Sie sind auf Seite 1von 18

VPN (IPSec and SSL)

Chapter 15

Release 16/07/2009 Jetking Infotrain Ltd.


Chapter Objectives

 Explain VPN Fundamentals


 Explain Cisco IOS IPSec
 Explain IPSec VPN
 Explain SSL VPN
 Explain VPN configuration

Release 16/07/2009 Jetking Infotrain Ltd.


VPN Fundamentals - I
 The different security features of VPN are:
 Privacy

 Authentication

 Data Integrity

 Anti-replay

Release 16/07/2009 Jetking Infotrain Ltd.


VPN Fundamentals - II
 VPN can be implemented by connecting devices that
include hardware and software to recognize the security
features and protocols of VPN at each site. These
devices include:
 Routers

 Adaptive Security Appliances (ASA)

 PIX Firewalls

 VPN Concentrators

 VPN Client

Release 16/07/2009 Jetking Infotrain Ltd.


Types of Virtual Private Networks

Types of VPN

Release 16/07/2009 Jetking Infotrain Ltd.


Tunneling Protocols
 VPN creates a tunnel between two devices connected to
the Internet to allow secure communication.
 The following protocols are used to create a tunnel:
 Layer 2 Forwarding (L2F)

 Point-to-point Tunneling protocol (PPTP)

 Layer 2 Tunneling Protocol (L2TP)

 Generic Routing Encapsulation (GRE)

Release 16/07/2009 Jetking Infotrain Ltd.


IPSec VPNs
 IP Security is an architecture that provides security
services for IP networks.
 It defines authentication and encryption functions that
can be used over the IP networks.
 It allows you to use different protocol options for the VPN
features.
 It allows you to change the architecture as the security
protocols are improved over time.

Release 16/07/2009 Jetking Infotrain Ltd.


Case Study I

The Blue Diamond steel company has 3000 employees,


200 remote sites and multiple partners and suppliers
destined at different locations. It needs to create an
Intranet VPN to connect its remote sites and Extranet
VPN to connect to its partners and suppliers over the
Internet. Additionally, the company provides laptops to
the some employees to work from home. The company
needs to create a remote access VPN so that the
employees can access the enterprise network with their
laptops over the Internet.

Release 16/07/2009 Jetking Infotrain Ltd.


Problem

Implementation of such a huge network is tedious.

Release 16/07/2009 Jetking Infotrain Ltd.


Suggested Solution

The Cisco Easy VPN server can be implemented at the


central site (headquarters) of the company.

Release 16/07/2009 Jetking Infotrain Ltd.


Secure Socket Layer (SSL) VPNs
 Web browsers use HTTP to connect to the Web server
and SSL protocol to communicate securely.
 The implementation of SSL depends on the Web
servers.
 The Web VPN is implemented to secure the connection
between user and Web VPN server using SSL protocol.

Release 16/07/2009 Jetking Infotrain Ltd.


Web VPN using SSL

Release 16/07/2009 Jetking Infotrain Ltd.


Configuring VPN
 VPN can be configured to enable or disable a VPN
tunnel and authenticate a VPN tunnel.
 The authentication can be configured either using host
name, local name or L2TP tunnel password.
 The dial-in and dial-out VPNs of an enterprise network
can be configured if the need arises.

Release 16/07/2009 Jetking Infotrain Ltd.


Summary - I
 VPN (Virtual Private Network) uses a public network i.e.
Internet to connect remote sites or users together.
 VPN provides the following security features:
 Privacy

 Authentication

 Data Integrity

 Anti-replay

Release 16/07/2009 Jetking Infotrain Ltd.


Summary-II
 Devices that can be used for creating a VPN tunnel are:
 Routers

 Adaptive Security Appliances (ASA)

 PIX Firewalls

 VPN Concentrators

 VPN Clients

 The benefits of using Internet-based VPN are low cost,


secure communication and availability of internet
connection everywhere.

Release 16/07/2009 Jetking Infotrain Ltd.


Summary - III
 VPNs are of the following types:
 Intranet VPN

 Extranet VPN

 Access VPN

 The various tunneling protocols used by VPN are:


 L2F

 PPTP

 L2TP

 GRE

Release 16/07/2009 Jetking Infotrain Ltd.


Summary - IV
 Cisco IOS IPSec provides services, such as data
encryption, security, verification, and anti-replay.
 IPSec encryption process uses a pair of algorithms to
encrypt and decrypt the data.
 Authentication is a process in which a receiving VPN
device verifies that the received packet is sent by an
authorized VPN device.

Release 16/07/2009 Jetking Infotrain Ltd.


Summary - V
 Message Integrity is a process in which a receiving VPN
device verifies that the data packet is not changed while
transmission.
 SSL is a protocol used by a Web browser to forward
sensitive information.

Release 16/07/2009 Jetking Infotrain Ltd.