Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

Scenario 9
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two CSR1000V hub routers configured with single tier Phase 3 DMVPN Cloud.
0
Upgrade your Question Security!
LVL 12
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Encrypting second WAN2 interface over IPSec VPN tunnel.

Does anyone know if it is possible to encrypt the WAN2 interface over the IPSec VPN tunnel using WAN1 as the peer IP?  We need to use the public IP of WAN2 so can't use it as a LAN interface.
0
Scenario 8
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two spoke routers connected to single tier Phase 3 DMVPN Cloud hosted on CSR1000V router.
0
Scenario 7
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two spoke routers connected to single tier Phase 1 DMVPN Cloud hosted on CSR1000V router.
0
Will submitting a login form with a POST request over HTTPS be enough security or are there other precautions I should take? This project is also being built in Angular if there are any specific considerations.
0
All of a sudden last Friday, users have started having problems accessing some secured (banking, CC processing) sites & I'm not finding any indicators as to why.
I'm running a sonicwall TZ 300 & can't seem to find any info in any log files that would point me in the right direction. when going to certain sites, I just get a waiting for site message on tab & page never loads.
any suggestions?
0
Scenario 6
This article is about building a Route Based site to site VPN tunnels with Redundant Routers in DC (HUB) in Cisco CSR1000V router with IOS XE. There are four Route Based IPsec VPN tunnels configured on two CSR1000V routers as redundant routers pair.
0
I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our …
0
Scenario 5
This article is about building a Route Based site to site VPN tunnels with VRF and dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Hello Experts - I am planning to replace our web filtering service next year and wanted to get some ideas and opinions on what works for you.  We're currently using Websense which I've never been a big fan of.  I'd like a solution that does a good job of clearly reporting web activity that can be easily understood by non-technical managers and helps prevent users from accessing sites that they shouldn't, preferably with an easy to use interface.  Please let me know what you think, thanks!
0
Cloud Class® Course: Amazon Web Services - Basic
LVL 12
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

how to setup IPsec VPN between Mikrotik and Fortigate routers
0
We have 5 site's.  4 are using a Cisco RV320 router and the 5th is using a Secure Computing router.
They each have a hardware VPN Tunnel to Rogers Hosted Servers.  This provides the end user's access to an application on their network that is crucial to running their business.

Rogers is changing the WAN IP.  Therefore, we have to change each site's Router's VPN Remote WAN IP so the VPN continues to function.  
Once the IP's are changed, the VPN comes back up and connection between both end's is established.  However, we can no longer ping behind the LAN on Roger's end over the VPN tunnel therefore can no longer access the required application via the VPN Tunnel.

Roger's believes this is a setup issue on our end, however, nothing has changed except the Remote WAN IP on the VPN Tunnel to their side.  This has also been tested on 4 of the 5 sites.  3 of them Cisco RV320's and 1 Secure Computing Router.  No changes have taken place in the LAN or WAN at these site's either.

The VPN policy being used is as follows:

Key mode:
IKE with Preshared key

Local Group Setup:  
Defines the local site WAN IP and local Subnet

Remote Group Setup:
Defines the remote site WAN IP and the remote LAN Subnet

IPSec Setup:
Phase 1 DH: Group 2 - 1024 bit
PHase 1 Encrypt: 3DES
Phase 1 Auth: SHA1
Phase 1 Lifetime: 86400
Perfect forward secrecy: NA
Phase 2: Encrypt: 3DES
Phase 2: SHA1
Phase 2 Ligrtime: 3600

Additional Settings:
Keep-Alive Enabled
Dead Peer Detection …
0
Hi Experts,

I am looking for a two-way authentication procedure in the attempt to protect one of our public facing website.

I would like to implement some type of two way authentication to add an additional layer of protect.


I am thing of the end users getting an email notification or some type of verification method.

Any thought or recommendations?

Thank you
0
Scenario 4
This article is about building a Route Based site to site VPN tunnels with dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Hello All,

A little help and advice needed please -

I am setting up a Site-to-Site VPN connection between a Cisco ASA and a TP Link ER6120 (I know don't ask). Any way phase 1 IKE keeps failing when I initiate from the ASA side.

I get MM_Active when responding to the TP Link however when initiating from ASA side it changes to MM_Wait_msg2 and MM_Wait_msg6. I have confirmed multiple times that the timers and PSK are the same both sides and that the encryption matches. Even when MM_Active as responder the IPSEC tunnel does not form.

