Week 2 Flashcards
(41 cards)
-to create end-to-end private networks to create end-to-end private network connections
-is virtual in that it carries information within a private network, but that information is actually transported over a public network.
-is private in that the traffic is encrypted to keep the data confidential while it is transported acrosss the public network.
Virtual Private Network (VPN)
(VPN Benefits)
-organizations can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth.
cost savings
(VPN Benefits)
-encryption and authentication protocols data from unauthorized access.
security
(VPN Benefits)
-VPNs allow organizations to use the internet, making it easy to add new users wihtout adding significant infrastructure.
scalability
(VPN Benefits)
-VPNs can be implemented across a wide variety of WAN link options including broadband technologies. Remote workers can use these high-speed connections to gain secure access to corporate networks.
compatibility
-common solution for securing enterprise traffic across the internet. Site-to-seite and remote access VPNs are created and managed by the enterprise using IPsec and SSL VPNs/
Enterprise VPNs
-created and managed by the provider network, The provider uses Multiprotocol Label Switching (MPLS) at Layer 2 or Layer 3 to create secure channels between an enterprise’s sites, effecticely segregating the traffic from other customer traffic.
Service Provider VPNs
-does not ask you to install for connection, you can use the browser to connect
Client SSL Connection
-let remote and mobile users securely connect to the enterprise.
-are typically enabled dramatically by the user when required and can be created using either IPsec or SSL.
Remote-access VPNs
(remote-access VPNs)
-the connection is secured using a web browser SSL connection
clientless VPN connection
(remote-access VPNs)
-VPN client software such as Cisco AnyConnect Secure Mobility Client must be installed on the remote user’s end device.
Client-based VPN connection
-uses the public key infrastructure and digitial certificates to authenticate peers. The type of VPN method implemented is based on the access requirements of the users and the organization’s IT processes.
SSL VPNs
-connect networks across an untrusted network such as the internet.
site-to-site VPNs
(site-to-site IPsec VPNs)
–send and receive normal unencrypted TCP/IP traffic through a VPN gateway.
end hosts
(site-to-site IPsec VPNs)
-encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway strips the headers, decrypts thw contect and relays the packet toward the target host inside its private network.
VPN gateway
-is a non-secure site-to-site VPN tunneling protocol
-does not default support encryption; and therefore, it does not provide a secure VPN tunnel.
-its packet can be encapsulated into an IPsec packet to forward it securely to the destination VPN gateway.
Generic Routing Encapsulation (GRE)
(GRE over IPsec)
-can encapsulate various network layer protocols as well as multicast and broadcast traffic.
GRE tunnel
(GRE over IPsec)
-this is the original packet that is to be encapsulated by GRE. It could be an IPv4 or IPv6 pakcet, a routing update, and more.
passenger protocol
(GRE over IPsec)
-that encapsulates the original passenger packet
carrier protocol
(GRE over IPsec)
-this is the protocol that will actually be used to forward the packet. This could be IPv4 or IPv6.
Transport protocol
-is a Cisco software slolution for building multiple VPNs in an easy, dynamic, and scalale manner
-simplifies the VPN tunnel configuration and provides a flexible option to connect a central site with branch sites.
Dynamic Multipoint VPNs (DMVPN)
(Dynamic Multipoint VPNs)
-establish secure VPN tunnels with the hub site.
-can also obtain information about each other, and alternatively build direct tunnels between themselves (spoke-to-spoke tunnels)
spoke sites
-simplifies the configuration process required to support multiple sites and remote access.
-configurations are applied to a virtual interface instead of static mapping the IPsec sessions to a physical interface.
-is capable of sending and receving both IP unicast anf multicast encrypted traffic. Therefore, routing protocols are automatically supported without having to configure GRE tunnels
-can be configured between sites or in a hub-and-spoke topology.
IPsec Virtual Tunnel Interface (IPsec VTI)
(service provider MPLS VPNs)
-is forwarded through the MPLS backbone using labels.
-is secure because service provider customers cannot see each other’s traffic.
traffic
