© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Slides:



Advertisements
Similar presentations
Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.
Advertisements

Encrypting Wireless Data with VPN Techniques
Guide to Network Defense and Countermeasures Second Edition
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Implementing Virtual Private Networks.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Routing and Switching in the Enterprise – Chapter 1 Networking.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 8 – Implementing Virtual Private Networks.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
1. Collision domains are unsecure 2. The employees often need to remote access to corporate network resources  The Internet traffic is much more vulnerable.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
FINAL YEAR PROJECT. FINAL YEAR PROJECT IMPLEMENTATION OF VPN USING IPSEC.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
© 2006 Cisco Systems, Inc. All rights reserved. QOS Lecture 9 - WAN Link Efficiency Mechanisms.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Network Access for Remote Users Dr John S. Graham ULCC
Virtuelne Privatne Mreže 1 Dr Milan Marković. VPN implementations  In the following sections we will discuss these popular VPN implementation methods,
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
SECURITY IN VIRTUAL PRIVATE NETWORKS PRESENTED BY : NISHANT SURESH.
CSCI 465 Data Communications and Networks Lecture 26
Virtual Private Networks
IPSec Detailed Description and VPN
Virtual Private Networks
Virtual Private Networks
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
Implementing Quality of Service (QoS)
VPN: Virtual Private Network
Virtual Private Network zswu
Presentation transcript:

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.9: Implementing QoS Preclassify

© 2006 Cisco Systems, Inc. All rights reserved. Objectives  Describe a Virtual Private Network.  List popular VPN protocols and their characteristics.  Explain why a mechanism such as QoS Preclassify is necessary when implementing QoS with a VPN.  Explain how QoS Preclassify is used with GRE and IPsec tunnels.  Describe how to configure QoS Preclassify.

© 2006 Cisco Systems, Inc. All rights reserved. Virtual Private Networks  A VPN carries private traffic over a public network using advanced encryption and tunnels to protect: Confidentiality of information Integrity of data Authentication of users  VPN Types: Remote access: Client-initiated Network access server Site-to-site: Intranet Extranet

© 2006 Cisco Systems, Inc. All rights reserved. Encryption Overview

© 2006 Cisco Systems, Inc. All rights reserved. VPN Protocols ProtocolDescriptionStandard L2TP Layer 2 Tunneling Protocol Based on Cisco Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP), RFC 3631 GRE Generic Routing Encapsulation RFC 1701, RFC 1702, RFC 2748 IPsec Internet Protocol Security RFC 4301

© 2006 Cisco Systems, Inc. All rights reserved. QoS Preclassify  VPNs are growing in popularity.  The need to classify traffic within a traffic tunnel is also gaining importance.  QoS preclassify is a Cisco IOS feature that allows packets to be classified before tunneling and encryption occur.  Preclassification allows traffic flows to be adjusted in congested environments.

© 2006 Cisco Systems, Inc. All rights reserved. QoS Preclassify Applications  When packets are encapsulated by tunnel or encryption headers, QoS features are unable to examine the original packet headers and correctly classify packets.  Packets traveling across the same tunnel have the same tunnel headers, so the packets are treated identically if the physical interface is congested.

© 2006 Cisco Systems, Inc. All rights reserved. GRE Tunneling  ToS classification of encapsulated packets is based on the tunnel header.  By default, the ToS field of the original packet header is copied to the ToS field of the GRE tunnel header.  GRE tunnels commonly are used to provide dynamic routing resilience over IPsec, adding a second layer of encapsulation.

© 2006 Cisco Systems, Inc. All rights reserved. IPsec AH  IPsec AH is for authentication only and does not perform encryption.  With tunnel mode, the ToS byte value is copied automatically from the original IP header to the tunnel header.  With transport mode, the original header is used, and therefore the ToS byte is accessible.

© 2006 Cisco Systems, Inc. All rights reserved. IPsec ESP  IPsec ESP supports both authentication and encryption.  IPsec ESP consists of an unencrypted header followed by encrypted data and an encrypted trailer.  With tunnel mode, the ToS byte value is copied automatically from the original IP header to the tunnel header.

© 2006 Cisco Systems, Inc. All rights reserved. QoS Preclassification Deployment Options  Tunnel interfaces support many of the same QoS features as physical interfaces.  In VPN environments, a QoS service policy can be applied to the tunnel interface or to the underlying physical interface.  The decision about whether to configure the qos preclassify command depends on which header is used for classification.

© 2006 Cisco Systems, Inc. All rights reserved. QoS Preclassification IPsec and GRE Configuration Note: ToS byte copying is done by the tunneling mechanism and NOT by the qos pre-classify command. ! crypto map static-crypt 1 ipsec- isakmp qos pre-classify set peer ….etc ! interface Tunnel 0 etc.. qos pre-classify crypto map static-crypt ! interface Ethernet 0/1 service-policy output minbwtos crypto map static-crypt !  QoS preclassify allows access to the original IP header values.  QoS preclassify is not required if classification is based on the original ToS values since the ToS value is copied by default to a new header. IPsec and GRE configuration:

© 2006 Cisco Systems, Inc. All rights reserved. Configuring QoS Preclassify qos pre-classify router(config-if)# Enables the QoS preclassification feature. This command is restricted to tunnel interfaces, virtual templates, and crypto maps. GRE Tunnels router(config)# interface tunnel0 router(config-if)# qos pre-classify IPSec Tunnels router(config)# crypto map secured-partner router(config-crypto-map)# qos pre-classify

© 2006 Cisco Systems, Inc. All rights reserved. QoS Preclassify: Example

© 2006 Cisco Systems, Inc. All rights reserved. Self Check 1.What is the QoS preclassify feature? 2.What happens with the IP type of service (ToS) values when the packet is encapsulated for transport through a tunnel? 3.In VPN environments, where can the QoS service policy be applied? 4.What command is used to enable QoS preclassification?

© 2006 Cisco Systems, Inc. All rights reserved. Summary  A virtual private network (VPN) is defined as network connectivity deployed on a shared (public) infrastructure with the same policies and security as a private network.  The QoS preclassify feature provides a solution for making Cisco IOS QoS services operate in conjunction with tunneling and encryption on an interface. Cisco IOS software can classify packets and apply the appropriate QoS service before data is encrypted and tunneled. This allows service providers and enterprises to treat voice, video, and mission-critical traffic with a higher priority across service provider networks while using VPNs for secure transport.

© 2006 Cisco Systems, Inc. All rights reserved. Q and A

© 2006 Cisco Systems, Inc. All rights reserved. Resources  Quality of Service Options on GRE Tunnel Interfaces ch_note09186a e.shtml  Cisco IOS Quality of Service Solutions Configuration Guide guration_guide_book09186a d50.html

© 2006 Cisco Systems, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.