Virtual Private Network (VPN) |Types of VPN |Enterprise & ISP VPN | Network Security | IPsec & GRE

ReadTech June 24, 2023

 


In this discussion, I will elaborate Below points about VPN

 

  • ·       Why VPN? What is VPN?
  • ·       Types of VPN from a General perspective,
  • ·       VPN types in Enterprise & ISP/Backbone/IP Core
  • ·       IP Sec Vs GRE
  • ·       Labs on the multi-Vendor firewall

 

Why VPN?

If the two networks are away/far distance from each other that we cannot connect directly, In this case, we will connect through an internet public network (not secure) then for security purposes b/w two sites VPN is required.

 

What is VPN:

·       VPN provides a secure Virtual connection b/w two or more Sites/Organizations/hosts through Public Network to communicate like they are connected in LAN.

·       If there are multiples VPN configured & other traffic also then due to VPN Isolation of traffic is achieved as well.

 

VPN Types:

In IT & Telecom, there are main two types of Network one is Enterprise & second is ISP Service provider/operator or Backbone/IP Core/IP Transport (these all are the same terminology)

 

In terms of the above Networks Below are the VPN types






From the perspective of end-point/user connectivity Enterprise VPN is divided into two types.

 

Both VPNs are used for secure connection but depend on the actual requirement of traffic flow.

  •  Site-to-Site VPN
  •  Remote Access VPN



Site-to-Site VPN:

·       Connectivity between two fixed LAN Networks, which can be Spoke-Hub or Spoke-Spoke

·       Multiple subnets not allowed to connect means connectivity b/w only two subnet/Networks in each site-to-site VPN.

 

Remote Access VPN:

·       Connectivity b/w mobile/not fixed user & Remote site. In this scenario, the endpoint user establishes a connection with Firewall/server through VPN Client Software like Cisco AnyConnect, Palo Alto Global Protect, or Fortinet FortiClient, and then accesses the internal Network.

  •          Multiple subnets connectivity allowed.
  •         Client installation required on end-user Laptop/Mobile

For the tunnel creation of the above VPN, IPsec & GRE are used it consists of multiples protocol.

 

In the next section, I will explain about IPsec & GRE in detail & Lab implementation of different scenarios, further if you want to read about all VPN types in Enterprise & MPLS then Please write comments & share your experience.

 

 

 

IPsec:

As its name represents IPsecà IP+Security, providing security to the IP traffic carrying from one side to another.

  •          IPsec provides Confidentiality, integrity, Authentication & protection of anti-replay, in other words, encryption, protection & access control.
  •        To get the above features of IPsec using multiple protocols like Internet Key exchange (IKE), Authentication Headers (AH) & Encapsulating Security Protocol (ESP).
  •        Internet Key exchange (IKE) is used for the initial negotiation of parameters & key management.
  • Authentication Headers (AH) provide Data authentication & integrity.
  • Encapsulating security protocol (ESP) used for Confidentiality or Encryption, Authentication & integrity.

 

By adding these protocols with original Data & IP also add their header with Data

 

 AH:


ESP:





The above three IKE, AH & ESP further contains sub-protocols for different functionality as mentioned below


  •           IKE consists of ISAKMP (Internet security association key management Protocol)
  •           AH included SHA1 & HMAC etc.
  •         ESP included AES,3DES



IPsec is working in two phases

 

Phase-1: In this phase initial negotiation for secure tunnel creation. IKE functionality is working here. This is for channel security & building.

Phase-2: In this phase different policy verification like for Data encryption, authentication & protection, etc. AH & ESP is working here & is the security of actual data.



During configuration, you will be confused that authentication, encryption, and Hashing are used in both phases but actually, it’s for different purposes as below

In both phases authentication, encryption & Hashing algorithm are used but phase-1 is for the tunnel & Phase-2 is for Data.






In our next posts, we will focus to cover Basic to advance LABs on each topic and share experiences of practical projects we already completed.




Keep Learning, Keep Reading, and Keep Growing. IT & IP is the future.

 

Interview Questions:

·       What is VPN?

·       Types of VPN?

·       Difference between IPsec & MPLS VPNs?

·       GRE Vs IPsec?

·       What site-to-site VPN?

·       What is Remote Access VPN?

 


Tags:

Post a Comment

0 Comments