Hey guys
Ive got an question about learning materials for IPSec, do you recommend any books/courses that are good and deep dive into it?
The deep dive… is that unless you have two pieces of hardware at both ends that are exactly the same… setup is always a nightmare.
Every setting needs to match virtually exactly and different vendors will put those settings in different places and call them different things.
Lesson one: it’s IPsec.
Best way to learn IPSEC is through a lab and running debugs on both ends while simulating different scenarios.
The Complete Cisco VPN Configuration Guide by Richard Deal
IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS: Cscopress
Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services: Ciscopress
Virtual Private Networks by Scott, Charlie
What kind of IPSEC
router to router
router to software (libreswan)
software to software
road warrior ?
There is a lot to it and truth be told with the advent of Wireguard/Zerotier/Tailscale ESPECIALLY for road warriors there is less of a need.
Either way, it works great when its up, it can be a PITA
And with a third party, don’t let them get away with just sending you a template with configuration parameters. There needs to be a coordination call.
I’ve had pretty good luck between Sonicwall, watchguard, pfsense, and Ubiquiti Edgerouter without too much pain
Sometimes it takes a bit of trial and error though
Yup, same vendor no issues, different vendors good luck…
For years I had the same experience as you… our customers would want to setup S2S VPNs to access some of their internal stuff and it was always a nightmare. I moved to using a Silverpeak as the endpoint instead of the Fortigate and I have never had a problem since, god bless that team.
Palos are generally pretty easy.
Adding my favorite IPSec rfc
Well all of these i guess, i need a general grasp of this technology