Something help helps me, build a base list of required tasks for each
configuration - most of these can be found in the Docs for each technology.
Make sure these cover only general steps so you have a good chance of
memorizing them. Here is one thing that might help as well - the ASA has
built in configuration steps for each type of VPN. These steps will not
cover one-offs and special types of tunnels (tunnel-groups based on name,
etc), but they do provide a baseline for building each tunnel. Furthermore
these steps in most cases apply to routers as well. Also - this seems like
a show command to me, but it is only available in config mode. Another hint
- since these steps provide examples it is a great opportunity to save some
time by copy/replace with your info/paste.
~Roger
On the ASA:
ASA2(config)# vpnsetup ?
configure mode commands/options:
ipsec-remote-access Display IPSec Remote Access Configuration Commands
l2tp-remote-access Display L2TP/IPSec Configuration Commands
site-to-site Display IPSec Site-to-Site Configuration Commands
ssl-remote-access Display SSL Remote Access Configuration Commands
ASA2(config)# vpnsetup site-to-site steps
Steps to configure a site-to-site IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
3. Configure transform-set
crypto ipsec transform-set myset esp-aes esp-sha-hmac
4. Configure ACL
access-list L2LAccessList extended permit ip 192.168.0.0
255.255.255.0 192.168.50.0 255.255.255.0
5. Configure Tunnel group
tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key p...@rtn3rnetw0rk
6. Configure crypto map and attach to interface
crypto map mymap 10 match address L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
7. Enable isakmp on interface
crypto isakmp enable outside
On Mon, Apr 19, 2010 at 11:13 PM, Dnyaneshwar Gore
<[email protected]>wrote:
> Hi All,
>
> I just finished my all mini labs. After completing them, I found it very
> difficult to remember all detailed configurations for various features of
> VPN, ASA, IPS, IOS FW, L2 security etc. I am wondering how I am going to
> remember all these configurations for lab exam.
>
> What is best approach for this problem? Is it recommended to use UniverCD
> option for any configuration in the lab? Will it affect lab completion time?
>
>
> What is recommended way to practice for Lab exam?
>
> Regards,
> DMG
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
