8 Public IP Addressing Schemes Obtain a public IP address range. Ensure that the range has enough addresses. Consider cost. Improve performance by excluding Network Address Translation (NAT). Consider security issues in your design.
13 Default Gateway Forwards IP packets to other subnets or routers Is not required on routers, IP switches, or NAT devices Use a router as the default gateway when It is the only router on the subnet Most traffic goes through that router Routers use Internet Group Membership Protocol (IGMP) messages to identify better route paths
14 VLSM Reduces routing table entries Uses address space more efficiently VLSM design considerations Arrange routers hierarchically. Highest-level subnet mask allocates least number of bits. Lower-level subnet masks assign more bits. Lowest-level subnet mask supports maximum number of hosts.
16 CIDR Replaces class-based IP addressing system Adds network prefix to IP address Is similar to VLSM; implemented by ISPs Is flexible Allows routing table aggregation
17 IPSec and VPN in TCP/IP Data Protection Internet Protocol Security (IPSec) Is an extension of TCP/IP Is supported only by Microsoft Windows 2000 Protects specific servers and resources Provides end-to-end encryption
18 IPSec and VPN in TCP/IP Data Protection (Cont.) Virtual private network (VPN) Allows remote access Is supported by many operating systems Protects an entire subnet Provides point-to-point encryption Uses a screened subnet
19 IPSec Connection Process Check IPSec policies Perform Internet Key Exchange (IKE) Establish the security association Exchange encrypted data
20 IPSec Policies Customize IPSec security with policies. Specify other IPSec rules in your policies. Use the default policies as the base for custom policies. Client (Respond Only) Server (Request Security) Secure Server (Require Security)
21 IPSec Modes Transport mode Multiple IPSec-enabled devices End-to-end encryption Tunnel mode One other IPSec-enabled device Point-to-point encryption
23 IPSec Integrity Checking and Data Encryption Authentication Headers (AH) protocol Use for integrity checking. Use when not encrypting data. Do not use for packets going through NAT. Encapsulating Security Payloads (ESP) Use for encrypting data. Choose among three encryption algorithms.
24 VPN Data Protection Point-to-Point Tunneling Protocol (PPTP) The industry standard Supported by various operating systems Layer 2 Tunneling Protocol (L2TP) Draft RFC-based protocol Supported by Windows 2000