{"id":647,"date":"2016-03-23T19:19:00","date_gmt":"2016-03-23T19:19:00","guid":{"rendered":"http:\/\/www.safekom.pl\/blog\/?p=647"},"modified":"2020-03-25T12:24:04","modified_gmt":"2020-03-25T11:24:04","slug":"lab_ipsec_palo_ciscoasa","status":"publish","type":"post","link":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","title":{"rendered":"LAB – IPSec Palo – Cisco ASA"},"content":{"rendered":"

Poni\u017cej pokazuj\u0119 jak zestawia\u0107 po\u0142\u0105czenie IPsec pomi\u0119dzy PaloAlto Networks a Cisco ASA. W mym przypadku oba urz\u0105dzenia s\u0105 w wersji wirtualnej ale konfiguracja ich odpowiada tak jak by\u015bmy konfigurowali urz\u0105dzenia fizyczne.<\/p>\n

Za\u0142o\u017cenia:<\/p>\n

\"asa_palo\"<\/a><\/p>\n\n\n\n\n
Faza 1<\/td>\naes256 sha-1 pfs g2 86400s<\/td>\n<\/tr>\n
Faza 2<\/td>\naes256 sha-1 pfs g2 28800s<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n
<\/td>\nPalo<\/td>\nCisco ASA<\/td>\n<\/tr>\n
Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu<\/td>\n10.20.10.0\/24<\/td>\n172.16.1.0\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n
<\/td>\nPalo<\/td>\nCisco ASA<\/td>\n<\/tr>\n
Interfejs z adresem tzw. publicznym<\/td>\n192.168.1.51\/24<\/td>\n192.168.1.80\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/h4>\n

<\/p>\n

Konfiguracja Cisco ASA<\/h4>\n

Logujemy si\u0119 do SSH lub ASDM’a. Poni\u017cej b\u0119d\u0119 prezentowa\u0107 konfiguracj\u0119 obu sposob\u00f3w.<\/p>\n

ASDM – przechodzimy do Configuration –> Site-to-Site VPN<\/p>\n

\"asa_ipsec01\"<\/a><\/p>\n

w\u0142\u0105czamy IKE<\/strong> dla Interfejsu NET_LAB  nasz interfejs publiczny oraz przechodzimy do konfiguracji Profilu<\/strong> po\u0142\u0105czenie klikaj\u0105c Add<\/strong><\/p>\n

\"asa_ipsec02\"<\/a><\/p>\n

CLI:<\/p>\n

crypto ikev1 enable NET_LAB<\/pre>\n
w nowym oknie konfigurujemy parametry naszego po\u0142\u0105czenia IPSEC, <\/strong>w polach:<\/p>\n
Peer IP Address wpisujemy adres Palo, Local Network oraz Remote Network wpisujemy ip pomi\u0119dzy kt\u00f3rymi b\u0119dzie szyfrowanie IPSEC<\/p>\n
\"asa_ipsec03\"<\/a><\/p>\n
w polu Group Policy Name wybieramy Manage gdzie tworzymy profil dla naszego profilu.<\/p>\n
\"asa_ipsec05\"<\/a><\/p>\n
Tworzymy nowe IKE Policy<\/p>\n
\"asa_ipsec08\"<\/a><\/p>\n
wybieramy odpowiedni\u0105 polityk\u0119 IPSEC<\/p>\n
\"asa_ipsec09\"<\/a><\/p>\n
Przechodzimy do Advanced –> Crypto Map Entry  gdzie ustawiamy nasze parametry<\/p>\n
\"asa_ipsec10\"<\/a><\/p>\n
CLI<\/p>\n
\/\/Tworzymy ACL'k\u0119 kt\u00f3ra b\u0119dzie u\u017cyta do krypto mapy\naccess-list NET_LAB_cryptomap extended permit ip 172.16.1.0 255.255.255.0 10.20.10.0 255.255.255.0\n\/\/ Tworzymy profil dla fazy 1\ncrypto ikev1 policy 10\n authentication pre-share\n encryption aes-256\n hash sha\n group 2\n lifetime 86400\n\n\/\/Tworzymy profil Group Policy\ngroup-policy IPSEC-PALO internal\ngroup-policy IPSEC-PALO attributes\n vpn-tunnel-protocol ikev1\n\n\/\/Configuracja Crypto mapy \ncrypto map NET_LAB_map2 1 match address NET_LAB_cryptomap\ncrypto map NET_LAB_map2 1 set pfs \ncrypto map NET_LAB_map2 1 set peer 192.168.1.51 \ncrypto map NET_LAB_map2 1 set ikev1 transform-set ESP-AES-256-SHA\ncrypto map NET_LAB_map2 1 set nat-t-disable\ncrypto map NET_LAB_map2 interface NET_LAB\n\n\/\/Profil Tunelu \ntunnel-group 192.168.1.51 type ipsec-l2l\ntunnel-group 192.168.1.51 general-attributes\n default-group-policy IPSEC-PALO\ntunnel-group 192.168.1.51 ipsec-attributes\n ikev1 pre-shared-key Qwert6<\/pre>\n
Tworzymy Polityk\u0119 NAT aby ruch nie by\u0142 nigdy NATOWANY<\/p>\n
\"asa_ipsec11\"<\/a><\/p>\n
CLI<\/p>\n
object network Net_172.16.1.0\n subnet 172.16.1.0 255.255.255.0\nobject network NET_10.20.10.0\n subnet 10.20.10.0 255.255.255.0\n\nnat (LAN,NET_LAB) source static Net_172.16.1.0 Net_172.16.1.0 destination static NET_10.20.10.0 NET_10.20.10.0<\/pre>\n
