CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Virtual Private Networks (VPNs)

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.

Security at the Network Layer: IPSec

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

SCSC 455 Computer Security Virtual Private Network (VPN)

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Introduction to Cryptography

Guide to Network Defense and Countermeasures Second Edition

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Kapitel 7: Securing Site-to-Site Connectivity

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

CCNA 5.0 Planning Guide Chapter 4: Frame Relay.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 8: Monitoring the Network.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 2: Connecting to the WAN.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 6: Broadband Solutions.

CCNA 5.0 Planning Guide Chapter 3: Point-to-Point Connections.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 1: Hierarchical Network Design.

CCNA 5.0 Planning Guide Chapter 1: Introduction to Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.

Chapter 7: Securing Site-to-Site Connectivity

NetComm Wireless VPN Functionality Feature Spotlight.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 8 – Implementing Virtual Private Networks.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.

RE © 2003, Cisco Systems, Inc. All rights reserved.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.

1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Chapter 8: Implementing Virtual Private Networks

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Chapter 8: Implementing Virtual Private Networks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

Chapter 7: Cryptographic Systems

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

FINAL YEAR PROJECT. FINAL YEAR PROJECT IMPLEMENTATION OF VPN USING IPSEC.

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Potential vulnerabilities of IPsec-based VPN

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Virtual Private Network Configuration

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

Virtuelne Privatne Mreže 1 Dr Milan Marković. VPN implementations  In the following sections we will discuss these popular VPN implementation methods,

Securing Access to Data Using IPsec Josh Jones Cosc352.

Instructor Materials Chapter 5 Providing Network Services

UNIT.4 IP Security.

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity Connecting Networks

Chapter 7: Objectives After completing this chapter, students will be able to: Describe benefits of VPN technology. Describe site-to-site and remote access VPNs. Describe the purpose and benefits of GRE tunnels. Configure a site-to-site GRE tunnel. Describe the characteristics of IPsec. Explain how IPsec is implemented using the IPsec protocol framework. Explain how the Anyconnect client and clientless SSL remote access VPN implementations support business requirements. Compare IPsec and SSL remote access VPNs. 2

Chapter 7: Overview This chapter: Explains the concepts and processes related to VPNs Explains the benefits of VPN implementations and the underlying protocols required to configure VPNs 3

Chapter 7: Activities What activities are associated with this chapter? 7.0.1.2 Class Activity – VPNs at a Glance 7.1.1.3 Activity – Identifying the Benefits of VPNs 7.1.2.3 Activity – Compare Types of VPNs 7.1.2.4 Packet Tracer – Configuring VPNs (Optional) 7.2.1.3 Activity – Identifying GRE Characteristics 7.2.2.2 Syntax Checker – Configure and Verify GRE 7.2.2.3 Packet Tracer – Configuring GRE 7.2.2.4 Packet Tracer – Troubleshooting GRE 7.2.2.5 Lab – Configuring a Point-to-Point GRE VPN Tunnel 4

Chapter 7: Activities (cont.) What activities are associated with this chapter? 7.3.2.7 Activity – Identifying IPsec Terminology and Concepts 7.3.2.8 Packet Tracer – Configuring GRE over IPsec (Optional) 7.4.1.4 Activity – Compare Cisco SSL VPN Solutions 7.4.2.5 Activity – Identify Remote-Access Characteristics 7.5.1.1 Class Activity – VPN Planning Design 7.5.1.2 Packet Tracer – Skills Integration Challenge 5

Chapter 7: Packet Tracer Activity Password The password for all the Packet Tracer activities in this chapter is: PT_ccna5 6

Chapter 7: Assessment Students should complete Chapter 7 Exam after completing Chapter 7. Worksheets, labs and quizzes can be used to informally assess student progress. 7

Chapter 7: New Terms and Commands What terms and commands are introduced in this chapter? 7.1.1.1 VPNs Tunnel Generic Routing Encapsulation (GRE) Cisco Adaptive Security Appliance (ASA) 7.1.2.1 Site-to-site VPNs VPN Gateway 7.1.2.2 Remote Access VPNs Cisco AnyConnect Secure Mobility Client 7.2.2.1 interface tunnel number command tunnel source command tunnel destination command 7.2.2.2 show interface tunnel command IP Multicast Tunneling 7.3.1.1 IPsec 7.3.1.2 Anti-replay Protection 7.3.2.1 Encryption Decryption 8

Chapter 7: New Terms and Commands (cont.) What terms are introduced in this chapter? 7.3.2.2 Symmetric Encryption Asymmetric Encryption Public Key Encryption 7.3.2.3 Diffie-Hellman Key Exchange OAKLEY IKE protocol 7.3.2.4 Hash Hash-based Message Authentication Code (HMAC) MD5 SHA 7.3.2.5 Pre-shared Key (PSK) RSA Signature Certificate Authority (CA) Digital Signature Algorithm (DSA) 7.3.2.6 Authentication Header (AH) Encapsulating Security Payload (ESP) 9

Chapter 7: New Terms and Commands (cont.) What terms are introduced in this chapter? 7.4.1.1 Secure Sockets Layer (SSL) VPN IP Security (IPsec) VPN 7.4.1.2 Cisco AnyConnect Secure Mobility Client with SSL Cisco Secure Mobility Clientless SSL VPN 7.4.2.1 Cisco Easy VPN Server Cisco Easy VPN Remote Cisco VPN Client 10

Chapter 7: Best Practices For best practices, the instructor should: Use this chapter as an introduction to CCNA Security. Make this chapter as hands-on as possible. Encourage students to complete chapter activities, labs, and to use the Syntax Checker. Refer to the CCNA Security curriculum for more labs and reference materials. Use http://www.cisco.com for additional VPN materials. 11

Chapter 7: Additional Help For additional help with teaching strategies, including lesson plans, analogies for difficult concepts, and discussion topics, visit the CCNA Community at http://community.netacad.net/web/ccna/files. If you have lesson plans or resources that you would like to share, upload them to the CCNA Community to help other instructors. 12

Chapter 7: Topics Not in ICND2 200-101 This section lists topics covered by this chapter that are NOT listed in the ICND2 200-101 Blueprint. Those topics are posted at http://www.cisco.com/web/learning/exams/list/icnd1b.html. Instructors could skip these sections; however, they should provide additional information and fundamental concepts to assist the student with the topic. 13

Chapter 7: Topics Not in 200-101 ICND2 What sections of this chapter are NOT in the 200-101 ICND2 certification blueprint? 7.0.1 Topic - Introduction 7.1 Section - VPNs 7.2 Section – Site-to-Site GRE Tunnels 7.3 Section – Introducing IPsec 7.4 Section – Remote Access 7.5 Summary 14