IPsec |
|
Secure Sockets Layer (SSL) VPN |
|
Easy VPN |
|
Web VPN |
|
Hashing Media Authentication Code (HMAC) |
|
Diffie-Hellman (DH) Key Exchange |
|
Rivest Shamir Adleman (RSA) signatures |
|
Pre-shared keys (PSK) |
|
Hash, Authentication, Group, Lifetime, Encryption (HAGLE) memory aid |
|
Internet Key Exchange (IKE) policy set |
|
IPsec transform set |
|
Crypto Access Control List (ACL) |
|
Crypto map |
Exam Topics Covered in This Chapter: |
|
---|---|
Explain IKE protocol functionality and phases |
|
Describe the building blocks of IPSec and the security functions it provides |
|
Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM |
These exam topics are from cisco.com. Check there periodically for the latest exam topics and info.
IPsec is often described as a framework for real-time, secure communications. When properly configured, IPsec can scale to large networks, and in some cases, replace the requirement for dedicated WAN circuits. Organizations can leverage on existing high-speed Internet connections to provide reliable and secure transport of communications between the organization’s sites, as well as to its mobile workforce using IPsec. Understanding the systems that go into IPsec is critical to both configuring as well as troubleshooting the solution. Although this chapter will not go into great depth about the underlying theory of IPsec, it examines the separate components of the IPsec framework to the extent that this understanding will aid the reader in configuring IPsec. Toward the end of the chapter, we use first the CLI, then the Cisco SDM to configure a site-to-site IPsec VPN in order to cement the theory.