 <\/p>\n
Konfiguracja PALO<\/h4>\n
przechodzimy do network –> network-profiles –> ike-crypto<\/strong> tworzymy profil dla naszego po\u0142\u0105czenia<\/p>\n
\"palo_ipsec01\"<\/a><\/p>\n
CLI<\/p>\n
set network ike crypto-profiles ike-crypto-profiles IKE-ASA hash sha1\nset network ike crypto-profiles ike-crypto-profiles IKE-ASA dh-group group2\nset network ike crypto-profiles ike-crypto-profiles IKE-ASA encryption aes-256-cbc\nset network ike crypto-profiles ike-crypto-profiles IKE-ASA lifetime hours 24\n<\/pre>\n
przechodzimy do network –> network-profiles –> ipsec-crypto <\/strong>tworzymy profil dla kt\u00f3ry u\u017cyjemy podczas konfiguracji fazy 2<\/p>\n
\"palo_ipsec02\"<\/a><\/p>\n
CLI<\/p>\n
set network ike crypto-profiles ipsec-crypto-profiles Ipsec-asa esp authentication sha1\nset network ike crypto-profiles ipsec-crypto-profiles Ipsec-asa esp encryption aes-256-cbc\nset network ike crypto-profiles ipsec-crypto-profiles Ipsec-asa lifetime hours 8\nset network ike crypto-profiles ipsec-crypto-profiles Ipsec-asa dh-group group2<\/pre>\n
w kolejnym kroku przechodzimy do network –> network-profiles –> ike-gateways <\/strong>jest to konfiguracja Fazy 1<\/p>\n
\"palo_ipsec03\"<\/a><\/p>\n
w Advanced Options<\/strong>:<\/p>\n
\"palo_ipsec04\"<\/a><\/p>\n
CLI<\/p>\n
set network ike gateway VPN-ASA authentication pre-shared-key key Qwert6\nset network ike gateway VPN-ASA protocol ikev1 dpd enable no\nset network ike gateway VPN-ASA protocol ikev1 ike-crypto-profile IKE-ASA\nset network ike gateway VPN-ASA protocol ikev1 exchange-mode main\nset network ike gateway VPN-ASA protocol ikev2 dpd enable yes\nset network ike gateway VPN-ASA protocol-common nat-traversal enable no\nset network ike gateway VPN-ASA protocol-common fragmentation enable no\nset network ike gateway VPN-ASA local-address interface ethernet1\/1\nset network ike gateway VPN-ASA peer-address ip 192.168.1.80<\/pre>\n
Tworzymy interfejs Tunnel.1<\/strong> z przypisanie do Security Zone VPN<\/strong><\/p>\n
\"palo_ipsec11\"<\/a><\/p>\n
CLI<\/p>\n
set network interface tunnel units tunnel.1\nset zone VPN network layer3 tunnel.1<\/pre>\n
tworzymy konfiguracj\u0119 dla Fazy 2 przechodz\u0105c do network –> ipsec-tunnels <\/strong>w polu Tunnel Interface<\/strong> wybieramy nasz interfejs tunnel.1 <\/strong> w IKE Gataway<\/strong> nasz profil kt\u00f3ry wcze\u015bniej stworzyli\u015bmy VPN-ASA<\/strong> oraz IPSec Crypo Profile Ipsec-asa<\/strong><\/p>\n
\"palo_ipsec05\"<\/a><\/p>\n
w proxy ID’s<\/strong> ustawiamy nasz\u0105 konfiguracj\u0119 r\u00f3wnie\u017c<\/p>\n
\"palo_ipsec06\"<\/a><\/p>\n
CLI<\/p>\n
set network tunnel ipsec tunel-asa auto-key ike-gateway VPN-ASA \nset network tunnel ipsec tunel-asa auto-key proxy-id asa-palo protocol any \nset network tunnel ipsec tunel-asa auto-key proxy-id asa-palo local 10.20.10.0\/24\nset network tunnel ipsec tunel-asa auto-key proxy-id asa-palo remote 172.16.1.0\/24\nset network tunnel ipsec tunel-asa auto-key ipsec-crypto-profile Ipsec-asa\nset network tunnel ipsec tunel-asa tunnel-monitor enable no\nset network tunnel ipsec tunel-asa tunnel-interface tunnel.1\nset network tunnel ipsec tunel-asa anti-replay no<\/pre>\n
Dodajemy routing<\/strong> do sieci po stronie ASY przechodzimy do network –> virtual-routers<\/strong><\/p>\n
\"palo_ipsec10\"<\/a><\/p>\n
CLI<\/p>\n
set network virtual-router default routing-table ip static-route Route-toASA interface tunnel.1\nset network virtual-router default routing-table ip static-route Route-toASA metric 10\nset network virtual-router default routing-table ip static-route Route-toASA destination 172.16.1.0\/24<\/pre>\n
Weryfikujemy po\u0142\u0105czenia<\/h3>\n
Cisco ASA<\/h4>\n
\"asa_ipsec12\"<\/a><\/p>\n
CLI<\/p>\n
Faza1:<\/p>\n
