Académique Documents
Professionnel Documents
Culture Documents
VPN
Eric Hlutke
Cisco Systems, Inc.
Presentation_ID
Presentation_ID
What is encryption?
Encryption is the conversion of plain- text into cipher-text using a predetermined algorithm
Generally the cipher text is the same length as the plain text
Often a key is used to generate a ciphertext from an algorithm for a particular
plain text
-
Saadat Malik
www.cisco.com
Saadat Malik
www.cisco.com
Saadat Malik
www.cisco.com
What is IPSEC?
Saadat Malik
www.cisco.com
IPSec Protocols
Encryption
Data Privacy
Integrity/Authentication
DES
Data Encryption Standard
3DES
Triple Data Encryption
Standard
IKE
Internet Key Exchange
RSA / DSS
Rivest, Shamir, Adelman /
Digital Signature Standard
X.509v3
Digital Certificates
MD5 / SHA
Message Digest 5 / Secure
Hash Algorithm
Saadat Malik
Modes
www.cisco.com
AH / ESP
Authentication
Header /
Encapsulating
Security Payload
Tunnel /
Transport
Network to
Network / Host to
Host
RC2
IDEA
RC5
Blowfish
MMB
RSA
CA-1.1
Lucifer
Madryga
Saadat Malik
IPSec Standard
Encryption
Algorithm
SkipJack
GOST
FEAL
CAST
REDOC
SAFER
LOKI
3-Way
Khufu/Khafre
CRAB
www.cisco.com
What is DES/3DES?
3DES
DES
www.cisco.com
Why IPSEC?
intranet
internet
www.cisco.com
10
Saadat Malik
www.cisco.com
11
Saadat Malik
www.cisco.com
12
Saadat Malik
www.cisco.com
13
IPSec
IPSec
Alices
router
Bobs
router
IKE
IKE Tunnel
Saadat Malik
IKE
3. Negotiation complete.
Alice and Bob now have
complete set of SAs in place
www.cisco.com
14
Saadat Malik
www.cisco.com
15
IP D
(Enc ata
rypt
ed)
IP S e c H e a d e
r
ESP
IP
H
He
ad
er
Saadat Malik
www.cisco.com
16
IKE
IPSec
Data
Saadat Malik
www.cisco.com
17
IPSec
Bob
Alice
Saadat Malik
www.cisco.com
18
Presentation_ID
19
Saadat Malik
www.cisco.com
20
www.cisco.com
21
www.cisco.com
22
Saadat Malik
www.cisco.com
23
Saadat Malik
Saadat Malik
25
www.cisco.com
26
Presentation_ID
27
VPN Models
Saadat Malik
www.cisco.com
28
Server
VPN
Concentrator
Internet
Tunnel
Modem
ISDN
Cable
DSL
Client
Components
Software Client
Tunneling Protocols
PPTP, L2TP, and IPSec
VPN Concentrator
Saadat Malik
www.cisco.com
29
Server
VPN
Concentrator
Internet
Tunnel
Components
3002 Hardware Client
Tunneling Protocols
PPTP, L2TP, and IPSec
VPN Concentrator
Saadat Malik
www.cisco.com
30
Server
VPN
Concentrator
Internet
Tunnel
Components
PIX Hardware
Tunneling Protocols
PPTP, L2TP, and IPSec
VPN Concentrator
Saadat Malik
www.cisco.com
31
Components
VPN Concentrators
Tunneling Protocols
IPSec
Saadat Malik
www.cisco.com
32
VPN Hardware
Presentation_ID
33
Broadband performance
Scalable encryption
Redundant, hot swap SEPs
with stateful SEP failover
Stateless chassis failover
(VRRP)
Scalable
Encryption
Processor
(SEP)
Saadat Malik
www.cisco.com
34
Browser Login
Saadat Malik
www.cisco.com
35
Toolbar
Table of
Contents
Manager
Screen
Saadat Malik
www.cisco.com
36
Quick Configuration
Saadat Malik
www.cisco.com
37
IPSec Client
Saadat Malik
www.cisco.com
38
Saadat Malik
Win NT 4
www.cisco.com
39
Saadat Malik
www.cisco.com
40
Saadat Malik
www.cisco.com
41
Status Details
Saadat Malik
www.cisco.com
42
Drop
down
Buttons
Tabs
Saadat Malik
www.cisco.com
43
Appendix A
Presentation_ID
Presentation_ID
1999,
1999,Cisco
Cisco Systems,
Systems, Inc.
Inc.
www.cisco.com
44
Saadat Malik
www.cisco.com
45
Appendix B
Presentation_ID
Presentation_ID
1999,
1999,Cisco
Cisco Systems,
Systems, Inc.
Inc.
www.cisco.com
46
Presentation Acronyms
3DES Triple Data Encryption Standard
AAA Authentication, Authorization, and Accounting
AES Advanced Encryption Standard
AH Authentication Header
CA Certificate Authority
CAW Certificate Authority Workstation
CBC Cipher Block Chaining
CRL Certificate Revocation List
DES Data Encryption Standard
DH Diffie-Hellman
DSA Digital Signature Algorithm
DSS Digital Signature Standard
ESP Encapsulating Security Protocol
HMAC Hash-Based Message Authentication Code
Saadat Malik
www.cisco.com
47
Saadat Malik
www.cisco.com
48
F0_6919_X
Saadat
www.cisco.com
49
49