Networks Training

You are here: Home / Cisco VPN / Which Cisco VPN Topic Are you Interested in – Vote Below

Which Cisco VPN Topic Are you Interested in – Vote Below

Written By

Recently I have been thinking to write a new Cisco book which will be about Cisco VPN configuration. The topic of Virtual Private Networks (used to connect remote sites  together over the Internet or to allow mobile users to establish remote access connections to their corporate network resources) is a hot topic in networking. I receive a lot of emails and comments from my website visitors about various VPN configuration scenarios which shows that a practical book in this subject will be valuable for many professional network engineers.

The book will offer step-by-step instructions about VPN configurations (lan-to-lan and client remote access) and also offer several practical and real world complete configuration examples. Moreover, the book will cover VPN configuration for both Cisco Routers and ASA firewalls and also scenarios including mixture of Routers with ASA.

However I need your help to decide which specific topics I should include in the book. I prepared a poll and I would really appreciate if you could vote below about the VPN topics that you are most interested in. You can select multiple topics and also you can leave a comment in the appropriate section (bottom of this page) if you want me to include something not found in the poll answers.

MORE READING:  Site-to-Site IPSEC VPN Between Two Cisco ASA - one with Dynamic IP

Thanks for your time.

[poll id=”2″]

Related Posts

Filed Under: Cisco VPN

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  2. Melvin says

    It would be beneficial if you include IPSec VPN between ASA firewalls with SIP aware-traffic and DSCP QoS configuration. Will be useful for VOIP traffic.

  3. Andy says

    Can you cover a trouble shooting also maybe how PC works with Browser and ties into AD when connecting to corporate domains.

  5. Jonny says

    Hello Harris.

    The HUB-AND-SPOKE IPSEC VPN is also interesting.
    We have a discussion on work regarding implementing a star situation on the 3 asa 5540. (all tree 5540 speak to each other) The challenge here vil be the dynamic routing against the asa’s.

    BR

    Jonny

  7. Sven-Owe says

    The problem tjat i nedan clear solution for is the best Wayne to axes the ASA fom à VPN – client (laptop, PC or orter)

  9. Udo Edwin Foth says

    Hi Harris,

    i) all of the topics

    ii) the more complex ones like ASA->RSA->CSACS->Win AD
    (with tokens, 802.1x and enforced security)
    ==> this would be great because there is no really good documentation (i did ASA->RSA->CSACS – it was really hard – i’ve some other things inbetween (CP !)

    I assume a lot of guys out there would appreciate some helpful advices

    Best regards

    Udo

  10. luis gimenez says

    Branch office asa with others partner watchguard cyberoam,netgear , palo alto , fortinet, juniper

  13. Mark says

    Would be interested to see an IPSEC site to site vpn configuration using vrf lite on a Cisco ASR series router (i.e., ASR1002).

  15. Paul Hauck says

    Other VPN topic suggestions:

    1) Cisco ASA licensing as it relates to VPN types and quantities (by type and totals).

    2) VPN types compared and contrasted with respect to features; capabilities; limitations; and the basics of how each one works.

    3) Walk-throughs of each VPN type in use; including not only what should happen step-by-step but also common issues and suggested resolutions.

    4) VPN troubleshooting; including debugs and CLI queries with highlighted examples showing what to look for and what each item means with respect to VPN establishment (success and failure); maintenance; and teardown.

    5) Discussion of endpoint security (threat management and access control).

  16. Stefano Bertotti says

    Lan-to-Lan IPSEC VPN between Routers and ASA using VTI, in case of hub-and-spoke vpn. Aliasing IPSEC for overlapping networks.
    Differences in IPSEC aliasing between ASA 8.2 and ASA 8.4. NAT of the destination network over IPSEC, iF the counterpart don’t provide to alias the overlapped network.

  17. Gareth says

    I do find thta the subject of overlapping NAT addresses needs more explanation, and perhaps a tutorial on debugging, using ASDM or CLI filters and the more common error messages.
    Good luck!
    Gareth Tomlinson CISSP

  18. Karl says

    I also think and have been looking for a reasonable priced training DVD on ASA 5500 series setup from scratch. instructional dvd/download of actual working examples would be great to.

