In this discussion, I will elaborate
Below points about VPN
- · Why VPN? What is VPN?
- · Types of VPN from a General perspective,
- · VPN types in Enterprise & ISP/Backbone/IP
Core
- · IP Sec Vs GRE
- · Labs on the multi-Vendor firewall
Why VPN?
If the two networks are away/far distance
from each other that we cannot connect directly, In this case, we will connect
through an internet public network (not secure) then for security purposes b/w
two sites VPN is required.
What is VPN:
· VPN provides a secure Virtual connection b/w
two or more Sites/Organizations/hosts through Public Network to communicate
like they are connected in LAN.
· If there are multiples VPN configured &
other traffic also then due to VPN Isolation of traffic is achieved as well.
VPN Types:
In IT & Telecom, there are main
two types of Network one is Enterprise & second is ISP Service
provider/operator or Backbone/IP Core/IP Transport (these all are the same
terminology)
In terms of the above Networks Below are the VPN types
From the perspective of end-point/user
connectivity Enterprise VPN is divided into two types.
Both VPNs are used for secure
connection but depend on the actual requirement of traffic flow.
- Site-to-Site VPN
- Remote Access VPN
Site-to-Site VPN:
· Connectivity between two fixed LAN Networks, which
can be Spoke-Hub or Spoke-Spoke
· Multiple subnets not allowed to connect means
connectivity b/w only two subnet/Networks in each site-to-site VPN.
Remote Access
VPN:
· Connectivity b/w mobile/not fixed user &
Remote site. In this scenario, the endpoint user establishes a connection with
Firewall/server through VPN Client Software like Cisco AnyConnect, Palo Alto Global Protect, or Fortinet FortiClient, and then accesses the internal
Network.
- Multiple subnets connectivity allowed.
- Client installation required on end-user Laptop/Mobile
For the tunnel creation of the above
VPN, IPsec & GRE are used it consists of multiples protocol.
In the next section, I will explain
about IPsec & GRE in detail & Lab implementation of different
scenarios, further if you want to read about all VPN types in Enterprise &
MPLS then Please write comments & share your experience.
IPsec:
As its name represents IPsecà IP+Security, providing security to the IP
traffic carrying from one side to another.
- IPsec provides Confidentiality, integrity, Authentication & protection of anti-replay, in other words, encryption, protection & access control.
- To get the above features of IPsec using multiple protocols like Internet Key exchange (IKE), Authentication Headers (AH) & Encapsulating Security Protocol (ESP).
- Internet Key exchange (IKE) is used for the initial negotiation of parameters & key management.
- Authentication Headers (AH) provide Data authentication & integrity.
- Encapsulating security protocol (ESP) used for
Confidentiality or Encryption, Authentication & integrity.
By adding these protocols with
original Data & IP also add their header with Data
ESP:
The above three IKE, AH & ESP
further contains sub-protocols for different functionality as mentioned below
- IKE consists of ISAKMP (Internet security association
key management Protocol)
- AH included SHA1 & HMAC etc.
- ESP included AES,3DES
IPsec is working in two phases
Phase-1: In this phase initial negotiation for secure
tunnel creation. IKE functionality is working here. This is for channel
security & building.
Phase-2: In this phase different policy verification
like for Data encryption, authentication & protection, etc. AH & ESP is
working here & is the security of actual data.
During configuration, you will be
confused that authentication, encryption, and Hashing are used in both phases
but actually, it’s for different purposes as below
In both phases authentication,
encryption & Hashing algorithm are used but phase-1 is for the tunnel & Phase-2 is for Data.
In our next posts, we will focus to cover
Basic to advance LABs on each topic and share experiences of practical projects
we already completed.
Keep
Learning, Keep Reading, and Keep Growing. IT & IP is the future.
Interview
Questions:
· What is VPN?
· Types of VPN?
· Difference between IPsec & MPLS VPNs?
· GRE Vs IPsec?
· What site-to-site VPN?
· What is Remote Access VPN?
0 Comments