tailieunhanh - Lecture CCNA security partner - Chapter 14: Site-to-Site IPsec VPNs with Cisco IOS Routers
This chapter explains how to configure site-to-site virtual private networks (VPN) using Cisco IOS routers. You will learn how to use both CLI commands and Cisco Configuration Professional to configure, validate, and monitor the VPN configuration. You will also learn site-to-site VPN troubleshooting techniques. | Chapter 14. Site-to-Site IPsec VPNs with Cisco IOS Routers 1 This chapter teaches you how to configure a site-to-site IPsec VPN with preshared keys, using Cisco Configuration Professional. This ability includes being able to meet these objectives: • Evaluate the requirements and configuration of site-to-site IPsec VPNs • Use Cisco Configuration Professional to configure site-to-site IPsec VPNs • Use CLI commands and Cisco Configuration Professional monitoring options to validate the VPN configuration • Use CLI commands and Cisco Configuration Professional monitoring options to monitor and troubleshoot the VPN configuration Contents IPsec VPN negotiation can be broken down into five steps,including Phase 1 and Phase 2 of Internet Key Exchange (IKE): Step 1. An IPsec tunnel is initiated when Host A sends “interesting” traffic to Host B. Traffic is considered interesting when it travels between the IPsec peers and meets the criteria that is defined in the crypto access control list . | Chapter 14. Site-to-Site IPsec VPNs with Cisco IOS Routers 1 This chapter teaches you how to configure a site-to-site IPsec VPN with preshared keys, using Cisco Configuration Professional. This ability includes being able to meet these objectives: • Evaluate the requirements and configuration of site-to-site IPsec VPNs • Use Cisco Configuration Professional to configure site-to-site IPsec VPNs • Use CLI commands and Cisco Configuration Professional monitoring options to validate the VPN configuration • Use CLI commands and Cisco Configuration Professional monitoring options to monitor and troubleshoot the VPN configuration Contents IPsec VPN negotiation can be broken down into five steps,including Phase 1 and Phase 2 of Internet Key Exchange (IKE): Step 1. An IPsec tunnel is initiated when Host A sends “interesting” traffic to Host B. Traffic is considered interesting when it travels between the IPsec peers and meets the criteria that is defined in the crypto access control list (ACL). Step 2. In IKE Phase 1, the IPsec peers (routers A and B) negotiate the established IKE SA policy. Once the peers are authenticated, a secure tunnel is created using ISAKMP. Step 3. In IKE Phase 2, the IPsec peers use the authenticated and secure tunnel to negotiate IPsec SA transforms. The negotiation of the shared policy determines how the IPsec tunnel is established. Step 4. The IPsec tunnel is created and data is transferred between the IPsec peers based on the IPsec parameters configured in the IPsec transform sets. Step 5. The IPsec tunnel terminates when the IPsec SAs are deleted or when their lifetime expires. Site-to-Site IPsec VPN Operations Site-to-Site IPsec VPN Verify connectivity between peers Define interesting traffic Determine the cipher suite requirements Manage monitoring, troubleshooting, and change Planning and Preparation Checklist Interesting traffic is defined by crypto ACLs in site-to-site IPsec VPN configurations. Crypto ACLs perform these functions • .
đang nạp các trang xem trước