VIRTUAL PRIVATE NETWORK (VPN)

It will create a tunnel between 2 or more private networks over the public network (Internet) and that
will be a virtual connection (through commands). It will be a secure connection. “It is a secure tunnel
over the public network called VPN”. This tunnel can be created between Router-to-Router, Router-
to-Firewall, L3Switch-to-L3Switch, Server-to-Server, Router-to-Firewall, or it can be between any
devices. It can be created anywhere but recommended is over the public network.

VPN implemented layer:

• L1 VPN Cable: V.35 Serial between two routers is an example of an L1 VPN

• L2 VPN L2TP, PPTP, L2FM
• L3 VPN IPSec

IPSec is an open standard framework. IPSec security services provide confidentiality, Data Integrity,
Origin Authentication, and Anti-Replay Protection.

Confidentiality: to hide something (Data) such as encryption – De-encryption

Data Integrity: Data Accuracy and consistency (remain actual data while transferring),
Hashing.

Hash Key is to verify the data once it reaches to destination as it is the same as
the source.

Origin Authentication: to verify the user/person is authorized to access the resources/VPN.

Anti-Replay: It will stop duplicate packets to send/receive such as DDOS attack packets.

VPN Types

• Site-to-site VPN
o Allow a company to connect its remote to the corporate backbone securely internet.
o Both sites must be static, and configuration must be the same on both sites
• Remote Site VPN
o Allow remote users to securely access the corporate network whenever and wherever
they need to.
o One site will be a static site and configuration will be done and it will act as a server.
o The other site will not be fixed, or it can portable and flexible site or from any un-static
site. The remote site will not have the same configuration. The remote site will use
Client software.
o EZVPN and DMVPN are examples of Remote site VPNs.

Protocol (IPsec)

IP Security (IPsec) is a protocol suite (i.e., framework) that helps us to protect IP traffic on the network
layer. IP Protocol doesn’t have any security features.

How IPsec works?

Phase 1 (ISAKMP): The IPsec devices negotiate an IKE security policy and establish a secure channel
for communication.

Phase 2 (IPsec): The IPsec devices negotiate an IPsec security policy to protect data.

Interesting Traffic: The IPsec devices recognize the traffic to protect.

Note: ISAKMP stand for Internet Security Association Key Management Protocol