Networking Essentials: VPNs, IPsec, NAT, and WAN Technologies

This document outlines key concepts related to Virtual Private Networks (VPNs), IPsec, Network Address Translation (NAT), and various Wide Area Network (WAN) technologies.

Key Concepts and Technologies

  • IPsec: An industry-wide standard suite for securing IP communications.
  • VPN: The creation of private networks across the Internet, ensuring secure data transmission.
  • DSL: Uses ATM (Asynchronous Transfer Mode) as the Data Link layer protocol.
  • CSU/DSU: Supplied when a router is connected to a Frame Relay WAN link using a serial DTE interface.
  • Frame Relay Map: The command required for connectivity in a Frame Relay network if Inverse ARP is not functioning.
  • Port-based NAT: Used to design a system allowing simultaneous connections, translating ports.
  • IPsec (NAT Traversal Issues): A type of traffic that may encounter problems when passing through a NAT device.
  • Leased Lines: A WAN technology that establishes a dedicated, constant connection.
  • ISDN & Dial-up: Two technologies associated with the Public Switched Telephone Network (PSTN).
  • ATM: A cell-based WAN technology.
  • Integrity and Confidentiality: Desirable security characteristics for network communications.
  • Inside Global Addresses: The group of public addresses in a NAT-enabled router.
  • VPN Benefits: Reduced connectivity costs for remote access.
  • Diffie-Hellman: A public-private key exchange method.
  • 3DES & AES: Two encryption algorithms commonly used in IPsec VPNs.
  • Syslog: Provides the ability to secure the monitoring process.
  • SNMP: Allows for authentication and encryption (verify).
  • RSA: An asymmetrical key cryptosystem algorithm.
  • MD5 & SHA: Two algorithms that use hash-based message authentication codes.
  • DH Algorithms Purpose: To allow two parties to establish a shared secret key for encryption and hashing.
  • SNMP vs. Netflow: SNMP gathers traffic statistics, while Netflow collects performance indicators like interface errors and CPU usage.
  • NAT Disadvantage: Lack of end-to-end addressing.
  • NAT64 Advantage: Allows IPv6 hosts to connect to an IPv4 network through translation.
  • VPN Tunneling: Achieved by encapsulating original packets with new headers from VPN protocols.
  • VPN Scenarios:
    • A mobile sales agent connecting to the company network via a hotel’s Internet connection.
    • An employee working from home using VPN client software to connect to the company network.
  • IPsec Description: Operates at Layer 3 but can protect traffic from Layer 4 through Layer 7.
  • ESP (Encapsulating Security Payload): An IPsec protocol providing data confidentiality and authentication for IP packets.
  • VPN Software Requirement: Determine if users need to connect without requiring special VPN software.
  • Message Hash Purpose: Ensures data integrity during transit.
  • IPsec VPN Characteristic: Works with all Layer 2 protocols.
  • Generic Routing Encapsulation (GRE) Tunneling Protocol Purpose: Manages the transportation of IP multicast and multiprotocol traffic between remote sites.
  • Site-to-Site VPN Feature: Internal hosts send normal, unencapsulated packets.
  • GRE Tunneling Scenario: A central site connecting to a SOHO site without encryption.
  • IPsec Integrity: Ensures that data has not been changed during transmission.
  • IPsec Authentication: Verifies that communication is secure.
  • VPN Cost Reduction: VPNs can be used across broadband connections rather than dedicated WAN links.
  • IPsec VPN Characteristics:
    • Specific PC client configuration is required to connect to the VPN.
    • IPsec authenticates using shared secrets or digital certificates.