Monitoring and Troubleshooting Site-to-Site IPSec VPNs

Table of contents:

Summary

Summary

Everyday, more and more organizations are deploying IPSec site-to-site tunnels to cut costs on traditional WAN links. It is a responsibility of the security professional to design and implement an IPSec solution that will fit the needs of an organization. If the other end of the IPSec VPN tunnel is managed by a different security professional, make sure that you consult with them before configuring the ISAKMP and IPSec attributes in the ASA. This chapter discussed the configuration guide on how to implement the site-to-site tunnels and discussed the two deployment scenarios. If you implement the solution, and the IPSec tunnel is not working as expected, use the appropriate show commands and monitor the status of the SAs. You can also turn on the ISAKMP and IPSec debugs to help narrow down the issue.

Part I: Product Overview

Introduction to Network Security

Product History

Hardware Overview

Part II: Firewall Solution

Initial Setup and System Maintenance

Network Access Control

IP Routing

Authentication, Authorization, and Accounting (AAA)

Application Inspection

Security Contexts

Transparent Firewalls

Failover and Redundancy

Quality of Service

Part III: Intrusion Prevention System (IPS) Solution

Intrusion Prevention System Integration

Configuring and Troubleshooting Cisco IPS Software via CLI

Part IV: Virtual Private Network (VPN) Solution

Site-to-Site IPSec VPNs

Site-to-Site IPSec VPNs
Preconfiguration Checklist
Configuration Steps
Advanced Features
Optional Commands
Deployment Scenarios
Monitoring and Troubleshooting Site-to-Site IPSec VPNs
Summary

Remote Access VPN

Public Key Infrastructure (PKI)

Part V: Adaptive Security Device Manager

Introduction to ASDM

Firewall Management Using ASDM

IPS Management Using ASDM

VPN Management Using ASDM

Case Studies