# show crypto isakmp sa detail \n\nIKEv1 SAs:\n\n   Active SA: 1\n    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)\nTotal IKE SA: 1\n\n1   IKE Peer: 192.168.1.51\n    Type    : L2L             Role    : initiator \n    Rekey   : no              State   : MM_ACTIVE \n    Encrypt : aes-256         Hash    : SHA       \n    Auth    : preshared       Lifetime: 86400\n    Lifetime Remaining: 86380\n\nThere are no IKEv2 SAs\n\n<\/pre>\n
Faza 2<\/p>\n
# show ipsec sa detail \ninterface: NET_LAB\n    Crypto map tag: NET_LAB_map2, seq num: 1, local addr: 192.168.1.80\n\n      access-list NET_LAB_cryptomap extended permit ip 172.16.1.0 255.255.255.0 10.20.10.0 255.255.255.0 \n      local ident (addr\/mask\/prot\/port): (172.16.1.0\/255.255.255.0\/0\/0)\n      remote ident (addr\/mask\/prot\/port): (10.20.10.0\/255.255.255.0\/0\/0)\n      current_peer: 192.168.1.51\n\n\n      #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3\n      #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3\n      #pkts compressed: 0, #pkts decompressed: 0\n      #pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0\n      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0\n      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0\n      #TFC rcvd: 0, #TFC sent: 0\n      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0\n      #pkts no sa (send): 0, #pkts invalid sa (rcv): 0\n      #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0\n      #pkts invalid prot (rcv): 0, #pkts verify failed: 0\n      #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0\n      #pkts invalid pad (rcv): 0,\n      #pkts invalid ip version (rcv): 0,\n      #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0\n      #pkts replay failed (rcv): 0\n      #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0\n      #pkts internal err (send): 0, #pkts internal err (rcv): 0\n\n      local crypto endpt.: 192.168.1.80\/0, remote crypto endpt.: 192.168.1.51\/0\n      path mtu 1500, ipsec overhead 74(44), media mtu 1500\n      PMTU time remaining (sec): 0, DF policy: copy-df\n      ICMP error validation: disabled, TFC packets: disabled\n      current outbound spi: A1AD74BD\n      current inbound spi : 9F115119\n\n    inbound esp sas:\n      spi: 0x9F115119 (2668712217)\n         transform: esp-aes-256 esp-sha-hmac no compression \n         in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, }\n         slot: 0, conn_id: 81920, crypto-map: NET_LAB_map2\n         sa timing: remaining key lifetime (sec): 28567\n         IV size: 16 bytes\n         replay detection support: Y\n         Anti replay bitmap: \n          0x00000000 0x0000000F\n    outbound esp sas:\n      spi: 0xA1AD74BD (2712499389)\n         transform: esp-aes-256 esp-sha-hmac no compression \n         in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, }\n         slot: 0, conn_id: 81920, crypto-map: NET_LAB_map2\n         sa timing: remaining key lifetime (sec): 28566\n         IV size: 16 bytes\n         replay detection support: Y\n         Anti replay bitmap: \n          0x00000000 0x00000001\n<\/pre>\n
Weryfikacja ze strony Palo<\/h4>\n
W GUI<\/strong> przechodzimy do monitor –> logs –> system<\/strong> gdzie log filtrujemy: ( subtype eq vpn )<\/strong><\/p>\n
\"palo_ipsec12\"<\/a><\/p>\n
mo\u017cemy te\u017c  przej\u015b\u0107 do network –> ipsec-tunnels <\/strong>i sprawdzi\u0107 czy kontrolki w kolumnach \u015bwiec\u0105 na zielono, mo\u017cna klikn\u0105\u0107 na nie i zobaczy\u0107 wi\u0119cej szczeg\u00f3\u0142\u00f3w:<\/p>\n
 <\/p>\n
CLI<\/p>\n
Faza1<\/p>\n
> show vpn ike-sa detail gateway VPN-ASA\n\nIKE Gateway VPN-ASA, ID 1 192.168.1.51           => 192.168.1.80          \n  Current time: Mar.24 04:04:31\n\nIKE Phase1 SA:\n  Cookie:  8EE57EC6DC0BF7C0:E4C239F89F5E3F8F  Resp\n        State:      Established\n        Mode:       Main\n        Authentication:  PSK\n        Proposal:   AES256-CBC\/SHA1\/DH2\n        NAT:        Not detected\n        Message ID: 0, phase 2: 0\n        Phase 2 SA created : 1\n        Created:    Mar.24 03:51:45, 12 minutes 46 seconds ago\n        Expires:    Mar.25 03:51:45<\/pre>\n
