12

vpn

2 kinds of connections over public network

  1. List line

  • ISP gives a dedicated link

  • Very expensive link

  1. VPN

  • Creates tunnels that allow users to connect over a public network

VPN Architecture

Remote Access VPN/ Client-to-site VPN

  • External users connecting to an internal network through one VPN gateway/server.

  • Only one VPN device

  • Normally, a piece of software is installed in the user's device

Site-to-Site VPN

  • Two VPN appliances

  • Connects two separate networks

  • No requirement to download any software to access resources in the other network.

VPN Encryption Protocols

TLS/SSL VPN

  • Used in client-to-site VPN

IPSec VPN

  • Contains several protocols

Key IPSec Protocols

Authentication Header (AH) Protocol

  • provides authentication, does not support encryption

  • mildly obsolete

Encapsulation Security Payload (ESP) Protocol

  • provides encryption and authentication

Internet Key Exchange (IKE) Protocol

  • Negotiation of VPN connection tunnel (called security association)

  • Has two phases - Phase 1 and Phase 2

    • Phase 1 - establish a secure channel for communication

    • Phase 2 - Data packets will go through

Configuration Steps

Both IP address of firewall in IKE Protocol should be in the same subnet

Checklist

  1. Configure L3 Interface

  2. Configure Tunnel Interface

  3. Configure a new Static Route

  4. Setup Crypto Profile

  5. Setup IKE Gateway

  6. Setup IPSec Tunnel

  7. Security Policy

  8. Test Connection

Previous11Next13

Last updated