Recently I have been thinking to write a new Cisco book which will be about Cisco VPN configuration. The topic of Virtual Private Networks (used to connect remote sitesĀ together over the Internet or to allow mobile users to establish remote access connections to their corporate network resources) is a hot topic in networking. I receive a lot of emails and comments from my website visitors about various VPN configuration scenarios which shows that a practical book in this subject will be valuable for many professional network engineers.
The book will offer step-by-step instructions about VPN configurations (lan-to-lan and client remote access) and also offer several practical and real world complete configuration examples. Moreover, the book will cover VPN configuration for both Cisco Routers and ASA firewalls and also scenarios including mixture of Routers with ASA.
However I need your help to decide which specific topics I should include in the book. I prepared a poll and I would really appreciate if you could vote below about the VPN topics that you are most interested in. You can select multiple topics and also you can leave a comment in the appropriate section (bottom of this page) if you want me to include something not found in the poll answers.
Thanks for your time.
Loading ...
It will be more useful if you can cover the VPN mechanism in more details. For example ISAKMP policy exchange and IPSEC tunnel establishment, SPI, SA negotiation and VPN connection statee etc ….
Regarding “Other” – a special chapter or section addressing in-board openconnect offered in Ubuntu, Android, etc., that no longer requires the AnyConnect client – could the chapter discuss key features we would be losing if we did away with AnyConnect? What are the gotcha’s of configuring OpenConnect on these platforms, etc., etc.
Resolving the issue between Microsoft Lync and Desktop Sharing through the ASA.
I agree with you, perhaps having couple of books to cover the topics would be better. Remote VPN on the mobile devices is something new that is being asked these days too by the way so coverage on that would be great.
I’m looking forward to your next book.
DMVPN,GET VPN,Active/Active Failover in Multiple Context mode real time scenarios & troubleshooting.New NATing Concept,New Object grouping concepts & on VPN Failover.
How to intergrate cisco vpn technology with mobile phone?
ASA Troubleshooting Book in depth-by Harris Andrea
If you have advanced books on routers & switches do let me know.
WAITING WAITING WAITING…All the Best
It would be good to have more information of setting up SSL Certificates on the ASA.
Thanks
Explanation of Certificates as Dave mentions above.
Topics.
1. GetVPN
2. Static VTI
3. Dynamic VTI
Harris, your books have been very useful. Keep up the good work!
- How and why to configure multiple remote ssl/webvpn profiles and the rules you could apply to them
- QoS policies (maybe even traffic limiting/shaping)
- DNS doctoring (and why you might use this)
Remote-Access using Apple-Products (iPAD, iPhone, Macbook..) with Built-In VPN-Client as well as Anyconnect.
Anything on the IPS by any chance?
Yes, I would say
1) ASA->RSA->CSACS->Win AD
(with tokens, 802.1x and enforced security)
2) anyconnect with soft token, ASA, RSA, AD. No PKI use.
LABS !!!!
A series of labs to sharpen skills from basic through complex, with the solutions at the back.
I would pay double of what i have already paid for your other materials for a good lab book.
I would like to see a section on increasing the security of VPNs by requiring digital certificates, RSA tokens or other means and how to install and configure them or alternately by only allowing certain MAC addresses to log in.
Sir, is it possible to show configuration of VPN between two routers obtaining dynamic addresses from the ISP
Your methods of addressing complicated are very clear and precise. I would like to see you address configuring Remote Access VPN on the ASA where the VPN client can access multiple subnets on the corporate network to include user restrictions.
VRF based Router with EasyVPN server (VTI) and ASA EasyVPN client with dynamic ip.
alt. DMVPN.
Thanks
Hi,
I have a Cisco ASA 5505 firewall and my internal network is in the range 192.168.x.x, and I use NAT. However, I’m required to NAT the address range 10.205.x.x for a VPN tunnel.
If my internal network is in the 192.168.x.x range, how can I NAT this to the 10.205.x.x range for use with the tunnel?
Is this possible? If yes, how can this be done with the GUI?
thank you!
Ron
This is possible but I have never done it with GUI (only CLI). I don’t remember all the commands out of my head but you should search “cisco asa vpn with duplicate subnets” to get some examples and ideas.