tailieunhanh - Lecture CCNA security partner - Chapter 14: Site-to-Site IPsec VPNs with Cisco IOS Routers

This chapter explains how to configure site-to-site virtual private networks (VPN) using Cisco IOS routers. You will learn how to use both CLI commands and Cisco Configuration Professional to configure, validate, and monitor the VPN configuration. You will also learn site-to-site VPN troubleshooting techniques. | Chapter 14. Site-to-Site IPsec VPNs with Cisco IOS Routers 1 This chapter teaches you how to configure a site-to-site IPsec VPN with preshared keys, using Cisco Configuration Professional. This ability includes being able to meet these objectives: • Evaluate the requirements and configuration of site-to-site IPsec VPNs • Use Cisco Configuration Professional to configure site-to-site IPsec VPNs • Use CLI commands and Cisco Configuration Professional monitoring options to validate the VPN configuration • Use CLI commands and Cisco Configuration Professional monitoring options to monitor and troubleshoot the VPN configuration Contents IPsec VPN negotiation can be broken down into five steps,including Phase 1 and Phase 2 of Internet Key Exchange (IKE): Step 1. An IPsec tunnel is initiated when Host A sends “interesting” traffic to Host B. Traffic is considered interesting when it travels between the IPsec peers and meets the criteria that is defined in the crypto access control list . | Chapter 14. Site-to-Site IPsec VPNs with Cisco IOS Routers 1 This chapter teaches you how to configure a site-to-site IPsec VPN with preshared keys, using Cisco Configuration Professional. This ability includes being able to meet these objectives: • Evaluate the requirements and configuration of site-to-site IPsec VPNs • Use Cisco Configuration Professional to configure site-to-site IPsec VPNs • Use CLI commands and Cisco Configuration Professional monitoring options to validate the VPN configuration • Use CLI commands and Cisco Configuration Professional monitoring options to monitor and troubleshoot the VPN configuration Contents IPsec VPN negotiation can be broken down into five steps,including Phase 1 and Phase 2 of Internet Key Exchange (IKE): Step 1. An IPsec tunnel is initiated when Host A sends “interesting” traffic to Host B. Traffic is considered interesting when it travels between the IPsec peers and meets the criteria that is defined in the crypto access control list (ACL). Step 2. In IKE Phase 1, the IPsec peers (routers A and B) negotiate the established IKE SA policy. Once the peers are authenticated, a secure tunnel is created using ISAKMP. Step 3. In IKE Phase 2, the IPsec peers use the authenticated and secure tunnel to negotiate IPsec SA transforms. The negotiation of the shared policy determines how the IPsec tunnel is established. Step 4. The IPsec tunnel is created and data is transferred between the IPsec peers based on the IPsec parameters configured in the IPsec transform sets. Step 5. The IPsec tunnel terminates when the IPsec SAs are deleted or when their lifetime expires. Site-to-Site IPsec VPN Operations Site-to-Site IPsec VPN Verify connectivity between peers Define interesting traffic Determine the cipher suite requirements Manage monitoring, troubleshooting, and change Planning and Preparation Checklist Interesting traffic is defined by crypto ACLs in site-to-site IPsec VPN configurations. Crypto ACLs perform these functions • .

• An ninh - Bảo mật
• CCNA Security Partner
• Network Security
• Site to Site IPsec VPNs
• Cisco IOS Routers
• Cisco Configuration Professional
• VPN configuration
• Purpose of security
• Basic security requirements
• Managing the risk
• Risk analysis
• Security strategy
• Cisco borderless Network
• Cisco borderless Network architecture
• Borderless Networks
• Threat control strategy
• Network security threats
• Threat control design
• Security intelligence analysis
• Network Foundation Protection
• Cisco NFP Framework
• Secure management
• Securing the management plane
• Cisco IOS devices
• Network Time Protocol
• Simple Network Management Protocol
• Native VLANs
• Configuring VLANs
• Configuring Inter VLAN routing
• Spanning Tree
• IPv6 environments
• IPv6 headers
• IPv6 address types
• Configure IPv6 addressing
• Access Control Lists
• Threat mitigation
• Operational framework
• VLSM environments
• Firewall Fundamentals
• Network Address Translation
• Firewall technologies
• Application layer firewalls
• Cisco IOS Zone Based Firewall
• Cisco IOS Zone Based Policy Firewall
• Intrusion Prevention Systems
• IPS fundamentals
• IPS attack responses
• IPS Anti Evasion techniques
• Fundamentals of cryptography
• VPN technologies
• Public Key Infrastructure
• IPsec fundamentals
• IPsec protocol
• IPsec’s main components
• Cisco SSL VPNs
• Protocol framework
• Cisco VPN clientless mode
• Cisco full tunnel mode