Professional Documents
Culture Documents
Implementing Virtual Private Networks: CCNA Security v2.0
Implementing Virtual Private Networks: CCNA Security v2.0
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 8.1:
VPNs
Upon completion of this section, you should be able to:
Describe VPNs and their benefits.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 8.1.1:
VPN Overview
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introducing VPNs
VPN Benefits:
Cost Savings
Security
Scalability
Compatibility
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Layer 3 IPsec VPNs
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Topic 8.1.2:
VPN Technologies
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Two Types of VPNs
Remote-Access VPN
Site-to-Site VPN
Access
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Components of Remote-Access VPNs
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Components of Site-to-Site VPNs
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Section 8.2:
IPsec VPN Components and
Operation
Upon completion of this section, you should be able to:
Describe the IPsec protocol and its basic functions.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Topic 8.2.1:
Introducing IPsec
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
IPsec Technologies
IPsec Implementation
IPsec Framework Examples
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Confidentiality
Confidentiality with Encryption:
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Confidentiality (Cont.)
Encryption Algorithms:
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Integrity
Hash Algorithms
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Authentication
PSK
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Authentication (Cont.)
RSA
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Secure Key Exchange
Diffie-Hellman Key Exchange
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Topic 8.2.2:
IPsec Protocols
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
IPsec Protocol Overview
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Authentication Header
AH Protocols
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Authentication Header (Cont.)
Router Creates Hash and Transmits
to Peer
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
ESP
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
ESP Encrypts and Authenticates
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Transport and Tunnel Modes
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Transport and Tunnel Modes (Cont.)
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Topic 8.2.3:
Internet Key Exchange
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
The IKE Protocol
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Phase 1 and 2 Key Negotiation
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Phase 2: Negotiating SAs
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Section 8.3:
Implementing Site-to-Site IPsec
VPNs with CLI
Upon completion of this section, you should be able to:
Describe IPsec negotiation and the five steps of IPsec configuration.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Topic 8.3.1:
Configuring a Site-to-Site IPsec VPN
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
IPsec Negotiation
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
IPsec Negotiation (Cont.)
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Site-to-Site IPsec VPN Topology
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
IPsec VPN Configuration Tasks
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Existing ACL Configurations
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Existing ACL Configurations (Cont.)
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Introduction to GRE Tunnels
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Topic 8.3.2:
ISAKMP Policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
The Default ISAKMP Policies
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Syntax to Configure a New ISAKMP Policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
XYZCORP ISAKMP Policy Configuration
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Configuring a Pre-Shared Key
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Configuring a Pre-Shared Key (Cont.)
Pre-Shared Key Configuration
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Topic 8.3.3:
IPsec Policy
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Define Interesting Traffic
The IKE Phase 1 Tunnel Does Not Exist Yet
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Define Interesting Traffic (Cont.)
Configure an ACL to Define Interesting Traffic
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Configure IPsec Transform Set
The crypto ipsec transform-set Command
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Configure IPsec Transform Set (Cont.)
The crypto ipsec transform-set Command
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Topic 8.3.4:
Crypto Map
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Syntax to Configure a Crypto Map
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Syntax to Configure a Crypto Map (Cont.)
Crypto Map Configuration Commands
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
XYZCORP Crypto Map Configuration
Crypto Map Configuration:
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
XYZCORP Crypto Map Configuration (Cont.)
Crypto Map Configuration:
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Apply the Crypto Map
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Topic 8.3.5:
IPsec VPN
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Send Interesting Traffic
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Verify ISAKMP and IPsec Tunnels
Verify the ISAKMP Tunnel is Established
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Verify ISAKMP and IPsec Tunnels (Cont.)
Verify the IPsec Tunnel is Established
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Section 8.4:
Summary
Chapter Objectives:
Explain the purpose of VPNs.
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Thank you.
Instructor Resources
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64