IPsec Concepts
One of the technologies acclimated to actualize VPNs is IPsec, which was developed by
the Internet Engineering Task Force (IETF) as allotment of IPv6 and can be implemented
in IPv4. IPsec is a framework of accessible standards that operates at Band 3
of the OSI model, which agency that it can assure communications from the
network band (IP) and up.The IPsec standards abstracts (of which there are
many) can be begin at www.ietf.org/html.charters/ipsec-charter.html. If you are
interested in a abundant alignment of the IPsec framework, it could be advantageous to
start from RFC 2411 (“IP Aegis Document Road Map”), which describes the
organization of the standards documents.
www.syngress.com
www.syngress.com
The all-embracing technology abstraction is declared in RFC 2401 (“Security
Architecture for the Internet Protocol”). IPsec provides two aegis protocols
used for appointment data, Encapsulating Aegis Payload (ESP) and
Authentication Header (AH), which are declared in RFC 2406 and RFC 2402,
respectively.These abstracts call the protocols, their agnate packet
structures, and accomplishing algorithms.
The encryption algorithm abstracts call the encryption algorithms that
are acclimated by ESP implementations.The alone appropriate encryption algorithm in an
IPsec accomplishing is Abstracts Encryption Standard (DES), which is authentic in
RFC 1829.At this time, DES is advised bare aegis and is being
phased out in favor of stronger encryption such as Triple DES (3DES),Advanced
Encryption Standard (AES), and Blowfish.To accommodate affidavit features,
IPsec uses the two algorithms HMAC-SHA-1 and HMAC-MD5, which are
described in RFC 2404 and RFC 2403, respectively.
Virtual clandestine arrangement (VPN) technology provides a approach for defended communications
between centralized networks over a accessible arrangement (such as the
Internet, for example) while accouterment appearance such as acquaintance and
authentication.VPNs are frequently acclimated to affix annex offices, adaptable users,
and business partners.The adeptness to affix clandestine networks or hosts by
securely tunneling through a accessible arrangement basement is actual appealing.
VPNs over the Internet accommodate solutions to assorted business problems, including
economical connectivity amid offices (using site-to-site VPNs) and the ability
to accouterment admission bound (simply by installing VPN accouterments on an
existing Internet affiliation instead of accepting to delay for a committed busy line
or Frame Relay PVC to be installed). Alien admission VPNs, on the added hand,
provide connectivity for adaptable workers or telecommuters, acceptance them to dial
into any ISP or use accelerated broadband connectivity at home or at a auberge to
gain admission to the accumulated network.
The PIX firewall supports both site-to-site and alien admission VPNs using
various protocols: IPsec, L2TP, and PPTP. On the abstruse side,VPNs can be
very complicated, and a distinct affiliation ability be implemented application a combination
of abounding protocols that assignment calm to accommodate tunneling, encryption,
authentication, admission control, and auditing.
In this chapter, you will apprentice how to configure VPN on the PIX firewall.We
will configure site-to-site VPNs (also accepted as office-to-office VPNs) application IPsec
and IKE with pre-shared keys and agenda certificates.You will additionally apprentice about
manual IPsec and how to configure PPTP and L2TP tunneling on the PIX firewall.
Finally, you will apprentice how the PIX firewall can act as a concentrator for
terminating Cisco software VPN clients.