CCNA Security – Chapter 8 (VPN)

The IP Security (IPsec) protocol provides a framework for configuring secure VPNs and is commonly deployed over the Internet to connect branch offices, remote employees, and business partners. It is a reliable way to maintain communication privacy while streamlining operations, reducing costs, and allowing flexible network administration.
!
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of Network Layer protocol packet types inside IP tunnels. This creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. Other examples of VPNs that do not automatically include security measures are Frame Relay, ATM PVCs, and Multiprotocol Label Switching (MPLS) networks.
!
A VPN is a communications environment in which access is strictly controlled to permit peer connections within a defined community of interest.
!
Virtual: Information within a private network is transported over a public network.
Private: The traffic is encrypted to keep the data confidential.
!
Common examples of Layer 3 VPNs are GRE, MPLS, and IPsec. Layer 3 VPNs can be point-to-point site connections such as GRE and IPsec, or they can establish any-to-any connectivity to many sites using MPLS.
!
The VPN remains static, and internal hosts have no knowledge that a VPN exists. Frame Relay, ATM, GRE, and MPLS VPNs are examples of site-to-site VPNs.
!
A site-to-site VPN is an extension of a classic WAN network. Site-to-site VPNs connect entire networks to each other, for example, they can connect a branch office network to a company headquarters network. In the past, a leased line or Frame Relay connection was required to connect sites, but because most corporations now have Internet access, these connections can be replaced with site-to-site VPNs.
!
Remote-access VPNs are an evolution of circuit-switching networks, such as plain old telephone service (POTS) or ISDN. Remote-access VPNs support a client / server architecture where a VPN client (remote host) requires secure access to the enterprise network via a VPN server device at the network edge.
!
In the past, corporations supported remote users by using dial-in networks and ISDN. With the advent of VPNs, a mobile user simply needs access to the Internet to communicate with the central office. In the case of telecommuters, their Internet connectivity is typically a broadband connection.
!
!
The primary benefit of SSL VPN is that it is compatible with Dynamic Multipoint VPNs (DMVPNs), Cisco IOS Firewalls, IPsec, intrusion prevention systems (IPSs), Cisco Easy VPN, and Network Address Translation (NAT).
!
Generic routing encapsulation (GRE) is a tunneling protocol defined in RFC 1702 and RFC 2784. It was originally developed by Cisco Systems for creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
!
GRE supports multiprotocol tunneling. It can encapsulate multiple protocol packet types inside an IP tunnel. Adding an additional GRE header between the payload and the tunneling IP header provides the multiprotocol functionality
!
GRE tunnels are stateless. Each tunnel endpoint keeps no information about the state or availability of the remote tunnel endpoint.
!
GRE does not include any strong security mechanisms to protect its payload.
!
!

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s