88 employees because it was going to go up by three, as you can see. 88 employee. So everything is being encrypted, and it is being encrypted and decrypted. And one way to see it live is to issue some debug commands, and the debug that you can issue from the router is to issue some debug crypto isocampor actually let's do a debug crypto IPsec on. Let's go ahead and ping, but it didn't show anything. Let's start with a debug crypto isotamp. It is on, but I don't see anything happening. Let us proceed to the oops, did a Persian move. But it is being encrypted and decrypted because I'm sending too much traffic. Let's go ahead and go over here and debug cryptography in IPsec SA Maybe debug crypto over IPsec. And let's go ahead and ping. The essay also doesn't do anything. Let's do Ike V one and I'mpinging, and nothing happens. You can see stuff going on now. There you go. Process. So there are a lot of messages over here. But if you do a crypto audit or debug a crypto package, let me see crypto. Is there a crypto package? Engine or engine packet? There you go. Let's start with all of them turned off. And then let's do just this one only.and you can see that live. So there we go. As you can see, I am pinging from this device—the web one—to the ACM, and as you can see, stuff is being encrypted, so you cannot really see it. So it is working correctly. Also, let's assume that if I ping 32, nothing will be encrypted. That's because it is not matching the access list that we created. The access list is only saying that whenever this line over here pings 181-6810network, then we want to encrypt it. And that's why it only shows whenever I'm trying to reach this network. Also, let's see if this one has the debug crypto engine package. Let's see if we ping from here and see if we see anything. So we don't see anything. Any other debug command is not really working. However, one of the other commands that you could use to see both phases one and two, this one continues. Okay, that's fine. You can do a VPN session database and go into detail over here. There's no detail. Okay. Oh, show. So show the VPN database. There we go. When you do that, you'll notice that you can see both phases one and two right here. So, as you can see right here, you can see version 1, not version 1, but face 1. And you can see how it was configured. The group was number two. As you can see, we're using Port 500 because we're not using that. So whenever we don't use that, we always want to use Port 500. You can see that we use precise keys. The hashing is MD five, encryption is three desk. The lifetime is this many. And for phase two, you can seeeverything we have configured AAS 128. We're using the toner mode, and the idle time you can see is 30 minutes. so you can see all the good stuff. And from router one, whenever you want to see both phase one and phase two, like we did over here at the same time, which is a really good command, you should know this command, which is show VPN session on database detail, land to land. You need to remember that because it's a really good command. Let's start with Router router one.And for router 1, if you want to see both phase one and phase two, you need to do a show crypto session detail. Show crypto session detail. And when you run that command, "show cryptosession details," you can see both face-one and phase-two configuration over here. Let's see. You can see that the session status is up and active. You can see the peer, which is studying that one, as well as the ASA. There we go. So you can see, we're using version one. And you can see all that good stuff from here. So I will leave this up for this video, guys. Thank you, guys, for watching this video. I hope you guys enjoy this video. And if you guys want the commands that I did, or either the troubleshooting or the verification commands, I will probably leave one in the description below so you guys can see it. So, thank you guys for watching.

