Professional Documents
Culture Documents
HC110110029 Securing Data With IPSec VPN
HC110110029 Securing Data With IPSec VPN
age 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
Upon completion of this section, you will be able to:
Explain the basic principles of the IPSec security architecture.
Configure IPSec peering between two devices.
age 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Application
Branch
HQ
IPSec Tunnel
age 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Architecture
Authentication
MD5
AH
SHA-1
SHA-2
ESP
Encryption
DES
3DES
AES
age 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Security Association
RTA RTB
IPSec Tunnel
age 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Transport Mode
IP AH TCP Data
AH
Authentication
age 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Tunnel Mode
IP AH IP TCP Data
AH
Authenticati
on
age 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Establishment
Ensure Reachability
age 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Configuration
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24
age 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Proposal Verification
age 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Policy Creation
age 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Applying Policies to Interfaces
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24
The IPSec policy is bound to the physical interface via which the IPSec peer
is reachable.
age 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Policy Verification
age 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Policy Verification
...
Inbound ESP setting:
ESP SPI: 12345 (0x3039)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
Outbound ESP setting:
ESP SPI: 54321 (0xd431)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
...
age 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Summary
What is meant by a Security Association (SA)?
What are the three possible actions that may be applied to IPSec filtered traffic?
age 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com