Faza 2<\/p>\n
> show vpn tunnel name tunel-asa \n\nTnID Name(Gateway)                  Local Proxy IP       Ptl:Port   Remote Proxy IP      Ptl:Port   Proposals                                                   \n---- -------------                  --------------       --------   ---------------      --------   ---------                                                   \n1    tunel-asa:asa-palo(VPN-ASA)    10.20.10.0\/24        0:0        172.16.1.0\/24        0:0        ESP tunl [DH2][AES256][SHA1] 28800-sec                       \n\nShow IPSec tunnel config: Total 1 tunnels found.\n\n\n> show vpn ipsec-sa tunnel tunel-asa:asa-palo \n\nGwID\/client IP  TnID   Peer-Address           Tunnel(Gateway)                                Algorithm          SPI(in)  SPI(out) life(Sec\/KB) \n--------------  ----   ------------           ---------------                                ---------          -------  -------- ------------ \n1               1      192.168.1.80           tunel-asa:asa-palo(VPN-ASA)                    ESP\/A256\/SHA1      A1AD74BD 9F115119 27991\/0       \n\nShow IPSec SA: Total 1 tunnels found. 1 ipsec sa found.\n<\/pre>\n
Statystki dla po\u0142\u0105czenia:<\/p>\n
> show vpn flow name tunel-asa:asa-palo \n\ntunnel  tunel-asa:asa-palo\n        id:                     1\n        type:                   IPSec\n        gateway id:             1\n        local ip:               192.168.1.51\n        peer ip:                192.168.1.80\n        inner interface:        tunnel.1 \n        outer interface:        ethernet1\/1\n        state:                  active\n        session:                212\n        tunnel mtu:             1428\n        lifetime remain:        27906 sec\n        latest rekey:           894 seconds ago\n        monitor:                off\n          monitor packets seen: 0\n          monitor packets reply:0\n        en\/decap context:       5       \n        local spi:              A1AD74BD\n        remote spi:             9F115119\n        key type:               auto key\n        protocol:               ESP\n        auth algorithm:         SHA1\n        enc  algorithm:         AES256\n        proxy-id:\n          local ip:             10.20.10.0\/24\n          remote ip:            172.16.1.0\/24\n          protocol:             0  \n          local port:           0   \n          remote port:          0\n        anti replay check:      no\n        copy tos:               no\n        authentication errors:  0\n        decryption errors:      0\n        inner packet warnings:  0\n        replay packets:         0\n        packets received \n          when lifetime expired:0\n          when lifesize expired:0\n        sending sequence:       3\n        receive sequence:       0\n        encap packets:          116\n        decap packets:          6\n        encap bytes:            13536\n        decap bytes:            624\n        key acquire requests:   63\n        owner state:            0\n        owner cpuid:            s1dp0\n        ownership:              1<\/pre>\n
 <\/p>\n