7. IKEv2 Configuration

A lab going on. So I have these two routers which are going tobe having the Archer to configure between those two devices. In terms of configuration differences between Ike version one and Ike version two, Ike version two is a little bit different than a lot different. In aggression one, we do a lot less of configurations. Actually, we do a lot more for Ike II. It's just that since I'm going to be using the defaults for some of the stuff, it's going to look like a lot less that we're going to be configuring. But on the back end, I'd say version two is more smooth. It works more smoothly than Ike's first version one.Because IKE version one had to be updated since it was an old protocol, they had to add new stuff to it, like ISOCAMP IPsec and a bunch of other stuff. But with Version 2, they all come together. Everything on the RFC, everything is together. Everything is implemented in Agression 2. However, because it was an old protocol, they had to put more parts together in aggression one, and they had to come up with solutions for various problems that arose during the time that itversion one was operational. So let's stop talking and let's start configuring IKE version two. So, for Ike version 2, we'll need to set up a let me see. We need to configure the IKE version two policy, which I'm not going to configure one.I'm going to use the default one. A proposal. We need to do a proposal, but we're also going to be using the default proposal. And inside the policy, we need to attach that proposal. So to take a look at the default that I'm going to be using, As a result, we demonstrate the crypto IKE version two policy. As you can see right here, the router comes with one by default, and it's called the default. So this is the one that I'm going to be using, the default policy. And as you can see, the policy has attached the proposal, which is a default proposal. So if you want to take a look at that proposal,there's a default proposal that we're going to be using. So we are going to use this default proposal, which is called default, and it's already attached to the policy. Because if you create a policy, let's say, like policy Oscar, and then create a proposal named Oscar, then this proposal has to be attached to the policy. As you can see right here, since these two are the default, they are attached. Since these two protocols are there by default, they are already attached to the policy, right? And you also need to configure Aike Version 2. Kevin I'm going to be configuring that. And then you configure an IKE version two profile. And in that profile, you attach that key ring. I'm going to show you how to do that, guys. And then after that, we need to configure the IPsec profile, but we are going to be using the default profile if we do a show crypto IPsec profile. As you can see, there is a default profile that we're going to be using, and since I'm going to configure the querying and I'm going to attach the querying to the IT version two profile, then after that since I'm going to use it in the default IPsec profile. I have to attach the IT version two profile into the IPsec profile, and then the IPsec profile is going to be attached into the GRE tonal for it to work. So let's go ahead and start with this configuration. So first, let's see if we have connectivity. So let's do ping. To see if there is a connection between one and our two, we must use ping 21 dot two. We do. And then I want to ping this device right here just to make sure that we have connectivity, and we do. Let's go to router two. And I just want to ping this computer over here to see if we have connectivity, which we do since I already ping this computer and I know that we have connectivity there. That's good. So since we're going to be using the default IKE version two policy and the default IKE version two proposal, we're not going to configure that. We are going to jump straight up to the IKE version 2 keying. So let's go ahead and do that configuration that you need for crypto IKE version two keying, and we are going to give it a name, and also, I'm going to copy and paste all the commands. So when we are done with these commands, we are just going to paste them into the other two because it's going to be the same configuration. So let's go ahead and copy this. Enter. So inside this gearing, what we need to define is the peer, which is going to be router two, right? Since we are in router one, we need to define the peer, which is router two. And in this peer what we need to do is we needto specify the address of the pier which is 21 two. And since this one's going to be on the other side, this one's going to be router one, and the peer is going to be 21 because this is for two configurations. And then after that, we need to configure a local picture key. So, instead of picture key local, we'll call it router one key. Oops, let me go back like this. Router one key. And this is telling that the pressure key that we're going to be using for this local device only is going to be