SlideShare une entreprise Scribd logo

VPN presentation - moeshesh

Télécharger en tant que PPT, PDF
Mohamed Shishtawy
Mohamed Shishtawy
Technologie
1  sur  47
:(Virtual Private Network (VPN  VPN network provides the same secure site to site network connectivity for remote user over the internet.
?Why Have VPNs
:VPN Tunnels and Encryption
:VPN Security algorithms
: Symmetric key  Shared secret key is the same key is used by the sender (for encryption) and the receiver (for decryption).  Shared secret key is often used for long messages.
(Data Encryption Standard (DES
One iteration
: Key Exchange—Diffie-Hellman
:(Authentication (pre-shared key
HashFunction :( (MD5,SHA-1 is a formula used to convert a variable-length message into a single  .string of digits of a fixed length
: VPN protocols  L2TP (layer 2 tunneling protocol): is used to create a media-independent , multiprotocol virtual private dialup network (VPDN)…….but it does not provide encryption.  GRE(Generic routing encapsulation ) : with GRE tunneling cisco router at each site encapsulates protocol specific packets in IP HEADER creating point to point link to cisco router at other of an Ip cloud ,where the IP header is stripped off .  IPsec( IP security protocol ): is the choice for secure corporate VPNs .it can provide the security service using internet key exchange (IKE) to handle negotation of protocols and algortithms based on local polivy and to generate the encryption and authentication key to be used by IPSec.
Internet Key Exchange (IKE):  used to esablish ashared security policy and authentication keys for services such as IPSec that require keys .  one of its protocols is ISAKMP Internet Security Association and Key Management Protocol (ISAKMP): it is protocol used for implementing akey exchange and negotation of security association (SA)
Security association (SA):  It is the security database that contains all the security policy that the VPN will based on.  This security database contains that: 1-authentication ,encryption algorithm. 2-specification of network traffic. 3-IPsec protocols . 4-IPsec modes .
:IPsec protocols  Encapsulating Security Payload (ESP): a security protocol that provide data encryption and production with optional authentication …it can completely encapsulates user data  Authentication Header (AH): a security protocol that provide authentication .it can be used either by itself or with ESP
:Tunnel versus Transport Mode
Tasks to Configure IPSec (site to (site Task 1 – Prepare for IKE and IPSEC Task 2 – Configure IKE Task 3 – Configure IPSec Task 4 – Test and Verify IPSEC
Step1- Determine IKE(IKE Phase 1( Policy Determine the following policy details:  Key distribution method  Authentication method  IPSec peer IP addresses and hostnames IKE phase 1 policies for all peers  Encryption algorithm  Hash algorithm  IKE SA lifetime Goal : setup a secure commuication channel for negotiation of IPSec SA in phase2
Step2-Determine IPSec (IKE Phase 2( Policy Determine the following policy details:  IPSec algorithms and parameters for optimal security and performance  IPSec peer details  IP address and applications of hosts to be protected  IKE-initiated Sas Goal : these are security parameters used to protect data and messages exchanged between end points
Step 3—Check Current Configuration
Step4- Ensure the Network Works
Step 1—Enable IKE
Step 2—Create IKE Policies
Step 3—Configure ISAKMP Identity
Step4- Verify IKE Configuration
Step1- Configure Transform Sets
Step2- IPSec Security Association Lifetimes
Step 3—Create Crypto ACLs using Extended Access Lists
Purpose of Crypto Maps Crypto maps pull together the various parts configured for IPSec, including  The traffic to be protected by IPSec and a set of SAs  The local address to be used for the IPSec traffic  The destination location of IPSec-protected traffic  The IPSec type to be applied to this traffic
Step 4—Configure IPSec Crypto Maps & apply it to interfaces
 Display your configured IKE policies . show crypto isakmp policy  Display your configured transform sets. show crypto ipsec transform set  Display security associations show crypto isakmp sa  Display the current state of your IPSec SAs. show crypto ipsec sa  Display your configured crypto maps. show crypto map  Enable debug output for IPSec events. debug crypto ipsec  Enable debug output for ISAKMP events. debug crypto isakmp
:VPN Remote access  The requirements for VPN Servers include the need for Internet Security Association and Key Management Protocol (ISAKMP) policies using Diffie-Hellman.  The VPN Remote feature does support transform sets providing Both encryption and authentication ; so it does not support Authentication Header (AH) authentication.
 AAA (authentication, authorization and accounting) servers : are used for more secure access in a remote-access VPN environment. AAA then checks the following:  Who you are (authentication)  What you are allowed to do (authorization)  What you actually do (accounting) The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes
: VPN Client  The installation of the Cisco VPN Client is a very straightforward process. A number of tasks must be completed to establish connectivity to a VPN head-end.  just start setup and the Welcome screen will be presented
 The Connection Entries screen is capable of holding multiple entries should multiple access sites. Click the New button at the top of the screen to open the Create New VPN Connection Entry dialog box, shown in Figure
 Authentication Tab  Group Authentication—A username and password is necessary to complete the VPN profile.
 Transport Tab The Transport tab allows the configuration of transparent tunneling as well as the choice of whether to use IPsec over UDP or TCP.
 Backup Servers Tab: The VPN client contains a Backup Servers tab to configure a single connection with the capability to connect to multiple servers.
Finish the Connection Configuration  From the main VPN Client window, you can establish a VPN connection by highlighting one of the profiles and clicking the Connect button at the top of the window. If the connection parameters were properly configured, the VPN connection is successful.
 After a VPN connection is established, various statistics about the connection are available. From the Status pull-down menu, select Statistics. This launches the Statistics window.
VPN presentation - moeshesh

