This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.
object network site-xx-firewall host 188.8.131.52 object network site-xx-subnet subnet 172.28.0.0 255.255.0.0 object network XX_lo1-petp-tavi-01 host 184.108.40.206 object network XX_lo1-petp-tavi-02 host 220.127.116.11 object network NATED_XX_IP_LND host 172.28.1.167 object-group network DM_INLINE_NETWORK_2 network-object object XX_lo1-petp-tavi-01 network-object object XX_lo1-petp-tavi-02 access-list outside_cryptomap_4 extended permit ip object NATED_XX_IP_LND object-group DM_INLINE_NETWORK_2 nat (inside,outside) source dynamic NETWORK_OBJ_192.168.100.0_24 NATED_XX_IP_LND destination static site-XX-subnet site-XX-subnet object network inside_for_XX nat (any,any) dynamic NATED_XX_IP_LND crypto ipsec ikev2 ipsec-proposal AES2562 protocol esp encryption aes-256 protocol esp integrity sha-1 crypto map outside_map 5 match address outside_cryptomap_4 crypto map outside_map 5 set peer 18.104.22.168 crypto map outside_map 5 set ikev2 ipsec-proposal AES2562 crypto map outside_map 5 set security-association lifetime seconds 3600 crypto map outside_map 5 set df-bit clear-df crypto map outside_map 5 set validate-icmp-errors crypto ikev2 policy 3 encryption aes-256 integrity sha256 group 14 lifetime seconds 28880 group-policy GroupPolicy3 internal group-policy GroupPolicy3 attributes vpn-tunnel-protocol ikev2 tunnel-group 22.214.171.124 type ipsec-l2l tunnel-group 126.96.36.199 general-attributes default-group-policy GroupPolicy3 tunnel-group 188.8.131.52 ipsec-attributes ikev2 remote-authentication pre-shared-key <PSK> ikev2 local-authentication pre-shared-key <PSK>
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
Join the community of 500,000 technology professionals and ask your questions.