called R 1, right? So the local for the other route is going to be R two.and you said one that we're going to match right here. Push your key remote up to the R key. And for IKE version 2, that's one of the differences. Between IKE version 2 and IKE version 1, in IKE version 2, you're able to use asymmetric keys, which means that we are using two different keys for the two devices. On this device, we are using R 2, right? And on this device, we're using R 1. We just need to tell R two that the remote key is going to be R one. Just like I'm telling router one that the remote key is R two for this one and the local key is going to be R one, right? Okay. So we are done with our configuration. Exit. Exit. Now we need to go ahead andconfigure the Ike version two profile. So we're going to do another crypto-IKE version 2 profile. And we'll refer to this as an ike V two underscore profile. And in this profile, we need to add some commands. The first one is that we need to tell you that we're going to be using authentication, which we're going to be using for the local, which is going to be a pressure key. Actually, it's just pressure, right? And the authentication for the remote is also going to be done via preshare. I'm just telling you that we're not going to be using it. Let me go ahead. I'm just telling it that we're actually not using it. We're not using a signature or certificate that we're not going to use in a certificate that we actually do authentication with the preserve key. So that's why I'm putting it right here; I'm putting it so that the local is in the pressure key and has already been defined in the key ring. Okay? And also, the remote is going to be using the pressure key that is already attached to the key ring. And after we do that, we need to go ahead and attach the key ring that we configured over here. And we're going to call this keirin—we're going to call the kirin local paste. and we just paste the name. We just typed and pasted the name of the key ring that we configured, which was this one. There you go. So then, after that is done, we need to configure some identity. So we must match the remote's identity, which will be an address of 21 2. And then we are going to have the identity of the local device, which is going to be the address of 21. And we're just going to paste the addresses of those two devices. But for the two right here, it's going to be the remote, which is this one. And then the local identity The local is going to be 21 to 2. just going to be the opposite. Right. There it is. So after that is done, we will have completed the Iversion 2 profile configuration. So after that is done, we have to do our show. Actually, we're not going to the do showcrypto. We know that the IPsec profile that we're going to be using is going to be the default profile. So what we need to do is go into the default profile that has already been configured, and we need to go into the crypto IPsec profile, whose name is default, and we're going to set over here the it version two profile and the it version two. We need to attach the it versiontwo profile name that we configure whichwas it version two profile right here. Paste it. Done. So let's go ahead and do since we're goingto be using the default on router two aswell, we can go ahead and do that. There it is. We're using the default profile, and then we just attach the Iverson-two profile, which has the key ring attached to it, and also tell it the identity and the authentication method that we're going to be using, right? And also, since he has the key ring attached to it, we know the keys are for the local site and also for the remote site, right? So after that is done, what we need to do is go ahead and configure the Eternal. And to do that, you go into Interface Tunnel 18. We're going to give it a source—actually, not a source—and the source is going to be this interface right here. For router one destination, it's going to be 21 or two. So we can just go ahead and copy this right here, and we are just going to give it a tonal mode. The tunnel mode that needs to be foreseen is IP set with IPB 4. And I'm just telling it that we are going to drop those four bytes or that GRE, and we are going to use an SBTi. And after we do that, we also need to go ahead and attach the tonal protection, which is going to be attaching the tonal, which is going to be the IPsec profile, which we use as the default profile. Right there it is. And we attach the default profile since it's theone that we are using because this is wherewe attach if we go up right here, theIPsec profile is where we attach the Iprocession twoprofile which has all these information that we need. And you can see that the Isaacamp switched from off to on. Okay, let's go ahead and place that right here. Tonal protection, Ibisa profile default That's good. And then after we do that, we need to go ahead and configure your P. So, let's say your P network is 100. So we need to add a couple of networks. I forgot to do something. So before I do that, let's