IPSec VPN - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

IPSec VPN

Description:

Title: Web Security Author: Andrew Yang Last modified by: Yang, T. Andrew Created Date: 8/25/2005 3:09:39 AM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 7
Provided by: Andrew687
Category:

less

Transcript and Presenter's Notes

Title: IPSec VPN


1
IPSec VPN
Chapter 13 of Malik
2
Outline
  • Types of IPsec VPNs
  • IKE (or Internet Key Exchange) protocol

3
Types of IPsec VPNs
  • Site-to-site (aka LAN-to-LAN) IPsec VPN
  • Figure 13-1
  • Question no concentrator?
  • Remote-access client IPsec VPN
  • Figure 13-2
  • Unique challenges (see p.317)
  • IPsec clients use unknown-to-gateway IP addresses
    to connect to the gateway
  • Clients IP address assigned by the ISP is not
    compatible with the private networks addressing.
  • The clients must use the DNS server, DHCP server,
    and other such servers on the private network.
  • PAT can no longer function as normal (because ESP
    encrypts all the port info in the TCP or UDP
    header).

4
Phases of IPsec
  • Connection initiated
  • IKE main mode or aggressive mode
  • Results
  • creation of an IKE Security Association (SA)
    between the two IPsec peers
  • A set of 3 session keys are established
  • Quick mode
  • Results
  • creation of two IPsec SAs between the two peers
    (incoming SA and outgoing SA)
  • Generate a pair of IPsec keys (one for each of
    the SAs)
  • Data communication (using ESP or AH)

5
IPsec Negotiation using IKE
  • P.279 Authentication methods vs modes

Preshared key Digital signature Encrypted nonces
Main mode pp. 280-298 pp.298-302
Aggressive mode pp.302-306
6
IPsec Negotiation using IKE
  • Example 1 Main mode using preshared key
    authentication followed by Quick mode negotiation
  • pp.280-298
  • Example 2 Main mode using DS authentication
    followed by Quick mode negotiation
  • pp.298-302
  • Example 3 Aggressive mode using Preshared key
    authentication (followed by Quick mode
    negotiation)
  • pp. 302-306
Write a Comment
User Comments (0)
About PowerShow.com