VPN and IPSec Concepts - CCNAv7

VPN and IPSec Concepts - CCNAv7

Event Information: IPD Week - Technical Session - VPN and IPSec Concepts - CCNAv7

7a75a2cc883ed99599e1b3d4a2597f58?s=128

page2me kitarotao

December 13, 2019
Tweet

Transcript

  1. Marc Khayat, CCIE #41288 Technical Manager 14-Dec-19 New module in

    CCNAv7 VPN and IPSec VPN Concepts
  2. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VPN Technology • Types of VPN • IPSec Agenda
  3. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential VPN Technology
  4. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Cost Savings • Security • Scalability • Compatibility Virtual Private Networks
  5. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Basic VPN Types Remote-Access VPN Site-to-Site VPN Access
  6. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Who manages the VPN?
  7. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Types of VPN
  8. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Clientless VPN connection: • SSL • Browser-based • Client-based VPN connection • IPSec or SSL • Software such as AnyConnect Remote-Access VPNs
  9. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential SSL or IPSec?
  10. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Router or Firewall • Pass IP traffic only • Unicast Site-to-Site IPSec VPNs
  11. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • GRE: no encryption, supports multicast/broadcast • Encapsulate traffic in GRE tunnel, then encrypt using IPSec. GRE over IPSec
  12. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Dynamically expand your GRE/IPSec tunnels • Spoke-to-spoke ensured by NHRP • Simplifies tunnel management Dynamic Multipoint VPNs
  13. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VTI simplifies config and makes it flexible • Supports multicast => no need for GRE IPsec Virtual Tunnel Interface
  14. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Layer 3 MPLS VPN - The service provider participates in customer routing by establishing a peering between the customer’s routers and the provider’s routers. • Layer 2 MPLS VPN - The service provider is not involved in the customer routing. Instead, the provider deploys a Virtual Private LAN Service (VPLS) to emulate an Ethernet multiaccess LAN segment over the MPLS network. Service Provider MPLS VPNs
  15. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential IPSec
  16. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Confidentiality - encryption • Integrity - hashing algorithms • Origin authentication - pre- shared keys (passwords), digital certificates, or RSA certificates • Diffie-Hellman - Secure key exchange IPSec Technologies
  17. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Select your preferred and supported protocols. • Build your own security associations. Security functions
  18. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Authentication Header (AH) • Encapsulation Security Protocol (ESP). IPsec Protocol Encapsulation
  19. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Data encryption • Symmetric algorithms Confidentiality
  20. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Data that is received is exactly the same data that was sent. Integrity
  21. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VPNs ends must confirm their identities Authentication
  22. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Public key exchange method to share secret key used for encryption/decryption Secure Key Exchange with Diffie-Hellman
  23. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Default is tunnel mode • Transport mode is used when VPN gateways are the destination of data stream. Transport vs Tunnel Mode
  24. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential
  25. None