go in and do tonalinterface tonal 18, and we need to give it an IP address for that torna, which is going to be 50. The one that one. There it is. So now let's go into EGRP 100. The network that we need to add first is going to be the IP address of that tunnel interface, which is 510. Actually, not like that. Let's go ahead and do now and thenwe can do actually I negated that. There we go. Let's not do an auto summary.Then let's add the other network for router one, which is 1821-6811-0252-5250. Good. So now let's go and add it right here. As a result, router ERP EIGRP 100 must match no auto summary. The network for this one is going to be 5110 because we're going to configure the total interface for this one to be 512, right? And then the other network that we need to add is 1010, which is going to be this interface right here. Okay, hopefully you guys understand everything I'm doing. So now let's go out onto Router 2. Since I copied and pasted all the commands, I'm going to copy and paste one by one config t.So the first one that we want to be using is the key ring configuration, exit, and exit. After that is done, we are going to go ahead and copy and paste the profile. We are doing it section by section—just in case we get an error. and so far, so good. Now it's going into the Ipsy profile. Done. And then we need to go into the tunnel. And before we do that, it's going to add the IP address of 50 to 1120. That's good. Copy-paste it. And then the last one is ERP. And after we do this one, with which you have a neighbour relationship, There you go, it's working. You can do "show IP ERP neighbors." We can see that tonight has a neighbour relationship with 51, which is router 1. Okay, so that's good. So now let's go ahead and show you some commands that you can run. The first one that I want to show you, if you want to see the key ring, you can do a show-and-tell section. Its version has two key rings. You can see the key ring configuration. There it is, peer 1. You can make sure that everything is good. So far, so good. After that, you can perform ashowcrypto two-profile crypto aggression. Two profile. You can see the profile right here, which has the key ring attached to it. You can see the local identity. Yes, this is the local identity. You can see the remote identity right here. You can see that the DVD is disabled because I did not enable that. So, that is good. Also, what you could do is go ahead and take a look at the IP set profile. And here it is. We are using the default IPsec profile, and we just attached the aggression 2 profile to it, which was this one right here. And you can also go ahead and take a look at the aggression-two proposal that we're using. Two proposal we use in the default. You can also take a look at the policy, which has this default proposal attached to it. There it is. What else can we see? I think that's what we have configured, so that's good. Now, if you want to go ahead and take a look at that person too, The way that you can do that is by doing a "show crypto iteration two" essay. You can take a look at the essay and see what they are using to encrypt. To encrypt, we are using CBC for the hashing. We are using SHA-512 if you have a group policy, which is five. And we're using a pressure key to authenticate. And if you want to take a look at the IPsec SA as well, There it is. You can see that packets are already being encapsulated and the calculating.So if you're paying 192-1681, that's two front rowers. This one right here is being encrypted because it increased the encapsulation package to 150 and then the cancellation to 151. And if you do it again, it should encrypt you by 100 again. And there it is. And two for five, two for five, two for five. It went up because we are using ERP, and ERP sends the updates. I think it's like every 10 seconds. And that's why we keep getting more and more packets because of your running. And you can also do it from the right side if you want to as well. And that shows cryptography, Ipsegsa. There we go. And if you want to ping ten with that too, we're going to repeat it 100 times. There we go. And show Kryptonitesa again. You can see that now we have 365. And if you go on this side, you should have increased as well. There, we have 366. So, as you can see, it is being encrypted. And if you want to do a debug command, you can do a debug crypto package. It's a crypto packet or crypto engine package. And if we ping anything, let's see if we're going to pay one and two. You can see that the package that was sent is encrypted because, as you can see right here, it is giving me some stuff that I cannot read, and this is what it's going to show on Wireshark as well. So if you run Wireshark on this wire, you won't be able to sniff the traffic because the traffic is being encrypted for data confidentiality. It is also hashed with Shop and has some anti-replay protection so that people cannot sniff the traffic. And I simply disabled all debugging by doing on all. I believe that's true for this video, guys.