  20. Vince Tran says

    -setup and utililize webVPN
    -allowing trusted traffic into L2L VPN (other subnet from different VPN offices)
    -VPN troubleshooting techniques that not already introduced by Cisco
    -setup L2L IPSEC with some other non Cisco router like Netgear, D-Link, CradlePoint

  23. Joon says

    Would like a topic on how to tie remote access VPN with FreeRadius with grouplock feature. Thank Harris!

  26. Roberto (aka...The Doctor) says

    I am familiar with fully meshed IPSEC site-to-site VPN tunnels over ASA-to-ASA and ASA-to-Router configs, but I would like to see fully meshed IPSEC site-to-site VPNs with HA and over different ISPs. I think that as companies move toward a cloud-based model, this will become more common place. This might even leverage IP SLA…thoughts…

  27. Vincent says

    -Remote access(webvpn profiles) & L2L VPN configuration and troubleshooting.
    -QOS design, configuration and troubleshooting
    -Logging

  28. Mohammad Khan says

    Checkpoint has Firewall Manager to centrally manage all the Firewalls,rules and policies. I like to see similar on ASA firewalls.Also if you discuss on rules and policies with example would be great help.Thanks

  29. Mohammad Khan says

    I saw someone already mentioned this topic,I like to repeat again.see below for the topic:

    ASA->RSA->CSACS->Win AD
    (with tokens, 802.1x and enforced security)

  30. Ali says

    – VTI Tunnels
    – VPN IPSec and VTI with Dynamic IP’s on Cisco ASA and IOS Routers (I know ASA won’t do the VTI part)
    – I think book should have a primary focus on Cisco technologies I would much rather have a well written book on Cisco than you trying to make every one else happy with Juniper, Netgear, D-Link :)

  31. Ken Hughes says

    Harris,
    Your books have been full of GREAT information. They have help me alot. I work in a medical environment where where we are constantly having physicians connect to our network via VPN. Sometimes these physicians have Pix or ASA firewalls but many times they will have a Sonic Wall or a Watchguard or Linux Firewall or LinkSys Router, etc…. we never know what we are going to run into. I would really like to see the configuration to these types of devices. I do not know if you can get your hands on possibly some demo equipment, but it would be really nice to see screen shots from those devices. Typically the easy part is our Cisco ASA but telling the physician IT staff how to configure their firewall properly can sometimes be a difficult task. Additionally, I would like to see just like Arthit said examples where our physicians all use the same subnet and we have to NAT another subnet to them. While I understand the process, it is about as clear as mud to me:)

  32. Jonathan Schwartz says

    Multicast setup between two routers, using gee and a site to site connection – plus. Routers behind a asa site to site vpn using gee to

  33. Joe Yadacus says

    It all looks pretty useful to me. I would probably get the most benefit from SSL based Remote Access examples, but all of the topics you list look good.

  34. Vinod Chahal says

    1:- How to integrate Active Directory authentication in remote VPN scenario.
    2:- GRE tunnels with IPsec.

  35. Prakash says

    -set up L2L Ipsec with router to Cisco Check Point

    – ASA -> Cicso Check Point

    – set up Cisco VPN Concentrator

    – Is their any chance to Loadbalance using two ISP Links?????

  37. safaa says

    integrate voip solution with vpn using cisco routers &ASA with step by step configuration and explanation and all what the above guys commented …wil be great book.
    thanks

  38. TonyB says

    VPN connectivity between say net screen/srx or checkpoint and a a would be a good real world subject. You see this out there loads and there very often issues.

  39. Aji N C says

    Vpn with different vendors , like juniper , paloalto , sonicwall, cyberom etc. with Static and Dynamic addressing.

  40. Blog Admin says

    I would like to express my appreciation for all of you guys and girls that left a comment here. I started taking notes and I will definitely consider all of your feedback and suggestions. As you understand it might not be possible to include all of your suggestions in a book, but in one way or another I will try to satisfy your requests (if not in a book, maybe in future articles and configuration examples that I will be posting on this site).

    Thanks a lot everyone…

    Harris

  41. EarlM says

    A chapter on BGP and OSPF used on ASA and router with real world situations would be interesting and beneficial.

  42. Jesse says

    I would to see how to setup multiple subnet across the vpn such data, voice (voip) databases etc… with DHCP and dynamic ip addresses.

  43. Mike says

    Please include iPad configurations for VPN.
    I am using my ipad more and more for network administration – and, I think others are, too.
    Thanks,
    Mike

  44. inam says

    It would be very usefull if you include VPN Connectivity with other vendor’s firewall like checkpoit and some other famous firewalls with ASA.