Recommandé

Chapter 2 - Types of Computer Networks-converted e.pptx
Chapter 2 - Types of Computer Networks-converted e.pptxChapter 2 - Types of Computer Networks-converted e.pptx
Chapter 2 - Types of Computer Networks-converted e.pptxtahaniali27
 
Spoofing
SpoofingSpoofing
SpoofingGreater Noida Institute Of Technology
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationKuldeep Padhiyar
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
projet sur le vpn presentation
projet sur le vpn presentationprojet sur le vpn presentation
projet sur le vpn presentationManuel Cédric EBODE MBALLA
 
Les Vpn
Les VpnLes Vpn
Les Vpnmedalaa
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 

Recommandé

Chapter 2 - Types of Computer Networks-converted e.pptx
Chapter 2 - Types of Computer Networks-converted e.pptxChapter 2 - Types of Computer Networks-converted e.pptx
Chapter 2 - Types of Computer Networks-converted e.pptxtahaniali27
 
Spoofing
SpoofingSpoofing
SpoofingGreater Noida Institute Of Technology
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationKuldeep Padhiyar
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
projet sur le vpn presentation
projet sur le vpn presentationprojet sur le vpn presentation
projet sur le vpn presentationManuel Cédric EBODE MBALLA
 
Les Vpn
Les VpnLes Vpn
Les Vpnmedalaa
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 
Intruders
IntrudersIntruders
Intruderstechn
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Vpn
VpnVpn
VpnNure Alam
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layertmavroidis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Email threats
Email threatsEmail threats
Email threatsShivam Tomar
 
Vpn
VpnVpn
Vpnmalekoff
 
Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN . Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN .Mouad Lousimi
 
Network address translation
Network address translationNetwork address translation
Network address translationKarppinen Ngoc Anh
 
Firewall
FirewallFirewall
FirewallYadh Krandel
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Transportlayer tanenbaum
Transportlayer tanenbaumTransportlayer tanenbaum
Transportlayer tanenbaumMahesh Kumar Chelimilla
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPNMustafa Jarrar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 

Contenu connexe

Tendances

Intruders
IntrudersIntruders
Intruderstechn
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layertmavroidis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN . Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN .Mouad Lousimi
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 

Tendances (20)

Intruders
IntrudersIntruders
Intruders
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
Vpn
VpnVpn
Vpn
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Email threats
Email threatsEmail threats
Email threats
 
Vpn
VpnVpn
Vpn
 
Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN . Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN .
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Firewall
FirewallFirewall
Firewall
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
 
Cryptography101
Cryptography101Cryptography101
Cryptography101
 
Transportlayer tanenbaum
Transportlayer tanenbaumTransportlayer tanenbaum
Transportlayer tanenbaum
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefits
 
Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référence
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 

En vedette

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPNMustafa Jarrar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)Nicole Allen
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generadorgermanunger
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Talal Al-Shammari
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize The Shift Project
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of DiversityAbrazil
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACaldo castillo navarro
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011Alba Torrent
 
Webquest london
Webquest londonWebquest london
Webquest londonNielswaem
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...Nicole Allen
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosAlberto Herranz Peris
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.SLCCLEH
 

En vedette (20)

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPN
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Radio Sua Voz
Radio Sua VozRadio Sua Voz
Radio Sua Voz
 
5 7
5 75 7
5 7
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generador
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize
 
Tp12 1
Tp12 1Tp12 1
Tp12 1
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of Diversity
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011
 
Proef Presentation
Proef Presentation Proef Presentation
Proef Presentation
 
Webquest london
Webquest londonWebquest london
Webquest london
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis años
 
Hurricane
HurricaneHurricane
Hurricane
 
Cenaclu literar
Cenaclu literarCenaclu literar
Cenaclu literar
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.
 

Similaire à VPN presentation - moeshesh

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2githe26200
 

Similaire à VPN presentation - moeshesh (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
I psecurity
I psecurityI psecurity
I psecurity
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Websecurity
Websecurity Websecurity
Websecurity
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Web Security
Web SecurityWeb Security
Web Security
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
 