8. IKEv1 vs IKEv2 Config

This is my topology. I have configured all the IP addresses already. So all the IP addresses are in here. As you can see, this is the Iprocession-Two toner that we are going to be configured.Unless we can add some colour to it, maybe it will look better. All right, so this is the ICV two tonal.It's duplicated. This one is going to be the ICV one tonal.Is there a way to rotate this? Something rotates like 90 degrees, ees, rightLet's go ahead and style it and do like 75, maybe more than 75. Let's go ahead and do style. Let's do 65. Maybe more than 65-style. Sorry for that. wasting your time. You're watching this? There we go. That looks a lot better, a little bit better, but I think we can do better, right? Style it with 35 35 is too far. Let's say 45. There you go. That's better. Like this. There you go. This one's going to be the other one. I try to add some color. Good, go ahead and delete this. Give us some colour here. Sorry, not for that background color. Let's give you this color. There we go. So for this one, I go into my two tunnels over here and I'm going to reconfigure IKE version one first, and then I'm going to configure IKE version two. So let me make this look better. So you can look better on the video, right? There we go. So let's go ahead and start with this configuration, guys, and stop messing with this. So like I said, we are going to configure aggression one first, and we are going to be SVTI so we can support dynamic routing. So let's go ahead and start with that. I'm going to start with router three. So let's bring that up. And I also configure some static routing, as you can see. And let's go inside with the configuration. The first thing that we're going to be configuring is going to be IQ version one, phase one. Okay? And we are going to configure policy 10. We need to define the encryption method that we are going to use in the predecessor hashing algorithm for data integrity. Finally, the authentication method will be a pressure key, and the group number will be 2. Okay? After that is done, we need to go ahead and configure that pressure key that we're going to be using between writer three and writer two because we're going to use an appreciate key like I stated right here. So I'll go ahead and do Acrypto Isaac Camp again for phase one. And then we're going to say key, and then we are going to specify the key CMP security. This needs to match between router 2 and router 3, otherwise it won't work. And now we need to specify which IP address I want to authenticate to. So I want to authenticate with router two. So 31 or two are done, right? So we are done with Phase One of this configuration. Now the next step is phase two of it, version one, and you want to start by configuring IPsec, which is phase two, and they're going to configure the transform set. You're going to name it TSET, and they're going to provide some data confidentiality, which you're going to use in AEsix, and then you want to do data integrity with Shot and H Map. The mode is going to be tonal mode, and after that is done, we want to configure an eternal interface. We're just going to say "internal interface zero" for this configuration, and over here we need to specify the source, which is gigabyte gigabyte. What am I doing? Destination is for the two, and after we do that, we need to go and specify the tunnel mode, which is IPsec with IPB 4, because we're going to be using IP before, then we need to specify the IP address of the tunnel60 dot, and then I forgot to configure the profile, so let's go ahead and do that. And after I configure the profile, we're going to attach it to the tunnel. So let's go and do a cryptographic IPsec profile, and we're going to call this IPsec profile. And here all we need to do is just set the transform to done, and we call that transform set done. And now let's go ahead and go into the tonal interface that we created already, which is one that is supposed to be an L. There we go. And right here is where we need to add the tonal protection, which is an IPsec profile, which we call IPsec profile. And after that, the amp should turn on. There you go. I second her, so that is good. Now what we need to do is we need to go aheadand enable your UIP so rather your P, let's say zero. Can we use zero? We can't use zero; let's use one; no auto summary; it's at my two networks, which will be tonal610 and 25; and I also want to add my inside network 192; that one is 81025; so that's done; we've finished configuring ike version one on router three. Now we need to go ahead and configure it on R2. But what I really want to do is copy and paste everything I've done and configure it for router 2. So let's go and do a show Let's just do a show run on section IPsec, and for numberhere, let's just copy everything, and we're going to be using live pads. You're going to paste it right here. It's all going to be the same, and then let's just do a show section and do ISACAMP, and they're going to be using all of this the same. We just need to change this tone, and this is phase one. so I want to configure first. There we go. So, now that everything is set up, let's just do a show section tonal zero interface tunnel, nothing included. There we go. And we can go ahead and copy all of this. Let's go ahead and paste it right here and do interface 1 for this one. And the destination is going to be 30. the one that I want. Because we'll be using the same IP, the interface source will be the same as the profile. So that's good. and that should configure everything for router two. Trust credit to router two and we also need to do ERP. So let's just go ahead and do it from here. Router ERP. What was the one that I configured for router three? I believe it was one show, IP