    Regards
    iNAM

  46. Mal Brassfield says

    First of all, your book(s) have been very informative and help for us. Thanks. I would like to see remote VPN connections authenticated via LDAP, Radius, or TACACS servers, and how those systems are implemented. Also, potentially the use of CAC card readers with remote VPN access.

  49. Allisson Cândido says

    Please include all authentication types like local or using radius infrastructure and if possible certificate usage.

  50. sid says

    Would suggest something about block asa traffic to specified websites. and something on logging events would be very useful.
    regards,
    pietro stefanelli

  51. Sathish Damodaran Suresh says

    It will be more useful if you can cover the VPN mechanism in more details. For example ISAKMP policy exchange and IPSEC tunnel establishment, SPI, SA negotiation and VPN connection statee etc ….

  52. Bob Kiep says

    Regarding “Other” – a special chapter or section addressing in-board openconnect offered in Ubuntu, Android, etc., that no longer requires the AnyConnect client – could the chapter discuss key features we would be losing if we did away with AnyConnect? What are the gotcha’s of configuring OpenConnect on these platforms, etc., etc.

  54. Ali says

    I agree with you, perhaps having couple of books to cover the topics would be better. Remote VPN on the mobile devices is something new that is being asked these days too by the way so coverage on that would be great.

    I’m looking forward to your next book.

  55. Kingshuk Sinha says

    DMVPN,GET VPN,Active/Active Failover in Multiple Context mode real time scenarios & troubleshooting.New NATing Concept,New Object grouping concepts & on VPN Failover.
    How to intergrate cisco vpn technology with mobile phone?
    ASA Troubleshooting Book in depth-by Harris Andrea
    If you have advanced books on routers & switches do let me know.
    WAITING WAITING WAITING…All the Best

  59. Steve says

    Harris, your books have been very useful. Keep up the good work!

    – How and why to configure multiple remote ssl/webvpn profiles and the rules you could apply to them
    – QoS policies (maybe even traffic limiting/shaping)
    – DNS doctoring (and why you might use this)

  60. Daniel says

    Remote-Access using Apple-Products (iPAD, iPhone, Macbook..) with Built-In VPN-Client as well as Anyconnect.

  62. Raazak says

    Yes, I would say
    1) ASA->RSA->CSACS->Win AD
    (with tokens, 802.1x and enforced security)

    2) anyconnect with soft token, ASA, RSA, AD. No PKI use.

  63. Larry says

    LABS !!!!
    A series of labs to sharpen skills from basic through complex, with the solutions at the back.
    I would pay double of what i have already paid for your other materials for a good lab book.

  64. David says

    I would like to see a section on increasing the security of VPNs by requiring digital certificates, RSA tokens or other means and how to install and configure them or alternately by only allowing certain MAC addresses to log in.

  65. Bello says

    Sir, is it possible to show configuration of VPN between two routers obtaining dynamic addresses from the ISP

  66. EarlM says

    Your methods of addressing complicated are very clear and precise. I would like to see you address configuring Remote Access VPN on the ASA where the VPN client can access multiple subnets on the corporate network to include user restrictions.

  67. Anders says

    VRF based Router with EasyVPN server (VTI) and ASA EasyVPN client with dynamic ip.
    alt. DMVPN.

    Thanks

  68. ron says

    Hi,

    I have a Cisco ASA 5505 firewall and my internal network is in the range 192.168.x.x, and I use NAT. However, I’m required to NAT the address range 10.205.x.x for a VPN tunnel.

    If my internal network is in the 192.168.x.x range, how can I NAT this to the 10.205.x.x range for use with the tunnel?

    Is this possible? If yes, how can this be done with the GUI?

    thank you!

  69. Blog Admin says

    Ron

    This is possible but I have never done it with GUI (only CLI). I don’t remember all the commands out of my head but you should search “cisco asa vpn with duplicate subnets” to get some examples and ideas.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Suggested Cisco Training

CISCO CERTIFICATION TRAINING
CISCO CCNA 200-120 TRAINING
CCNA SECURITY 640-554 TRAINING
CCENT ICND1 TRAINING
CISCO ICND2 TRAINING
CISCO CCNP TRAINING

BLOGROLL

Tech21Century
Firewall.cx