Categories

• 350-018-lab
• 350-018-Written
• AAA
• CCIE Humor
• Cisco Certification
• Citrix Certification
• Cognos Certification
• CompTIA Certification
• CTP Certification
• CWNP Certification
• EC-Council Certification
• Enterasys Networks Certification
• EXIN
• IBM Certification
• Inc Certification
• IOS firewall
• IPS
• ISEB Certification
• Juniper Certification
• News
• Oracle Certification
• PIX
• Resource sharing
• VMware Certification
• VPN

Spam Blocked

5,238 spam comments

blocked by
Akismet

IPsec Virtual Private Network Fundamentals free download

By admin | April 23, 2009

An introduction to designing and configuring Cisco IPsec VPNs

Understand the basics of the IPsec protocol and learn implementation best practices

Study up-to-date IPsec design, incorporating current Cisco innovations in the security and VPN marketplace

Learn how to avoid common pitfalls related to IPsec deployment

Reinforce theory with case studies, configuration examples showing how IPsec maps to real-world solutions

IPsec Virtual Private Network Fundamentals provides a basic working knowledge of IPsec on various Cisco routing and switching platforms. It provides the foundation necessary to understand the different components of Cisco IPsec implementation and how it can be successfully implemented in a variety of network topologies and markets (service provider, enterprise, financial, government). This book views IPsec as an emerging requirement in most major vertical markets, explaining the need for increased information authentication, confidentiality, and non-repudiation for secure transmission of confidential data. The book is written using a layered approach, starting with basic explanations of why IPsec was developed and the types of organizations relying on IPsec to secure data transmissions. It then outlines the basic IPsec/ISAKMP fundamentals that were developed to meet demand for secure data transmission. The book covers the design and implementation of IPsec VPN architectures using an array of Cisco products, starting with basic concepts and proceeding to more advanced topics including high availability solutions and public key infrastructure (PKI). Sample topology diagrams and configuration examples are provided in each chapter to reinforce the fundamentals expressed in text and to assist readers in translating concepts into practical deployment scenarios. Additionally, comprehensive case studies are incorporated throughout to map topics to real-world solutions.

• Chapter 1, “Introduction to VPN Technologies” This chapter includes an introduction to various VPN technologies, discusses how VPNs are utilized in today’s networks, and identifies the drivers for business migration to VPN technologies. The discussion in this chapter provides the reader with a high-level overview of VPN, particularly with a comparison between Multiprotocol Label Switching (MPLS), Virtual Private Dialup Network (VPDN), Secure Sockets Layer (SSL), and IPsec VPNs. After a brief comparison of the VPN technologies, the focus turns to the business drivers for VPN, which include both economics and security.

• Chapter 2, “IPsec Fundamentals” This chapter focuses on the underlying components and mechanics of IPsec, including cryptographic components, Internet Key Exchange (IKE), and IPsec. This chapter includes basic configuration examples (not step-by-step) to demonstrate the concepts.

• Chapter 3, “Basic IPsec VPN Topologies and Configurations” This chapter demonstrates building of basic VPN topologies using the knowledge gained in the previous chapters. Three basic topologies are discussed: hub-and-spoke without generic routing encapsulation (GRE), hub-and-spoke VPN with GRE, and remote-access VPN.

• Chapter 4, “Common IPsec VPN Issues” IPsec deployments can involve a number of potential pitfalls if not properly addressed. Chapter 4 discusses the common IPsec VPN issues that a network engineer should take into consideration during the design and deployment process. It discusses common troubleshooting techniques to diagnose these problems should they occur in your network. Design solutions to the common VPN issues presented in this chapter are provided, along with the appropriate design verification techniques.

Part II consists of Chapters 5 through 10. The topics discussed here build on the introductory concepts from Part I, extending them to encompass a common architectural goal: High Availability. Additional architectural variations are provided so as to present a comprehensive scope of design options available. The chapters in Part II include:

• Chapter 5, “Designing for High Availability” This chapter discusses the basic principles of an HA VPN design. Based on these principles, subsequent chapters develop solutions for local and geographical HA and discuss issues and options for achieving HA in multi-vendor VPN environments.

• Chapter 6, “Solutions for Local Site-to-Site High Availability” This chapter uses concepts previously described to develop solutions for local HA, including the use of highly available interface for IPsec tunnel termination, stateless tunnel termination HA, and stateful tunnel termination HA.

• Chapter 7, “Solutions for Geographic Site-to-Site High Availability” This chapter uses concepts previously described to develop solutions for geographic HA. This chapter discusses RRI, IPsec with GRE tunnels, and Dynamic Multipoint VPN.

• Chapter 8, “Handling Vendor Interoperability with High Availability” Unfortunately, current IPsec standards do not address HA. This leads to interoperability issues among vendors. This chapter discusses common issues and details the options that exist to handle these scenarios.

• Chapter 9, “Solutions for Remote Access VPN High Availability” This chapter discusses the HA concepts previously discussed in Chapters 6 and 7 in the context of RAVPN deployments. Additionally, it covers other HA tools commonly found in RAVPNs, including the use of VPN concentrator clustering with VCA and DNS-based load balancing.

• Chapter 10, “Further Architectural Options for IPsec” This chapter discusses other architectural variations in designing VPN solutions. It describes each option with usage considerations and finishes with case studies of each.

IPsec VPN design concepts range from fundamental cryptographic operations to dynamic spoke-to-spoke peering and MPLS VPN routing and forwarding (VRF)-Aware IPsec VPNS. Although the scope of this book is firmly centered around the fundamental concepts of IPsec VPN design, the chapters included in Part III provide design guidance around two advanced topics of IPsec that are quite commonly deployed in today’s enterprise-class IP networks:

• Chapter 11, “Public Key Infrastructure and IPsec VPNs” This chapter discusses the usage of public key infrastructure (PKI) to authenticate IPsec peers via Rivest, Shamir, and Adelman (RSA) signatures. This method uses a certificate authority as a trusted third party to secure and scale IKE authentication. As organizations become more Public Key Infrastructure (PKI)-aware, this will become the de facto authentication mechanism.

• Chapter 12, “Solutions for Handling Dynamically Addressed Peers” Dynamic peers allow network administrators to ensure network connectivity when remote network peers are either not known in advance or change to an unknown value over time. Dynamic peers also require less administrative effort than do static peers. This chapter addresses IPsec dynamic peering options, some of which are less commonly used, and others that are more prolific in various architectures.

Click here to free download this file :IPsec Virtual Private Network Fundamentals

Topics: Resource sharing, VPN |

Comments

Name (required)

Mail (will not be published) (required)

Website