W innym po\u015bcie udost\u0119pniam generator Configu IPSec dla PALO<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Poni\u017cej pokazuj\u0119 jak zestawia\u0107 po\u0142\u0105czenie IPsec pomi\u0119dzy PaloAlto Networks a Cisco ASA. W mym przypadku oba urz\u0105dzenia s\u0105 w wersji wirtualnej ale konfiguracja ich odpowiada tak jak by\u015bmy konfigurowali urz\u0105dzenia fizyczne. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 86400s Faza 2 aes256 sha-1 pfs g2 28800s Palo Cisco ASA Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24 […]<\/p>\n","protected":false},"author":1,"featured_media":304,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[4,84,78],"tags":[158,13,162,172,179,173,174,77,176,79,81,171,82,175,177,178,30],"class_list":["post-647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","category-lab","category-palo-alto","tag-asdm","tag-cisco","tag-cisco-asav","tag-cypto","tag-flow","tag-ike-crypto","tag-ike-gateways","tag-ipsec","tag-isakmp","tag-palo","tag-palo-alto-networks","tag-pfs","tag-phase","tag-proxy-ids","tag-subtype-eq-vpn","tag-tunnel","tag-vpn"],"yoast_head":"\nLAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog<\/title>\n<meta name=\"description\" content=\"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog\" \/>\n<meta property=\"og:description\" content=\"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/\" \/>\n<meta property=\"og:site_name\" content=\"SafeKom Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/safekompl\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-23T19:19:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-03-25T11:24:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"566\" \/>\n\t<meta property=\"og:image:height\" content=\"680\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:site\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/\"},\"author\":{\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\"},\"headline\":\"LAB – IPSec Palo – Cisco ASA\",\"datePublished\":\"2016-03-23T19:19:00+00:00\",\"dateModified\":\"2020-03-25T11:24:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/\"},\"wordCount\":428,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/08\\\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"keywords\":[\"asdm\",\"cisco\",\"cisco asav\",\"cypto\",\"flow\",\"ike-crypto\",\"ike-gateways\",\"ipsec\",\"isakmp\",\"Palo\",\"Palo Alto Networks\",\"pfs\",\"phase\",\"proxy ID's\",\"subtype eq vpn\",\"tunnel\",\"vpn\"],\"articleSection\":[\"Cisco\",\"Lab\",\"Palo Alto\"],\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/\",\"name\":\"LAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/08\\\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"datePublished\":\"2016-03-23T19:19:00+00:00\",\"dateModified\":\"2020-03-25T11:24:04+00:00\",\"description\":\"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/08\\\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/08\\\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"width\":566,\"height\":680},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/lab\\\/lab_ipsec_palo_ciscoasa\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LAB – IPSec Palo – Cisco ASA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"name\":\"SafeKom Blog\",\"description\":\"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\",\"name\":\"SafeKom Blog\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"width\":512,\"height\":512,\"caption\":\"SafeKom Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/safekompl\",\"https:\\\/\\\/x.com\\\/MIwaczuk\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/michaliwanczuk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\",\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"caption\":\"Micha\u0142 Iwa\u0144czuk\"},\"description\":\"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\\\/7\\\/365.