Icnd210 s08l01
-
Upload
computerlenguyen -
Category
Education
-
view
73 -
download
3
Transcript of Icnd210 s08l01
![Page 1: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/1.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-1
LAN Extension into a WAN
Introducing VPN Solutions
![Page 2: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/2.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-2
What Is a VPN?
Virtual: Information within a private network is transported over a public network.
Private: The traffic is encrypted to keep the data confidential.
![Page 3: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/3.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-3
Benefits of VPN
Cost Security Scalability
![Page 4: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/4.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-4
Site-to-Site VPNs
Site-to-site VPN: extension of classic WAN
![Page 5: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/5.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-5
Remote-Access VPNs
Remote-access VPN: evolution of dial-in networks and ISDN
![Page 6: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/6.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-6
Cisco Easy VPN
![Page 7: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/7.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-7
Cisco IOS IPsec SSL VPN (WebVPN)
Integrated security and routing
Browser-based full network SSL VPN access
![Page 8: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/8.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-8
VPN-Enabled Cisco IOS Routers
![Page 9: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/9.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-9
Cisco ASA Adaptive Security Appliances
![Page 10: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/10.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-10
(legacy)
VPN Clients
![Page 11: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/11.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-11
What Is IPsec?
IPsec acts at the network layer, protecting and authenticating IP packets. It is a framework of open standards that is algorithm independent. It provides data confidentiality, data integrity, and origin authentication.
![Page 12: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/12.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-12
IPsec Security Services
Confidentiality
Data integrity
Authentication
Antireplay protection
![Page 13: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/13.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-13
Confidentiality (Encryption)
![Page 14: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/14.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-14
Encryption Algorithms
Encryption algorithms: DES
AES
3DES
RSA
![Page 15: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/15.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-15
DH Key Exchange
Diffie-Hellman algorithms: DH1
DH2
DH5
![Page 16: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/16.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-16
Data Integrity
Hashing algorithms: HMAC-MD5
HMAC-SHA-1
![Page 17: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/17.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-17
Authentication
Peer authentication methods: PSKs
RSA signatures
![Page 18: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/18.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-18
IPsec Security Protocols
![Page 19: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/19.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-19
IPsec Framework
![Page 20: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/20.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-20
Summary
Organizations implement VPNs because they are less expensive, more secure, and easier to scale than traditional WANs.
Site-to-site VPNs secure traffic between intranet and extranet peers. Remote access VPNs secure communications from the traveling telecommuter to the central office.
VPNs can be implemented with a variety of different Cisco devices: Cisco IOS routers, ASA 5500 Series Adaptive Security Appliances, and Cisco VPN Client software.
IPsec is the framework that combines security protocols together and provides VPNs with data confidentiality, integrity, and authentication.
AH and ESP are the two main IPsec framework protocols.
![Page 21: Icnd210 s08l01](https://reader035.fdocuments.us/reader035/viewer/2022062515/55c292f1bb61eb6e2b8b483d/html5/thumbnails/21.jpg)
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-21