ccna chapter 15 by jetarvind kumar madhukar
TRANSCRIPT
Release 16/07/2009 Jetking Infotrain Ltd.
VPN (IPSec and SSL)
Chapter 15
Release 16/07/2009 Jetking Infotrain Ltd.
Chapter Objectives
Explain VPN Fundamentals Explain Cisco IOS IPSec Explain IPSec VPN Explain SSL VPN Explain VPN configuration
Release 16/07/2009 Jetking Infotrain Ltd.
VPN Fundamentals - I
The different security features of VPN are: Privacy Authentication Data Integrity Anti-replay
Release 16/07/2009 Jetking Infotrain Ltd.
VPN Fundamentals - II
VPN can be implemented by connecting devices that include hardware and software to recognize the security features and protocols of VPN at each site. These devices include: Routers Adaptive Security Appliances (ASA) PIX Firewalls VPN Concentrators VPN Client
Release 16/07/2009 Jetking Infotrain Ltd.
Types of Virtual Private Networks
Types of VPN
Release 16/07/2009 Jetking Infotrain Ltd.
Tunneling Protocols VPN creates a tunnel between two devices connected to
the Internet to allow secure communication. The following protocols are used to create a tunnel:
Layer 2 Forwarding (L2F) Point-to-point Tunneling protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Generic Routing Encapsulation (GRE)
Release 16/07/2009 Jetking Infotrain Ltd.
IPSec VPNs IP Security is an architecture that provides security
services for IP networks. It defines authentication and encryption functions that can
be used over the IP networks. It allows you to use different protocol options for the VPN
features. It allows you to change the architecture as the security
protocols are improved over time.
Release 16/07/2009 Jetking Infotrain Ltd.
Case Study I
The Blue Diamond steel company has 3000 employees, 200 remote sites and multiple partners and suppliers destined at different locations. It needs to create an Intranet VPN to connect its remote sites and Extranet VPN to connect to its partners and suppliers over the Internet. Additionally, the company provides laptops to the some employees to work from home. The company needs to create a remote access VPN so that the employees can access the enterprise network with their laptops over the Internet.
Release 16/07/2009 Jetking Infotrain Ltd.
Problem
Implementation of such a huge network is tedious.
Release 16/07/2009 Jetking Infotrain Ltd.
Suggested Solution
The Cisco Easy VPN server can be implemented at the
central site (headquarters) of the company.
Release 16/07/2009 Jetking Infotrain Ltd.
Secure Socket Layer (SSL) VPNs
Web browsers use HTTP to connect to the Web server and SSL protocol to communicate securely.
The implementation of SSL depends on the Web servers.
The Web VPN is implemented to secure the connection between user and Web VPN server using SSL protocol.
Release 16/07/2009 Jetking Infotrain Ltd.
Web VPN using SSL
Release 16/07/2009 Jetking Infotrain Ltd.
Configuring VPN
VPN can be configured to enable or disable a VPN tunnel and authenticate a VPN tunnel.
The authentication can be configured either using host name, local name or L2TP tunnel password.
The dial-in and dial-out VPNs of an enterprise network can be configured if the need arises.
Release 16/07/2009 Jetking Infotrain Ltd.
Summary - I VPN (Virtual Private Network) uses a public network i.e.
Internet to connect remote sites or users together. VPN provides the following security features:
Privacy Authentication Data Integrity Anti-replay
Release 16/07/2009 Jetking Infotrain Ltd.
Summary-II Devices that can be used for creating a VPN tunnel are:
Routers Adaptive Security Appliances (ASA) PIX Firewalls VPN Concentrators VPN Clients
The benefits of using Internet-based VPN are low cost, secure communication and availability of internet connection everywhere.
Release 16/07/2009 Jetking Infotrain Ltd.
Summary - III VPNs are of the following types:
Intranet VPN Extranet VPN Access VPN
The various tunneling protocols used by VPN are: L2F PPTP L2TP GRE
Release 16/07/2009 Jetking Infotrain Ltd.
Summary - IV
Cisco IOS IPSec provides services, such as data encryption, security, verification, and anti-replay.
IPSec encryption process uses a pair of algorithms to encrypt and decrypt the data.
Authentication is a process in which a receiving VPN device verifies that the received packet is sent by an authorized VPN device.
Release 16/07/2009 Jetking Infotrain Ltd.
Summary - V
Message Integrity is a process in which a receiving VPN device verifies that the data packet is not changed while transmission.
SSL is a protocol used by a Web browser to forward sensitive information.