\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog","description":"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","og_locale":"pl_PL","og_type":"article","og_title":"LAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog","og_description":"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA","og_url":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","og_site_name":"SafeKom Blog","article_publisher":"https:\/\/www.facebook.com\/safekompl","article_published_time":"2016-03-23T19:19:00+00:00","article_modified_time":"2020-03-25T11:24:04+00:00","og_image":[{"width":566,"height":680,"url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","type":"image\/png"}],"author":"Micha\u0142 Iwa\u0144czuk","twitter_card":"summary_large_image","twitter_creator":"@MIwaczuk","twitter_site":"@MIwaczuk","twitter_misc":{"Napisane przez":"Micha\u0142 Iwa\u0144czuk","Szacowany czas czytania":"7 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#article","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/"},"author":{"name":"Micha\u0142 Iwa\u0144czuk","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181"},"headline":"LAB – IPSec Palo – Cisco ASA","datePublished":"2016-03-23T19:19:00+00:00","dateModified":"2020-03-25T11:24:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/"},"wordCount":428,"commentCount":0,"publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","keywords":["asdm","cisco","cisco asav","cypto","flow","ike-crypto","ike-gateways","ipsec","isakmp","Palo","Palo Alto Networks","pfs","phase","proxy ID's","subtype eq vpn","tunnel","vpn"],"articleSection":["Cisco","Lab","Palo Alto"],"inLanguage":"pl-PL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","url":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","name":"LAB - IPSec Palo - Cisco ASA krok po kroku- SafeKom Blog","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#primaryimage"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","datePublished":"2016-03-23T19:19:00+00:00","dateModified":"2020-03-25T11:24:04+00:00","description":"Konfiguracja krok po kroku IPSec pomi\u0119dzy urz\u0105dzeniami Palo - Cisco ASA. Du\u017ca dawka wiedzy w tym temacie LAB - IPSec Palo - Cisco ASA","breadcrumb":{"@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#primaryimage","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","width":566,"height":680},{"@type":"BreadcrumbList","@id":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/www.safekom.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"LAB – IPSec Palo – Cisco ASA"}]},{"@type":"WebSite","@id":"https:\/\/www.safekom.pl\/blog\/#website","url":"https:\/\/www.safekom.pl\/blog\/","name":"SafeKom Blog","description":"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem","publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/www.safekom.pl\/blog\/#organization","name":"SafeKom Blog","url":"https:\/\/www.safekom.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"SafeKom Blog"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/safekompl","https:\/\/x.com\/MIwaczuk","https:\/\/www.linkedin.com\/in\/michaliwanczuk\/"]},{"@type":"Person","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181","name":"Micha\u0142 Iwa\u0144czuk","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","caption":"Micha\u0142 Iwa\u0144czuk"},"description":"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.","url":"https:\/\/www.safekom.pl\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7i9ri-ar","jetpack-related-posts":[{"id":171,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/lab-ipsec-juniper-srx-cisco-router\/","url_meta":{"origin":647,"position":0},"title":"Lab – IPSEC Juniper SRX – Cisco router","author":"Micha\u0142 Iwa\u0144czuk","date":"21.08.2015","format":false,"excerpt":"Dzi\u015b postanowi\u0142em opisa\u0107 troch\u0119 labowania, temat ostatnio bardzo mocno przerabiany IPSEC. Poni\u017cej opisz\u0119 wariant policy base vpn, kt\u00f3ry jest bardzo elastyczny. