Upgrade to Pro — share decks privately, control downloads, hide ads and more …

VPN and IPSec Concepts - CCNAv7

VPN and IPSec Concepts - CCNAv7

Event Information: IPD Week - Technical Session - VPN and IPSec Concepts - CCNAv7

page2me kitarotao

December 13, 2019
Tweet

More Decks by page2me kitarotao

Other Decks in Technology

Transcript

  1. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VPN Technology • Types of VPN • IPSec Agenda
  2. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Cost Savings • Security • Scalability • Compatibility Virtual Private Networks
  3. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Basic VPN Types Remote-Access VPN Site-to-Site VPN Access
  4. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Clientless VPN connection: • SSL • Browser-based • Client-based VPN connection • IPSec or SSL • Software such as AnyConnect Remote-Access VPNs
  5. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Router or Firewall • Pass IP traffic only • Unicast Site-to-Site IPSec VPNs
  6. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • GRE: no encryption, supports multicast/broadcast • Encapsulate traffic in GRE tunnel, then encrypt using IPSec. GRE over IPSec
  7. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Dynamically expand your GRE/IPSec tunnels • Spoke-to-spoke ensured by NHRP • Simplifies tunnel management Dynamic Multipoint VPNs
  8. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VTI simplifies config and makes it flexible • Supports multicast => no need for GRE IPsec Virtual Tunnel Interface
  9. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Layer 3 MPLS VPN - The service provider participates in customer routing by establishing a peering between the customer’s routers and the provider’s routers. • Layer 2 MPLS VPN - The service provider is not involved in the customer routing. Instead, the provider deploys a Virtual Private LAN Service (VPLS) to emulate an Ethernet multiaccess LAN segment over the MPLS network. Service Provider MPLS VPNs
  10. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Confidentiality - encryption • Integrity - hashing algorithms • Origin authentication - pre- shared keys (passwords), digital certificates, or RSA certificates • Diffie-Hellman - Secure key exchange IPSec Technologies
  11. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Select your preferred and supported protocols. • Build your own security associations. Security functions
  12. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Authentication Header (AH) • Encapsulation Security Protocol (ESP). IPsec Protocol Encapsulation
  13. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Data encryption • Symmetric algorithms Confidentiality
  14. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Data that is received is exactly the same data that was sent. Integrity
  15. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • VPNs ends must confirm their identities Authentication
  16. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Public key exchange method to share secret key used for encryption/decryption Secure Key Exchange with Diffie-Hellman
  17. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Default is tunnel mode • Transport mode is used when VPN gateways are the destination of data stream. Transport vs Tunnel Mode