Networking Essentials: VPNs, IPsec, NAT, and WAN Technologies

Posted on Feb 11, 2025 in Computers

This document outlines key concepts related to Virtual Private Networks (VPNs), IPsec, Network Address Translation (NAT), and various Wide Area Network (WAN) technologies.

Key Concepts and Technologies

  • IPsec: An industry-wide standard suite for securing IP communications.
  • VPN: The creation of private networks across the Internet, ensuring secure data transmission.
  • DSL: Uses ATM (Asynchronous Transfer Mode) as the Data Link layer protocol.
  • CSU/DSU: Supplied when a router is connected to a Frame Relay WAN link using a serial DTE interface.
  • Frame Relay Map: The command required for connectivity in a Frame Relay network if Inverse ARP is not functioning.
  • Port-based NAT: Used to design a system allowing simultaneous connections, translating ports.
  • IPsec (NAT Traversal Issues): A type of traffic that may encounter problems when passing through a NAT device.
  • Leased Lines: A WAN technology that establishes a dedicated, constant connection.
  • ISDN & Dial-up: Two technologies associated with the Public Switched Telephone Network (PSTN).
  • ATM: A cell-based WAN technology.
  • Integrity and Confidentiality: Desirable security characteristics for network communications.
  • Inside Global Addresses: The group of public addresses in a NAT-enabled router.
  • VPN Benefits: Reduced connectivity costs for remote access.
  • Diffie-Hellman: A public-private key exchange method.
  • 3DES & AES: Two encryption algorithms commonly used in IPsec VPNs.
  • Syslog: Provides the ability to secure the monitoring process.
  • SNMP: Allows for authentication and encryption (verify).
  • RSA: An asymmetrical key cryptosystem algorithm.
  • MD5 & SHA: Two algorithms that use hash-based message authentication codes.
  • DH Algorithms Purpose: To allow two parties to establish a shared secret key for encryption and hashing.
  • SNMP vs. Netflow: SNMP gathers traffic statistics, while Netflow collects performance indicators like interface errors and CPU usage.
  • NAT Disadvantage: Lack of end-to-end addressing.
  • NAT64 Advantage: Allows IPv6 hosts to connect to an IPv4 network through translation.
  • VPN Tunneling: Achieved by encapsulating original packets with new headers from VPN protocols.
  • VPN Scenarios:
    • A mobile sales agent connecting to the company network via a hotel’s Internet connection.
    • An employee working from home using VPN client software to connect to the company network.
  • IPsec Description: Operates at Layer 3 but can protect traffic from Layer 4 through Layer 7.
  • ESP (Encapsulating Security Payload): An IPsec protocol providing data confidentiality and authentication for IP packets.
  • VPN Software Requirement: Determine if users need to connect without requiring special VPN software.
  • Message Hash Purpose: Ensures data integrity during transit.
  • IPsec VPN Characteristic: Works with all Layer 2 protocols.
  • Generic Routing Encapsulation (GRE) Tunneling Protocol Purpose: Manages the transportation of IP multicast and multiprotocol traffic between remote sites.
  • Site-to-Site VPN Feature: Internal hosts send normal, unencapsulated packets.
  • GRE Tunneling Scenario: A central site connecting to a SOHO site without encryption.
  • IPsec Integrity: Ensures that data has not been changed during transmission.
  • IPsec Authentication: Verifies that communication is secure.
  • VPN Cost Reduction: VPNs can be used across broadband connections rather than dedicated WAN links.
  • IPsec VPN Characteristics:
    • Specific PC client configuration is required to connect to the VPN.
    • IPsec authenticates using shared secrets or digital certificates.