Lecture CCNA Security - Chapter 8: Implementing Virtual Private Networks

Upon completion of this lesson, the successful participant will be able to: Describe the purpose and operation of VPNs, differentiate between the various types of VPNs; identify the Cisco VPN product line and the security features of these products; configure a site-to-site VPN GRE tunnel;... Inviting you to refer.
Nội dung trích xuất từ tài liệu:
Lecture CCNA Security - Chapter 8: Implementing Virtual Private Networks Chapter 8- Implementing Virtual Private Networks CCNA Security Major Concepts • Describe the purpose and operation of VPN types • Describe the purpose and operation of GRE VPNs • Describe the components and operations of IPsec VPNs • Configure and verify a site-to-site IPsec VPN with pre- shared key authentication using CLI • Configure and verify a site-to-site IPsec VPN with pre- shared key authentication using CCP • Configure and verify a Remote Access VPN Lesson Objectives Upon completion of this lesson, the successful participant will be able to: 1. Describe the purpose and operation of VPNs 2. Differentiate between the various types of VPNs 3. Identify the Cisco VPN product line and the security features of these products 4. Configure a site-to-site VPN GRE tunnel 5. Describe the IPSec protocol and its basic functions 6. Differentiate between AH and ESP 7. Describe the IKE protocol and modes 8. Describe the five steps of IPSec operation Lesson Objectives 9. Describe how to prepare IPSec by ensuring that ACLs are compatible with IPSec 10. Configure IKE policies using the CLI 11. Configure the IPSec transform sets using the CLI 12. Configure the crypto ACLs using the CLI 13. Configure and apply a crypto map using the CLI 14. Describe how to verify and troubleshoot the IPSec configuration 15. Describe how to configure IPSec using CCP 16. Configure a site-to-site VPN using the Quick Setup VPN Wizard in CCP 17. Configure a site-to-site VPN using the step-by-step VPN Wizard in CCP Lesson Objectives 18. Verify, monitor and troubleshoot VPNs using CCP 19. Describe how an increasing number of organizations are offering telecommuting options to their employees 20. Differentiate between Remote Access IPSec VPN solutions and SSL VPNs 21. Describe how SSL is used to establish a secure VPN connection 22. Describe the Cisco Easy VPN feature 23. Configure a VPN Server using SDM 24. Connect a VPN client using the Cisco VPN Client software Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com What is a VPN? Refer to 8.1.1.1 • A VPN is a private network that is created via tunneling over a public network, usually the Internet. • Instead of using a dedicated physical connection, a VPN uses virtual connections routed through the Internet from the organization to the remote site. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com What is a VPN? • Virtual ? • Private ? Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com What is a VPN? 1. What is the Tunnel ? 2. Does the VPN always include authentication and encryption ? 3. How does a network administrator prevent eavesdropping of data in a VPN? Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Benefits of VPN 1. Cost savings: – VPNs eliminate expensive dedicated WAN links and modem banks. – Additionally, with the advent of cost-effective, high-bandwidth technologies, such as DSL, organizations can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth. 2. Security: – Use advanced encryption and authentication protocols that protect data from unauthorized access. 3. Scalability – VPNs use the Internet infrastructure. So it is easy to add new users, corporations can add significant capacity without adding significant infrastructure 4. Compatibility with broadband technology – DSL, Cable, broadband wireless… Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Layer 3 VPN Refer to 8.1.1.2 • VPN can be made at either Layer 2 or Layer 3 of the OSI model. Establishing connectivity between sites over a Layer 2 or Layer 3 is the same. This chapter focuses on Layer 3 VPN technology. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Layer 3 VPN IPSec VPN IPSec Internet SOHO with a Cisco DSL Router 1. Generic routing encapsulation (GRE): point-to-point site connections 2. Multiprotocol Label Switching (MPLS): they can establish any-to-any connectivity to many sites. 3. IPSec: point-to-point site connections Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Types of VPN Networks 1. Site-to-site 2. Remote-Access Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Site-to-Site VPN Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Site-to-Site VPN • A site-to-site VPN is created when connection devices on both sides of the VPN connection are aware of the VPN configuration in advance. • The VPN remains static, and internal hosts have no knowledge that a VPN exists. • Frame Relay, ATM, GRE, and MPLS VPNs are examples of site-to-site VPNs. • In a site-to-site VPN, hosts send and receive normal TCP/IP traffic through a VPN gateway, which can be a router, firewall, Cisco VPN Concentrator, or Cisco ASA 5500 Series Adaptive Security Appliance. • The VPN gateway is responsible for encaps ...