Cisco VPN Configuration Guide: Step-By-Step Configuration of Cisco VPNs for ASA and Routers

Become an expert in Cisco VPN technologies with this practical and comprehensive configuration guide. Learn how to configure IPSEC VPNs (site-to-site, hub-and-spoke, remote access), SSL VPN, DMVPN, GRE, VTI etc.

This book is packed with step-by-step configuration tutorials and real world scenarios to implement VPNs on Cisco ASA Firewalls (v8.4 and above and v9.x) and on Cisco Routers. It is filled with raw practical concepts, around 40 network diagrams to explain the scenarios, troubleshooting instructions, 20 complete configurations on actual devices and much more. Both beginners and experts will find some golden nuggets inside this practical guide.

Every Cisco Networking Professional in this planet will have to configure some kind of VPN sooner or later in his/her professional career. This VPN Guide, therefore, will be a great reference for years to come.

Some of the topics covered include the following:

• Policy-Based (IPSEC) and Route-Based VPNs (Comparison and Applications).
• Practical Applications of each VPN Technology.
• Configuration of Site-to-Site, Hub-and-Spoke and Remote Access IPSEC VPNs on Cisco Routers.
• Configuration of Route-Based VPNs using GRE, Static VTI, Dynamic VTI.
• Configuration of Dynamic Multipoint VPN (DMVPN) on Cisco Routers.
• Configuration of PPTP VPNs on Cisco Routers.
• Configuration of Site-to-Site and Hub-and-Spoke IPSEC VPNs (including IKEv2 IPSEC) on Cisco ASA Firewalls.
• Configuration of Remote Access IPSEC VPN and Anyconnect SSL VPN on Cisco ASA Firewalls.
• VPN Authentication using Active Directory, RSA Server and external AAA Server.
• PLUS MUCH MORE

In addition to the most popular VPN topologies and scenarios, the book contains also some special cases for which you will not find information easily anywhere else.

Some special cases and scenarios included in the book:

• VPNs with sites having dynamic public IP address.
• Implementations of hub-and-spoke together with remote access VPNs on the same device.
• Using Dynamic Routing Protocols (EIGRP) to make VPNs on Routers more scalable.
• Spoke to Spoke communication via the Hub Site (using VPN Hairpinning on ASA).
• Remote Access users to communicate with Spoke sites via the Hub (using VPN Hairpinning on ASA).
• Site-to-Site IPSEC VPN with duplicate subnets on the two sites.
• IPSEC VPN Failover with backup ISP.

這本實用且全面的配置指南將使您成為Cisco VPN技術的專家。學習如何配置IPSEC VPN（站點到站點、集線器和分支、遠程訪問）、SSL VPN、DMVPN、GRE、VTI等。

本書充滿了逐步配置教程和實際場景，以在Cisco ASA防火牆（v8.4及以上版本和v9.x）和Cisco路由器上實施VPN。它充滿了實用的概念，約有40個網絡圖解來解釋場景，故障排除指南，20個實際設備上的完整配置等等。無論是初學者還是專家，都能在這本實用指南中找到一些寶貴的知識。

這個星球上的每一位Cisco網絡專業人士在其職業生涯中都必須配置某種類型的VPN。因此，這本VPN指南將成為未來多年的重要參考資料。

一些涵蓋的主題包括：

- 基於策略（IPSEC）和基於路由的VPN（比較和應用）。
- 每種VPN技術的實際應用。
- 在Cisco路由器上配置站點到站點、集線器和分支以及遠程訪問IPSEC VPN。
- 使用GRE、靜態VTI、動態VTI配置基於路由的VPN。
- 在Cisco路由器上配置動態多點VPN（DMVPN）。
- 在Cisco路由器上配置PPTP VPN。
- 在Cisco ASA防火牆上配置站點到站點和集線器和分支IPSEC VPN（包括IKEv2 IPSEC）。
- 在Cisco ASA防火牆上配置遠程訪問IPSEC VPN和Anyconnect SSL VPN。
- 使用Active Directory、RSA Server和外部AAA Server進行VPN身份驗證。
- 還有更多內容。

除了最常見的VPN拓撲和場景外，本書還包含一些特殊情況，您在其他地方很難找到相關信息。

本書包含的一些特殊情況和場景包括：

- 具有動態公共IP地址的站點的VPN。
- 在同一設備上實現集線器和分支以及遠程訪問VPN。
- 使用動態路由協議（EIGRP）使路由器上的VPN更具可擴展性。
- 通過集線器站點實現分支到分支的通信（在ASA上使用VPN Hairpinning）。
- 遠程訪問用戶通過集線器與分支站點通信（在ASA上使用VPN Hairpinning）。
- 具有重複子網的站點到站點IPSEC VPN。
- 具有備份ISP的IPSEC VPN故障轉移。

請注意，本書中的所有示例和配置都是基於Cisco設備。