Previous Chapter Next Chapter 

Module 3: IPsec VPNs

3.1 Introducing VPN Technology
3.1.1 What Is Needed to Build a VPN?
3.1.2 Overlay and Peer-to-Peer VPN Architecture
3.1.3 VPN Topologies
3.1.4 Characteristics of a Secure VPNs
3.1.5 VPN Security: Encapsulation
3.1.6 VPN Security: IPsec and GRE
3.1.7 VPN Security: Symmetric and Asymmetric Encryption Algorithms
3.1.8 Symmetric Encryption Algorithms
3.1.9 Asymetric Encryption
3.1.10 Diffie-Hellman Key Exchange
3.1.11 Data Integrity
3.1.12 VPN Security: Authentication
3.2 Understanding IPsec Components and IPsec VPN Features
3.2.1 IPsec Security Features
3.2.2 IPsec Protocols and Headers
3.2.3 Internet Key Exchange
3.2.4 IKE Phases and Modes
3.2.5 Other IKE Functions
3.2.6 ESP and AH Protocols, Transport, and Tunnel Modes
3.2.7 AH Authentication and Integrity
3.2.8 ESP Protocol
3.2.9 Message Authentication and Integrity Check
3.2.10 PKI Environment
3.3 Implementing Site-to-Site IPsec VPN Operations
3.3.1 Site-to-Site IPsec VPN Operations
3.3.2 Step 2: IKE Phase 1
3.3.3 Step 3: IKE Phase 2
3.3.4 IPsec Tunnel Operation
3.3.5 Configuring a Site-to-Site IPsec VPN
3.4 Configuring IPsec Site-to-Site VPN Using SDM
3.4.1 Cisco SDM Features
3.4.2 Introducing the SDM VPN Wizard Interface
3.4.3 Site-to-Site VPN Components
3.4.4 Launching the Site-to-Site VPN Wizard
3.4.5 Using the Step-by-Step Wizard
3.4.6 Test, Monitor, and Troubleshoot Tunnel Configuration and Operation
3.5 Configuring GRE Tunnels over IPsec
3.5.1 Generic Routing Encapsulation
3.5.2 Secure GRE Tunnels?
3.5.3 Configuring GRE over IPsec Site-to-Site Tunnel Using SDM
3.5.4 Backup GRE Tunnel Information
3.5.5 Configuring VPN Authentication
3.5.6 Configuring IKE Proposals
3.5.7 Configuring the Transform Set
3.5.8 Routing Information
3.5.9 Completing the Configuration
3.5.10 Testing, Monitoring and Troubleshooting GRE Tunnel Configuration
3.6 Configuring High-Availability VPNs
3.6.1 High Availability for IOS IPsec VPNs
3.6.2 IPsec Backup Peer
3.6.3 Hot Standby Routing Protocol
3.6.4 HSRP for Default Gateway at Remote Site
3.6.5 HSRP for Head-end IPsec Routers
3.6.6 IPsec Stateful Failover
3.6.7 Backing Up a WAN Connection with an IPsec VPN
3.7 Introducing Cisco Easy VPN
3.7.1 Introducing Cisco Easy VPN
3.7.2 Cisco Easy VPN Components
3.7.3 Deployment Models
3.7.4 Requirements and Restrictions for Cisco Easy VPN Remote
3.7.5 Easy VPN Server and Easy VPN Remote Operation
3.8 Configuring Easy VPN Server using Cisco SDM
3.8.1 Required Preparation
3.8.2 Configuring the Prerequisites with VPN Wizards
3.8.3 Start the Easy VPN Server Wizard
3.8.4 Configure IKE Proposals
3.8.5 Configure the Transform Set
3.8.6 Storing Group Policy Configurations on the Local Router
3.8.7 Storing Group Policy Configurations on an External User Database via RADIUS
3.8.8 Local Group Policies
3.8.9 Completing the Configuration
3.9 Implementing the Cisco VPN Client
3.9.1 Cisco VPN Client Configuration Tasks
3.9.2 Task 1: Install Cisco VPN Client
3.9.3 Task 2: Create a New Client Connection Entry
3.9.4 Task 3: Configure Client Authentication Properties
3.9.5 Task 4: Configure Transparent Tunneling
3.9.6 Allowing Local LAN Access
3.9.7 Task 5: Enable and Add Backup Servers
3.9.8 Task 6: Configure Connection to the Internet Through Dialup Networking
3.10 IPsec VPN Lab Exercises
3.10.1 Lab 3.1 Configuring SDM on a Router
3.10.2 Lab 3.2 Configuring a Basic GRE Tunnel
3.10.3 Lab 3.3 Configuring Wireshark and SPAN
3.10.4 Lab 3.4 Configuring Site-to-Site IPsec VPNs with SDM
3.10.5 Lab 3.5 Configuring Site-to-Site IPsec VPNs with the IOS CLI
3.10.6 Lab 3.6 Configuring a Secure GRE Tunnel with SDM
3.10.7 Lab 3.7 Configuring a Secure GRE Tunnel with the IOS CLI
3.10.8 Lab 3.8 Configuring IPsec VTIs
3.10.9 Lab 3.9 Configuring Easy VPN with SDM
3.10.10 Lab 3.10 Configuring Easy VPN with the IOS CLI
 Previous Chapter Next Chapter