Networking Essentials: VPNs, IPsec, NAT, and WAN Technologies
This document outlines key concepts related to Virtual Private Networks (VPNs), IPsec, Network Address Translation (NAT), and various Wide Area Network (WAN) technologies.
Key Concepts and Technologies
- IPsec: An industry-wide standard suite for securing IP communications.
- VPN: The creation of private networks across the Internet, ensuring secure data transmission.
- DSL: Uses ATM (Asynchronous Transfer Mode) as the Data Link layer protocol.
- CSU/DSU: Supplied when a router is connected to a Frame Relay WAN link using a serial DTE interface.
- Frame Relay Map: The command required for connectivity in a Frame Relay network if Inverse ARP is not functioning.
- Port-based NAT: Used to design a system allowing simultaneous connections, translating ports.
- IPsec (NAT Traversal Issues): A type of traffic that may encounter problems when passing through a NAT device.
- Leased Lines: A WAN technology that establishes a dedicated, constant connection.
- ISDN & Dial-up: Two technologies associated with the Public Switched Telephone Network (PSTN).
- ATM: A cell-based WAN technology.
- Integrity and Confidentiality: Desirable security characteristics for network communications.
- Inside Global Addresses: The group of public addresses in a NAT-enabled router.
- VPN Benefits: Reduced connectivity costs for remote access.
- Diffie-Hellman: A public-private key exchange method.
- 3DES & AES: Two encryption algorithms commonly used in IPsec VPNs.
- Syslog: Provides the ability to secure the monitoring process.
- SNMP: Allows for authentication and encryption (verify).
- RSA: An asymmetrical key cryptosystem algorithm.
- MD5 & SHA: Two algorithms that use hash-based message authentication codes.
- DH Algorithms Purpose: To allow two parties to establish a shared secret key for encryption and hashing.
- SNMP vs. Netflow: SNMP gathers traffic statistics, while Netflow collects performance indicators like interface errors and CPU usage.
- NAT Disadvantage: Lack of end-to-end addressing.
- NAT64 Advantage: Allows IPv6 hosts to connect to an IPv4 network through translation.
- VPN Tunneling: Achieved by encapsulating original packets with new headers from VPN protocols.
- VPN Scenarios:
- A mobile sales agent connecting to the company network via a hotel’s Internet connection.
- An employee working from home using VPN client software to connect to the company network.
- IPsec Description: Operates at Layer 3 but can protect traffic from Layer 4 through Layer 7.
- ESP (Encapsulating Security Payload): An IPsec protocol providing data confidentiality and authentication for IP packets.
- VPN Software Requirement: Determine if users need to connect without requiring special VPN software.
- Message Hash Purpose: Ensures data integrity during transit.
- IPsec VPN Characteristic: Works with all Layer 2 protocols.
- Generic Routing Encapsulation (GRE) Tunneling Protocol Purpose: Manages the transportation of IP multicast and multiprotocol traffic between remote sites.
- Site-to-Site VPN Feature: Internal hosts send normal, unencapsulated packets.
- GRE Tunneling Scenario: A central site connecting to a SOHO site without encryption.
- IPsec Integrity: Ensures that data has not been changed during transmission.
- IPsec Authentication: Verifies that communication is secure.
- VPN Cost Reduction: VPNs can be used across broadband connections rather than dedicated WAN links.
- IPsec VPN Characteristics:
- Specific PC client configuration is required to connect to the VPN.
- IPsec authenticates using shared secrets or digital certificates.