ERP. Let's just go ahead and do showrun, because remember, the autonomous system for Europe needs to match. So that's why I want to know which one it's matching. So it is one and we need to add this tem for EuropAnd then we need to add a network for router 2, which is ten or 10255. Let's just skip the auto summary. Good. Anything I'm missing I'm not missing anything else, I believe. Let's go ahead and do the show IP interface brief. Make sure that my toner is configured with an IP address. That is good. Protocol is down because we don't have a connection established yet, but we are going to have one. Now let's go ahead and copy the Ice Account Policy. Everything must match. That's why I'm copying and pasting the address for the key. It's all good, too. Let's go ahead and just paste that over here. So that was paste, and I should not get any and pasting the addrNow it's got to configure aggression one, face two, and I get an error in tonal mode. Why was that? It's over here. This should not be in here. Let's go ahead and remove it. That's why I got that error copy. Paste that again. There we go. Tonal protection should not be there either. I don't know why that is in there. That should be just in the shouldonly be in the tunnel Paste that againThere it is. So that is done. Now let's go ahead and configure. The tunnel should turn on. There we go. Protocols change up and down. And now let's go to configure HRP. and that should form a neighbourly relationship. It go ahead and configuLet us now display IP ergb neighbors. We do not have any neighbors. Let's go ahead and do a show run section your ould foThat's going to verify over here. Do we show a running section? It looks the same. Let's go and verify the showIP interface to verify that. So as you can see, the protocols are up and running. So I don't know why it isn't working. because it should be working but is not working.HRP is not working. Let's see if we can do the show IP interface, which is actually a piece of cake for router 3. Display the IP emission LSS DNS helper route. Okay. So I believe it is because of the static route. So let's go and configure no-IP-route-31 at two. Is that going to form a neighbourly relationship? Let's start with interface one, and then after that, just make it interesting. As a result, we have a tonal mode IPsec IP4 tonal destination, as well as a tunnel protection source destination. What if we start from the beginning? So there is a tonal source and then a protection IPsec profile, and we are going to add this profile. So the tone is up and running too. Let's go ahead and do let me see if I needto remove that static route as well from router two. Let's go and remove this route over here. No neighbors. So we still don't have a neighbor. But what if I'm able to ping 192? That 1682. That one. We are unable to do that. Let's see what I'm missing. I don't think I'm missing anything. I think I know how IP interfaces breathe. I know what I'm missing. The Tonal does not have an IP address assigned to it. That's why config d interface tonal one IPaddress 611-25-2450 because going to there we go. Now your piece is working. So that's why I was missing. Now, thing nine two. That one. I'm still unable to do that route or show any IP routes. Show my IP neighbors We do have a neighbouring show-run section. So we do have this. Let's go ahead and do the show IP interface brief. So we do have that interface in here. We do have that interface over here. Let's go over here. So let's go ahead and do a show-run session. So we have both networks do have thaSo everything is there, but we are unable to get that. So it's going to do configuration and create an IP route. The IP Route Two I'm just going to tell it that if you want to go to one on one, go to two on one two.That one eight two. That zero network I wanted to send it via the Tono one two or that 10255. It's not a wall cartoon. That's one, right? Also from here, configure IP route 100 two.Let's go ahead and ping ten to one good.Let's go ahead and show. As you can see, it is working. What if we do a thing and I want to repeat it 100 times? There we go. It went up by $100, and if we do that again, it should go up by $100 again. There we go. 339. So it is working. So the tonal protection, the tone, is working, as you can see. So now that IQB One is done, let's go ahead and configure. I agree with both of you. It was a good troubleshooting lapse. So let's go and configure Ikeb two, whichtakes a lot than I agree one. So the first thing that we want to do is configure crypto. This one is going to be a crypto proposal, and I agree that the proposal is going to PR o.And here the first thing that you want to do is provide an encryption method, and we are going to just use three desks for it in the integrity. You're just going to use 95. Let's see, we need to do something else with group exit encryption. No, that's it. After that, we simply exit and perform a crypto policy, which we will refer to as a "powerful policy," and we must match it to the address, the local address, which is address. There we go. And then we need to add the proposal, and the proposal is called PR, I ch we're jusIt's not complete. Let's go ahead and go into that proposal. So we set up. Let's go ahead with group number two. And now let's go ahead and go back to the policy and proposal. There we go. Are we going to exit? After we do that, we need to go ahead and do the crypto. IV: two keys You're going to just call it IG-two key. and over here we need to add the peer. The peer is going to be a router one.Over here, we need to do the address keylock as well done.Following that, we must proceed to create that I agree to two profiles. So let's go ahead, and we are going to exit out of the key ring. So let's do