© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Slides:



Advertisements
Similar presentations
Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
Internet Security Seminar Class CS591 Presentation Topic: VPN.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 8 – Implementing Virtual Private Networks.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
RE © 2003, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.
© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Chapter 8: Implementing Virtual Private Networks
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.
Implementing Secure Converged Wide Area Networks (ISCW) Module 3.3.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—15-1 Lesson 15 Configuring PIX Firewall Remote Access Using Cisco Easy VPN.
Virtual Private Network Configuration
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Lesson 12 Configuring Security Appliance Remote Access Using Cisco Easy VPN © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—12-1.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Module 4: Configuring Site to Site VPN with Pre-shared keys
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
SECURING NETWORK TRAFFIC WITH IPSEC
IPSec VPN Chapter 13 of Malik.
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 2 Lesson 6.1 An Introduction to Cisco Easy VPN Module 6 – Configure Remote Access VPN

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 3 Module Introduction  Virtual private networks (VPNs) use advanced encryption techniques and tunneling to permit organisations to establish secure, end-to-end, private network connections over third-party networks such as the Internet  Cisco offers a wide range of VPN products, including VPN- optimised routers, PIX security and Adaptive Security Appliances (ASA), and dedicated VPN concentrators. These infrastructure devices are used to create VPN solutions that meet the security requirements of any organisation  This module explains fundamental terms associated with VPNs, including the IP Security protocol, and Internet Key Exchange. It then details how to configure various types of VPN, using various currently available methods

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 4 Cisco Easy VPN  Eliminates tedious work by implementing the Cisco Unity Client protocol to allow administrators to define most VPN parameters at a Cisco IOS Easy VPN Server  Cisco Easy VPN Remote allows devices to act as remote VPN clients –Routers running IOS Release 12.2(4)YA (or later) –PIX firewalls –Cisco hardware clients  Cisco IOS Easy VPN Server can be these devices that supports the Cisco Unity Client protocol –VPN 3000 Concentrator –PIX Firewall –IOS router

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 5 Cisco Easy VPN  Cisco Easy VPN simplifies deployment.  When the Easy VPN Remote initiates the VPN tunnel connection, the Cisco Easy VPN Server pushes the IPsec policies to the Cisco Easy VPN Remote client and creates the corresponding VPN tunnel connection  Cisco Easy VPN Remote provides for automatic management of: The negotiation of tunnel parameters Establishment of tunnels NAT or PAT and ACLs creation as needed Authentication of users by usernames, group names, and passwords Security keys for encryption and decryption Authenticating, encrypting, and decrypting data through the tunnel

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 6 Easy VPN Components  Cisco Easy VPN Server  The Cisco Easy VPN Server pushes security policies that are defined at the headend to the remote VPN device  Cisco Easy VPN Server-enabled device can terminate IPsec tunnels that are initiated by mobile remote workers running VPN Client software on PCs.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 7 Easy VPN Components  Cisco Easy VPN Remote  These devices can receive security policies from a Cisco Easy VPN Server, minimizing VPN configuration requirements at the remote location  This cost-effective solution is ideal for remote offices with little IT support

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 8 Requirements and Restrictions for Cisco Easy VPN Server

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 9 Limitations  DH Group The Cisco Unity Client protocol supports only ISAKMP policies that use DH Group 2 (1024-bit)  Transform Sets Supported The Cisco Unity Client protocol does not support Authentication Header (AH) authentication but does support Encapsulating Security Payload (ESP)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 10 Easy VPN Server and Easy VPN Remote Operation Step 1The VPN client initiates the IKE Phase 1 process Step 2The VPN client establishes an SA Step 3The Easy VPN Server accepts the SA proposal Step 4The Easy VPN Server initiates a username and password challenge Step 5The mode configuration process is initiated Step 6The RRI process is initiated Step 7IPsec quick mode completes the connection

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 11 Step 1: The VPN Client Initiates the IKE Phase 1 Process

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 12 Step 2: The VPN Client Establishes an ISAKMP SA The VPN client attempts to establish an SA between peer IP addresses by sending multiple ISAKMP proposals to the Easy VPN Server. To reduce manual configuration on the VPN client, these ISAKMP proposals include several combinations of the following: Encryption and hash algorithms Authentication methods Diffie-Hellman group sizes

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 13 Step 3: The Cisco Easy VPN Server Accepts the SA Proposal The Easy VPN Server searches for a match: The first proposal to match the server list is accepted (highest- priority match). The ISAKMP SA is successfully established. Device authentication ends and user authentication begins.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 14 Step 4: The Cisco Easy VPN Server Initiates a Username and Password Challenge If the Easy VPN Server is configured for Xauth, the VPN client waits for a username and password challenge: The username and password information is checked against authentication entities using AAA.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 15 Step 5: The Mode Configuration Process Is Initiated If the Easy VPN Server indicates successful authentication, the VPN client requests the remaining configuration parameters from the Easy VPN Server: Mode configuration starts. The remaining system parameters (IP address, DNS, split tunneling information, and so on) are downloaded to the VPN client. IP address is the only required parameter in a group profile. All other parameters are optional

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 16 Step 6: The RRI Process Is Initiated RRI ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client RRI is used when per-user IP addresses are used when more than one Easy VPN Server is used Redistributing static routes into an IGP allows the server site routers to find the appropriate Easy VPN Server to use for return traffic to clients.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 17 Step 7: IPsec Quick Mode Completes the Connection After the configuration parameters have been successfully received by the VPN client, IPsec quick mode is initiated to negotiate IPsec SA establishment. After IPsec SA establishment, the VPN connection is complete.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.