Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPSec VPN Chapter 13 of Malik.

Published byRudolph Bailey Modified over 5 years ago

Similar presentations

Presentation on theme: "IPSec VPN Chapter 13 of Malik."— Presentation transcript:

1 IPSec VPN Chapter 13 of Malik

2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol

3 Types of IPsec VPNs Site-to-site (aka LAN-to-LAN) IPsec VPN
Figure 13-1 Question: no concentrator? Remote-access client IPsec VPN Figure 13-2 Unique challenges: (see p.317) IPsec clients use unknown-to-gateway IP addresses to connect to the gateway Client’s IP address assigned by the ISP is not compatible with the private network’s addressing. The clients must use the DNS server, DHCP server, and other such servers on the private network. PAT can no longer function as normal (because ESP encrypts all the port info in the TCP or UDP header). * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable.

4 Phases of IPsec Connection initiated IKE main mode or aggressive mode
Results: creation of an IKE Security Association (SA) between the two IPsec peers A set of 3 session keys are established Quick mode creation of two IPsec SAs between the two peers (incoming SA and outgoing SA) Generate a pair of IPsec keys (one for each of the SAs) Data communication (using ESP or AH) * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable.

5 IPsec Negotiation using IKE
P.279: Authentication methods vs modes Preshared key Digital signature Encrypted nonces Main mode Aggressive mode * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable.

6 IPsec Negotiation using IKE
Example 1: Main mode using preshared key authentication followed by Quick mode negotiation pp Example 2: Main mode using DS authentication followed by Quick mode negotiation pp Example 3: Aggressive mode using Preshared key authentication (followed by Quick mode negotiation) pp * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable.

Download ppt "IPSec VPN Chapter 13 of Malik."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
Gursharan Singh Tatla SLIP and PPP 27-Mar-2011 1

Gursharan Singh Tatla SLIP and PPP 27-Mar
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
WAN Technologies Dial-up modem connections Cheap Slow

WAN Technologies Dial-up modem connections Cheap Slow
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.

IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
WAN Technologies Dial-up modem connections

WAN Technologies Dial-up modem connections
Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v. 2.1.2 Chapter.

Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.

Similar presentations

Ads by Google