SITE TO SITE VPN
IP Sec: Set of rules for securing data communication across a public, untrusted network
suchas the Internet.
suchas the Internet.
Encryption: DES, 3DES (Data encryption Standard), AES (Advanced Encryption Standard).
Symmetric: Symmetric keys uses the same values to both encrypt and decrypt the data.
Asymmetric: Asymmetric keys use one value to encrypt the data and another one to
decrypt It.Hell-man
decrypt It.Hell-man
Authentication: hash-based msg authentication codes (HMAC) combines a hash function.
MD5 or SHA1 (Secure Hash Algorithm) with Shared Key.
IP sec Header
Authentication Header: Authenticate the packet include the ip header. Ip Port no 51
Encapsulation Security Pay load:
Encrypts packet payloads and can optional authenticates. It adds a header and a
trailerto the packet. The packet is encrypted first and then put through the hash
mechanism. IP Port no 50
trailerto the packet. The packet is encrypted first and then put through the hash
mechanism. IP Port no 50
IP sec Mode: Transport Mode or tunnel mode.
Headers difference only.
Transport mode: uses the original IP header. The data payload can be encrypted.
Transport mode is often used with Generic routing encapsulation (GRE).
Transport mode is often used with Generic routing encapsulation (GRE).
Tunnel Mode: Replace the original IP header with a tunnel header. The ESP header is
placed after the new header before the original one.
The original ip header can be encrypted along with the data payload and the packet can
be Authenticated from the ESP header back.
be Authenticated from the ESP header back.
When IPSec establishes a VPN between two peers, it sets up a Security Association (SA)
between them.
The Internet Security Association and Key Management Protocol (ISAKMP) defines how SA is
Created and deleted.
Internet Key Exchange (IKE) Mode: Main and Aggressive
Configuring a Site to Site VPN
1. Configure the ISAKMP Policy
2. Configure the crypto access control list (ACL)
3. Configure the IPSec transform Set or sets.
4. Configure the crypto Map.
5. Apply the Crypto Map to the outgoing interface.
6. Optionally configure and apply an ACL that permits only IPSec or IKE traffic.
IKE Phase 1 (Internet Key Exchange Phase 1)
Setup Secure Communication channel between peers. A Basic setup of security
services are negotiated and agreed between peers. The security service protects all the
sub Sequent communication between peers.
sub Sequent communication between peers.
IKE Phases 2
IKE negotiation IPSEC Security Association (SA) Parameters and setup matching
IPSEC SA in the peers. The security parameters are used to protect data and msg that are
exchange between endpoints.
IPSEC SA in the peers. The security parameters are used to protect data and msg that are
exchange between endpoints.
grt
ReplyDeleteThat is really nice to hear. thank you for the update and good luck. windscribe free
ReplyDeleteGreat article with excellent idea!Thank you for such a valuable article. I really appreciate for this great information.. tor vs vpn
ReplyDeleteYour blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing. Keep blogging.. avast vpn torrenting
ReplyDelete