Running a debug on crypto isakmp on the ASA I get the following -

Removing peer from correlator table failed, no match!
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Session is being torn down. Reason: Lost Service
[IKEv1]: IP = x.x.x.x, Header invalid, missing SA payload! (next payload = 4)
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: Group =x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: IP = x.x.x.x, Header invalid, missing SA payload! (next payload = 4)
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed

Am I missing something obvious here? Any help would be appreciated?
0
Hi

One of my friend has an internet account with AOL and he has an email account and has been using from many years.
His email address is auser@aol.com

Recently I have been told that somehow email spoofing has happened. All the contacts in his mail have received an email from auser@aol.com with an attachment and his address to make it more genuine and even I have received an email as well.

When click download the attachment it is going to a one drive saying please click here. When I click there, it goes and asks to log in with yahoo, Gmail or 0365 accounts.
I was told that auser has reset his password on his email account and still able to access his email account.

Please let me know if the hacker has control over auser mail box now. Will it be the best way to send an email to all contacts in his email that his account has been hacked and to ignore the email that has been sent with pdf attachment comes from auser@aol.com.

Will it be best to suggest him to open a new Gmail account and if so how to inform all his contacts that his email address has been changed? To Gmail.

Any suggestion and help will be great.
Thanks
0
It seems that the documentation about IPsec/IKE setup on an SRX to Azure s2s VPN is conflicting.  There are 3 pain points:

1.  Can IPsec/IKE be used on a policy-based VPN for Azure? It seems that Azure is clear about "no" but the suggested Azure config includes IPsec & IKE config
2.  Which IKE version is best for SRX to Azure - v1 or v2, when using Policy Based or Route-Based VPN? (see attachment)
3.  If a trust sec zone (internal interf.) and an unstrust sec. zone (exter. interf.) already exists, how can I add interfaces that are in one of those zones already to a new "Internal & Internet Zone" for the Azure VPN Tunnel as documentation suggests?  I receive an SRX error about adding interfaces to multiple zones prohibited and if using PB VPN there is no st0.x to that config and/or I don't understand how to utilize or place the traditional interface under the st0.x iface.

SRX ERROR:

commit check
[edit security zones security-zone Internal]
  'interfaces ge-0/0/1.0'
    Interface ge-0/0/1.0 already assigned to another zone
error: configuration check-out failed



I found this on Azure's site - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

Azure IKE Doc found on Azure Site
Azure States no IPsec for Policy-Based
Azure IKE Doc found on Azure Sitejuniper-no-ikev2.png
0
We are facing a problem exchanging information in HL7 protocol in a standard environment listener\receiver.
Our application works fine on a plain network, get some errors on an ipsec vpn tunnel.
I'm not an expert, seems to be a problem related to packet fragmentation, any packets are truncated and cannot be managed.
this no happens on the same lan, so we are pointing to MTU or SECURITY CONTROL applied on vpn.
Can you help me ?
Sorry , i'm not providing many details, please ask me what you think is important..
Thanks
M
0
good morning, i face a big problem with configuration (IP telephone Cisco 7962g) from tow days ago i think my problem in my file .cnf.xml after i register it i can't change phone name and when i change  it  became not register and give me log message can't update local please help me
0
What were the top attacks of Q1 2018?
LVL 1
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

I have a CISCO RV320 and I need to configure an IPSEC client on a MAC. I have tried SHIMO, and the MAC native VPN configuration, however I cant seem to make it connect. I have not been able to find the CISCO EASYVPN software for MAC since CISCO has discontinued the software support. Any thoughts?

Dan
0
Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Is there a means of creating a GRE or IPSec tunnel over a Direct Connect connection between
AWS and a corporate network?
0
I have an ASA 5512 with about a dozen site to site tunnels set up.  Several times a week some of the tunnels will all drop at once.  there doesn't seem to be rhyme or reason to it.  I would expect if it was an ISP issue ALL of the tunnels would drop.  In the logs it will have the reason as "Administrator reset".  I've checked time out values and they all are set to default as far as I can tell.  My Cisco experience is limited but I can provide info as needed.
0
Hi,
Is there any programming examples, showing the way to detect which area it is, per given IP (Worldwide IP)?
0
Experts,
I am having an issue with one user who is unable to browse to a site over VPN. Instead of going to the address specified, it brings up google search list for the address. Without VPN user is able to browse to the site. Any suggestions or ideas?
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security
<
Monthly
>