VPN series part 2, Site-to-site VPN

VPN series part 2, Site-to-site VPN

Dinesh Kumar Dinesh Kumar

Dinesh Kumar

Junior Telecom Officer @ Bharat Sanchar Nigam Limited | BCA | CCNA | CCNP R&S | CCNP SECURITY | GERMAN LANGUAGE B2 | MBA in Operations Management

发布日期: 2024年8月29日
+ 关注

Site-to-site VPN

It is a logical connection between the two sites

It is also called as IPsec vpn (Internet Protocol Security )

There are four features of IPsec VPN

1.????? Confidentiality

2.????? Integrity

3.????? Authentication

4.????? Anti-replay

Confidentiality:- it means the intended party can view or understand our data. We can achieve it through different encryption methods e.g.:-? AES( Advance Encryption Standard) . DES( Digital Encryption Standard), 3DES etc

Integrity: This means only the intended party can alter our data. it is performed by a hashing algorithm. MD5(Message Digest 5 ), SHA1 , SHA2 etc

Authentication:-? it is used to authenticate the VPN peers.? PSK ( Pre Shared Key) , and digital certificates are used to authenticate peers.

Anti-replay:-? it protects from replay attacks from hackers, e.g, if we receive the same packet with the same serial number, the packet will be discarded. Sequencing of the packet is used to protect it from replay attacks.

?

IPsec Protocol:- it uses one of the two protocol headers for securing data.

1.????? Authentication Header(AH)

2.????? Encapsulation Security Payload (ESP)

Authentication Header(AH) :- It uses IP protocol 51, it does not provide any confidentiality of data. It does not encrypt any data at all, but it provides both authentication and integrity services.

领英推荐

Encapsulation Security Payload (ESP):-? It uses IP protocol 50, and performs confidentiality, authentication, and integrity services. It also performs encryption and is more secure than AH.

?

IPsec Mode:-

1.????? Transport mode:- it protects layer 4 and upper layer data.

2.????? Tunnel mode:- it protects layer 3 and upper layer data. By default mode is tunnel mode.

?

Five steps of IPsec

1.????? Any traffic that should be secured and sent across the tunnel is identified as interesting traffic, usually using an access list.

2.????? ?IKE ( Internet Key Exchange ) Phase 1 is initiated. Peers are authenticated keys are exchanged, and IKE Policy sets are negotiated, if successful, the IKE Session(SA)? is established.

3.????? IKE phase 2 is initiated. IPsec transform sets are negotiated, and if successful, the IPsec session is established

4.????? Data is transferred using the agreed security policy.

5.????? The session is torn down once the SA lifetime is expired.?

?

?

?

?

要查看或添加评论,请登录

Dinesh Kumar的更多文章

  • Upgrading system
    2024年9月13日

    Upgrading system

    We are transitioning from the Huawei STM-16 system to Tejas system, connecting 8 sites in a ring topology. This upgrade…

  • VPN series part 3, config of Site-to-site VPN
    2024年8月29日

    VPN series part 3, config of Site-to-site VPN

    Config policy on branch one router BR1# crypto isakmp policy 1 # hash md5 #authentication pre-share #group 5 #…

  • VPN Series part 1 :- Introduction of VPN
    2024年8月15日

    VPN Series part 1 :- Introduction of VPN

    Introduction of VPN · VPN stands for Virtual Private Network. · VPN provide data integrity, authentication and data…

  • HSRP
    2024年5月3日

    HSRP

    Hot Standby Routing Protocol

社区洞察

其他会员也浏览了