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Cisco Juniper SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 172.16.10.0\/24 10.10.10.0\/24 Cisco Juniper SRX Interfejs\u2026","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/junos_multicolor_burst.png?fit=361%2C393&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":292,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","url_meta":{"origin":647,"position":1},"title":"LAB – IPSEC SRX  PALO","author":"Micha\u0142 Iwa\u0144czuk","date":"30.08.2015","format":false,"excerpt":"Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami. za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Palo SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24\u2026","rel":"","context":"W \u201eJuniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":2567,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","url_meta":{"origin":647,"position":2},"title":"NSX-t IPSec Route base","author":"Micha\u0142 Iwa\u0144czuk","date":"26.03.2020","format":false,"excerpt":"W dzisiejszym wpisie przedstawi\u0119 konfiguracj\u0119 NSX-t IPSec Route base, jest to\u00a0 opis krok po kroku jak skonfigurowa\u0107 IPseca po stronie NSX'a oraz Vyos kt\u00f3ry b\u0119dzie uczestnikiem IPseca.\u00a0 Za\u0142o\u017cenia Poni\u017cej rysunek pogl\u0105dowy jak wygl\u0105da topologia po\u0142\u0105cze\u0144. Pomi\u0119dzy routerem T0 i chmurk\u0105 ju\u017c istnieje po\u0142\u0105czenie oraz jest zestawione s\u0105siedztwo BGP w celu\u2026","rel":"","context":"W \u201eNSX"","block_context":{"text":"NSX","link":"https:\/\/www.safekom.pl\/blog\/category\/vmware\/nsx\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":457,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","url_meta":{"origin":647,"position":3},"title":"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE","author":"Micha\u0142 Iwa\u0144czuk","date":"30.12.2015","format":false,"excerpt":"Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287 Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci. definiujemy Grup\u0119 w kt\u00f3ra b\u0119dzie zawiera\u0107 list\u0119\u2026","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":610,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/asav-pierwsze-uruchomienie-w-labie\/","url_meta":{"origin":647,"position":4},"title":"ASAv – pierwsze uruchomienie w labie","author":"Micha\u0142 Iwa\u0144czuk","date":"06.03.2016","format":false,"excerpt":"Pierwsze uruchomienie Cisco ASAv w Labie. Pokazuj\u0119 podstawow\u0105 konfiguracj\u0119 od importu po zalogowanie si\u0119 po ssh lub asdm.","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":676,"url":"https:\/\/www.safekom.pl\/blog\/palo-alto\/palo-generator-configow-vpn\/","url_meta":{"origin":647,"position":5},"title":"Palo – Generator config\u00f3w VPN","author":"Micha\u0142 Iwa\u0144czuk","date":"24.03.2016","format":false,"excerpt":"W nap\u0142ywie mocy stworzy\u0142em ma\u0142ego Excela z generatorem konfig\u00f3w po\u0142\u0105cze\u0144 IPSec, jest to na chwil\u0119 wersja uboga ale mam nadziej\u0119 z czasem uda mi si\u0119 doda\u0107 wi\u0119cej funkcji. Na chwil\u0119 obecn\u0105 obs\u0142uguje vpn'y w trybie main z PSK. wersja 0.2 poprawione b\u0142\u0119dy, dodanie opis\u00f3w p\u00f3l, uporz\u0105dkowanie leciutkie. Plik generatora(potrzeba w\u0142\u0105czenia\u2026","rel":"","context":"W \u201ePalo Alto"","block_context":{"text":"Palo Alto","link":"https:\/\/www.safekom.pl\/blog\/category\/palo-alto\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/comments?post=647"}],"version-history":[{"count":1,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/647\/revisions"}],"predecessor-version":[{"id":2577,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/647\/revisions\/2577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media\/304"}],"wp:attachment":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media?parent=647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/categories?post=647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/tags?post=647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}