The definitive design and deployment guide for secure virtual private networks Learn about IPSec protocols and Cisco IOS IPSec packet processing Understand the differences between IPSec tunnel mode and transport mode Evaluate the IPSec features that improve VPN scalability and fault tolerance, such as dead peer detection and control plane keepalives Overcome the challenges of working with NAT and PMTUD Explore IPSec remote-access features, including extended authentication, mode-configuration, and digital certificates Examine the pros and cons of various IPSec connection models such as native IPSec, GRE, and remote access Apply fault tolerance methods to IPSec VPN designs Employ mechanisms to alleviate the configuration complexity of a large- scale IPSec VPN, including Tunnel End-Point Discovery (TED) and Dynamic Multipoint VPNs (DMVPN) Add services to IPSec VPNs, including voice and multicast Understand how network-based VPNs operate and how to integrate IPSec VPNs with MPLS VPNsAmong the many functions that networking technologies permit is the ability for organizations to easily and securely communicate with branch offices, mobile users, telecommuters, and business partners. Such connectivity is now vital to maintaining a competitive level of business productivity. Although several technologies exist that can enable interconnectivity among business sites, Internet-based virtual private networks (VPNs) have evolved as the most effective means to link corporate network resources to remote employees, offices, and mobile workers. VPNs provide productivity enhancements, efficient and convenient remote access to network resources, site-to-site connectivity, a high level of security, and tremendous cost savings.IPSec VPN Design is the first book to present a detailed examination of the design aspects of IPSec protocols that enable secure VPN communication. Divided into three parts, the book provides a solid understanding of design and architectural issues of large-scale, secure VPN solutions. Part I includes a comprehensive introduction to the general architecture of IPSec, including its protocols and Cisco IOS® IPSec implementation details. Part II examines IPSec VPN design principles covering hub-and-spoke, full-mesh, and fault-tolerant designs. This part of the book also covers dynamic configuration models used to simplify IPSec VPN designs. Part III addresses design issues in adding services to an IPSec VPN such as voice and multicast. This part of the book also shows you how to effectively integrate IPSec VPNs with MPLS VPNs.IPSec VPN Design provides you with the field-tested design and configuration advice to help you deploy an effective and secure VPN solution in any environment.This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Cited By
- Ren B, Guo D, Yuan Y, Tang G, Wang W and Fu X (2021). Optimal Deployment of SRv6 to Enable Network Interconnection Service, IEEE/ACM Transactions on Networking, 30:1, (120-133), Online publication date: 1-Feb-2022.
- Uskov A, Serdyukova N, Serdyukov V, Heinemann C and Byerly A (2016). Multi objective optimization of VPN design by linear programming with risks models, International Journal of Knowledge-based and Intelligent Engineering Systems, 20:3, (175-188), Online publication date: 1-Jan-2016.
- Rossberg M and Schaefer G (2011). A survey on automatic configuration of virtual private networks, Computer Networks: The International Journal of Computer and Telecommunications Networking, 55:8, (1684-1699), Online publication date: 1-Jun-2011.
- Brinkmeier M, Rossberg M and Schaefer G Towards a denial-of-service resilient design of complex IPsec overlays Proceedings of the 2009 IEEE international conference on Communications, (948-953)
- Lu N, Zhou H and Qin Y A comparison study of IKE protocols Proceedings of the International Conference on Mobile Technology, Applications, and Systems, (1-5)
Index Terms
- IPSec VPN Design
Recommendations
IPsec/VPN security policy correctness and assurance
Managing security policies: Modeling, verification and configurationWith IPsec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements, especially among different administrative domains across the Internet. Under current practice, IPsec/VPN policies ...
Making the Gigabit IPsec VPN Architecture Secure
Avirtual private network uses IPsec to achieve its security. IPsec provides VPNs with confidentiality, data integrity, and end point authentication. Additionally, the VPN provides fordata compression, which increases Internet performance between sites. ...