Dernier

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

VPN presentation - moeshesh

  • 1.
  • 2.
  • 3. :(Virtual Private Network (VPN  VPN network provides the same secure site to site network connectivity for remote user over the internet.
  • 5. :VPN Tunnels and Encryption
  • 7. : Symmetric key  Shared secret key is the same key is used by the sender (for encryption) and the receiver (for decryption).  Shared secret key is often used for long messages.
  • 12. HashFunction :( (MD5,SHA-1 is a formula used to convert a variable-length message into a single  .string of digits of a fixed length
  • 13. : VPN protocols  L2TP (layer 2 tunneling protocol): is used to create a media-independent , multiprotocol virtual private dialup network (VPDN)…….but it does not provide encryption.  GRE(Generic routing encapsulation ) : with GRE tunneling cisco router at each site encapsulates protocol specific packets in IP HEADER creating point to point link to cisco router at other of an Ip cloud ,where the IP header is stripped off .  IPsec( IP security protocol ): is the choice for secure corporate VPNs .it can provide the security service using internet key exchange (IKE) to handle negotation of protocols and algortithms based on local polivy and to generate the encryption and authentication key to be used by IPSec.
  • 14. Internet Key Exchange (IKE):  used to esablish ashared security policy and authentication keys for services such as IPSec that require keys .  one of its protocols is ISAKMP Internet Security Association and Key Management Protocol (ISAKMP): it is protocol used for implementing akey exchange and negotation of security association (SA)
  • 15. Security association (SA):  It is the security database that contains all the security policy that the VPN will based on.  This security database contains that: 1-authentication ,encryption algorithm. 2-specification of network traffic. 3-IPsec protocols . 4-IPsec modes .
  • 16. :IPsec protocols  Encapsulating Security Payload (ESP): a security protocol that provide data encryption and production with optional authentication …it can completely encapsulates user data  Authentication Header (AH): a security protocol that provide authentication .it can be used either by itself or with ESP
  • 18. Tasks to Configure IPSec (site to (site Task 1 – Prepare for IKE and IPSEC Task 2 – Configure IKE Task 3 – Configure IPSec Task 4 – Test and Verify IPSEC
  • 19.
  • 20. Step1- Determine IKE(IKE Phase 1( Policy Determine the following policy details:  Key distribution method  Authentication method  IPSec peer IP addresses and hostnames IKE phase 1 policies for all peers  Encryption algorithm  Hash algorithm  IKE SA lifetime Goal : setup a secure commuication channel for negotiation of IPSec SA in phase2
  • 21. Step2-Determine IPSec (IKE Phase 2( Policy Determine the following policy details:  IPSec algorithms and parameters for optimal security and performance  IPSec peer details  IP address and applications of hosts to be protected  IKE-initiated Sas Goal : these are security parameters used to protect data and messages exchanged between end points
  • 22. Step 3—Check Current Configuration
  • 23. Step4- Ensure the Network Works
  • 24.
  • 27.
  • 29. Step4- Verify IKE Configuration
  • 30.
  • 32. Step2- IPSec Security Association Lifetimes
  • 33. Step 3—Create Crypto ACLs using Extended Access Lists
  • 34. Purpose of Crypto Maps Crypto maps pull together the various parts configured for IPSec, including  The traffic to be protected by IPSec and a set of SAs  The local address to be used for the IPSec traffic  The destination location of IPSec-protected traffic  The IPSec type to be applied to this traffic
  • 35. Step 4—Configure IPSec Crypto Maps & apply it to interfaces
  • 36.
  • 37.  Display your configured IKE policies . show crypto isakmp policy  Display your configured transform sets. show crypto ipsec transform set  Display security associations show crypto isakmp sa  Display the current state of your IPSec SAs. show crypto ipsec sa  Display your configured crypto maps. show crypto map  Enable debug output for IPSec events. debug crypto ipsec  Enable debug output for ISAKMP events. debug crypto isakmp
  • 38. :VPN Remote access  The requirements for VPN Servers include the need for Internet Security Association and Key Management Protocol (ISAKMP) policies using Diffie-Hellman.  The VPN Remote feature does support transform sets providing Both encryption and authentication ; so it does not support Authentication Header (AH) authentication.
  • 39.  AAA (authentication, authorization and accounting) servers : are used for more secure access in a remote-access VPN environment. AAA then checks the following:  Who you are (authentication)  What you are allowed to do (authorization)  What you actually do (accounting) The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes
  • 40. : VPN Client  The installation of the Cisco VPN Client is a very straightforward process. A number of tasks must be completed to establish connectivity to a VPN head-end.  just start setup and the Welcome screen will be presented
  • 41.  The Connection Entries screen is capable of holding multiple entries should multiple access sites. Click the New button at the top of the screen to open the Create New VPN Connection Entry dialog box, shown in Figure
  • 42.  Authentication Tab  Group Authentication—A username and password is necessary to complete the VPN profile.
  • 43.  Transport Tab The Transport tab allows the configuration of transparent tunneling as well as the choice of whether to use IPsec over UDP or TCP.
  • 44.  Backup Servers Tab: The VPN client contains a Backup Servers tab to configure a single connection with the capability to connect to multiple servers.
  • 45. Finish the Connection Configuration  From the main VPN Client window, you can establish a VPN connection by highlighting one of the profiles and clicking the Connect button at the top of the window. If the connection parameters were properly configured, the VPN connection is successful.
  • 46.  After a VPN connection is established, various statistics about the connection are available. From the Status pull-down menu, select Statistics. This launches the Statistics window.