some cryptography. I could be two profiles, and inside this profile, the first thing that you want to do is let's go to authentication. Authentication for the local is going to be a pressure key, and authentication for the remote is also going to be a pressure key that we configure in the key ring. Let's see what else we need to do. We need to match the identity of the remote user, which means we need to put an address in front of it and then identify its local address. After that is done, we need to go ahead and configure IPsec. So you're going to call the crypto IPsec transfer set a TSET for data encryption. We are going to use CSP as 2, 5, and 6 for data integrity. shot with H. Mac for data integrity. So we're done. After that, we need to go and configure the cryptographic IPsec profile. We want to call this IPsec profile. And in here, we need to set the transform set that we created t set.And then we also need to do the "Set I agree to profile," which we call "I agree to profile." There we go. Okay, so we are almost done, guys. After that has been configured, we need to go and create a tonal interface for tonal two. And we need to go to the source KG, right? It has a 1.24 IP address. It's going to be, and then we need to add the IPsec profile, or "tonal protection IPsec profile," and we call this IPsec profile. After that is done, let's go ahead and configure System 2 with no auto summary. Then we need to add the tonal network five, and then my local network is done. So we are done with this configuration. Let's show profile, or "I want to get the IQ-2 proposal, which is going to be, "Let's go ahead and copy and paste." What if we just configure everything in router one to do that crypto IB-2 configuration proposal? Let's call it pro. Over here, we must use the same encryption that we used in router two-three desk integrity and defy group number two, followed by encryption group number two integrity. That is done. Now let's go and do as I say according to policy. We're going to call it Paul, and then let's go and do a proposal, and we need to match it to the address of the local address. Now let's do the crypto. I agree to a key ring. I agree about the local. It's going to be the same, just a pre-shared key for the remote, and it's going to be the key of the remote. So it will be the same as the send for which Router 2 was configured. Now let's go in and out. And now it's time to set up the I agree to profile crypto. I agree to have two profiles and go to IG profile two profile.And here we need to go ahead and add the authentication for the local It's going to represent your key in the authentication for the remote. It's also going to refresh our key. Following that, we must add the identity of the local using an address, and then match the identity of the remote with the address of the window on the two. Let's see what else. So we did the matching identity authentication. Now we need to add the keying. So when we key locally, we call it curing or aggregating. There we go, exit. Let's configure the crypto IPsec transformset TSET ESPAS two-six ESP shot with HMAC, then the crypto IPsec profile, and we'll recall this IPsec profile. And here we need to set the front set, which we name "set on capital," and also set the IP two profile, which we call the "IB two profile." Now let's go and do interface tonal two. We require the source or tonal source with IP before the IP address 101 and then IP and then tonal protection IPsec profile good IP. The alternative systems that we configured in our two groups were two nodes out of summary network 510 and then my local network. So IP route And there it is. So if you ping, it is good. If we do a "show IP" or "show cryptoIpsecsa," you can see it right here. It is working correctly. So I agree that two is configured, and if we repeat 100 times, it will go up 100 times. So Ivy Two is working. And if you want to do a show on crypto, we're not going to do an Ice account because that account is for IG One. You want to do IG 2 because it's for IG 2. Right. We're not configuring IG one because I agree with you that one is for Isacamp, and here it is, local identity. Good. Let's go ahead and do this somewhere here, showing cryptography over IPsec SA. And you can see that we have a lot of data that has been calculated. And this one was for a tonal one, which is an IQ one. We want to go ahead and go down to tonal two, which is for IG two. And we have that data that has been encapsulated, and now it's going to be shown in crypto. If we do Isacamp, SA will display the numbers 31 and 31 two because this is for IG one. However, if we do the IB 2 essay, we will see the one that is one, which is for I agree 2. Okay, so we actually configured "agree" one and "agree" two. So hopefully.

Go to testing centre with ease on our mind when you use Cisco SVPN 300-730 vce exam dumps, practice test questions and answers. Cisco 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Cisco SVPN 300-730 exam dumps & practice test questions and answers vce from ExamCollection.

Read More


Comments
* The most recent comment are at the top
  • Chris
  • United States
  • Jun 06, 2022

I am looking for the premium version of the Cisco 300-730 exam and it doesn't appear available for purchase. Is this one that just isn't complete yet or how can I get it?

  • Jun 06, 2022

Add Comment

Feel Free to Post Your Comments About EamCollection VCE Files which Include Cisco SVPN 300-730 Exam Dumps, Practice Test Questions & Answers.

SPECIAL OFFER: GET 10% OFF

ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address

SPECIAL OFFER: GET 10% OFF

Use Discount Code:

MIN10OFF

A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.

Next

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.