Professional Documents
Culture Documents
It will create a tunnel between 2 or more private networks over the public network (Internet) and that
will be a virtual connection (through commands). It will be a secure connection. “It is a secure tunnel
over the public network called VPN”. This tunnel can be created between Router-to-Router, Router-
to-Firewall, L3Switch-to-L3Switch, Server-to-Server, Router-to-Firewall, or it can be between any
devices. It can be created anywhere but recommended is over the public network.
IPSec is an open standard framework. IPSec security services provide confidentiality, Data Integrity,
Origin Authentication, and Anti-Replay Protection.
Data Integrity: Data Accuracy and consistency (remain actual data while transferring),
Hashing.
Hash Key is to verify the data once it reaches to destination as it is the same as
the source.
Anti-Replay: It will stop duplicate packets to send/receive such as DDOS attack packets.
VPN Types
• Site-to-site VPN
o Allow a company to connect its remote to the corporate backbone securely internet.
o Both sites must be static, and configuration must be the same on both sites
• Remote Site VPN
o Allow remote users to securely access the corporate network whenever and wherever
they need to.
o One site will be a static site and configuration will be done and it will act as a server.
o The other site will not be fixed, or it can portable and flexible site or from any un-static
site. The remote site will not have the same configuration. The remote site will use
Client software.
o EZVPN and DMVPN are examples of Remote site VPNs.
Protocol (IPsec)
IP Security (IPsec) is a protocol suite (i.e., framework) that helps us to protect IP traffic on the network
layer. IP Protocol doesn’t have any security features.
Phase 1 (ISAKMP): The IPsec devices negotiate an IKE security policy and establish a secure channel
for communication.
Phase 2 (IPsec): The IPsec devices negotiate an IPsec security policy to protect data.
Note: ISAKMP stand for Internet Security Association Key Management Protocol