![Page 1: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/1.jpg)
1
IP VPN
Nikolay Scarbnik
![Page 2: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/2.jpg)
2
AgendaIntroduction………………………………………………………….3VPN concept definition……………………………………………..4VPN advantages……………...…………………………………….5VPN types……………………………………………………………6OSI……………………………………………………………………7VPNs classification………………………………………………….8Example:IPSec Tunnel Mode…………………………………………10VPN example- IPSec………………………………………………11IPSec Overview…………………………………………………….12Algorithms for encryption ………………...…………………………11Public Key Encryption……………………………………………...14Diffie-Hellman Key Exchange……………………………………..15IPSec Security Protocols…………………………………………..16IPSec AH & ESP …………………………………………….………17Secure Protocol- ESP……………………………………………...18Secure Protocol- AH………………………………………………..20References…………………………………………………………..22
![Page 3: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/3.jpg)
3
Introduction
This project describes VPNs, or Virtual Private Networks.
I’ll try to briefly describe the main components, technologies and advantages.
The audience is expected to have some basic knowledge the TCP/IP protocols, as well as general security concepts.
![Page 4: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/4.jpg)
4
VPN concept definition
VPN- Virtual Private Network.
The VPN concept is all about combining several separated Private Networks using public infrastructure.
• Virtual- because it’s dynamic connection over public infrastructure.
• Private- data security is preserved.
• Network- connects several LANs or single computers to a mainframe/LAN
![Page 5: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/5.jpg)
5
VPN advantages
• Cost saving.
• Accessibility& secure connection.
• Application transparent .
![Page 6: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/6.jpg)
6
VPN types
• PPTP- point-to-point tunneling protocol • L2F- layer-2 forwarding• L2TP- layer-2 tunneling protocol• IPSec- IP security protocol • GRE- generic routing encapsulation• MPLS- multiprotocol label switching• ATM- asynchronous transfer mode• Frame Relay
![Page 7: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/7.jpg)
7
7 Layers Model
VPN uses the 2’nd or the 3’d layer of the OSI model.
![Page 8: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/8.jpg)
8
VPNs classification
Layer 2 VPN
P2P over VC
ATMFrameRelay
Layer 3 VPN
P2P , Any2Any
GRE MPLS IPSec
![Page 9: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/9.jpg)
9
VPNs classification
ATM
Site-to-site VPNs
Static
FrameRelay
GRE MPLS
Remote access VPNs
Dynamic
IPSec LT2P
![Page 10: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/10.jpg)
10
Example:IPSec Tunnel Mode
![Page 11: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/11.jpg)
11
VPN example- IPSec
Whats IPSec?
IPSecs goal is to secure IP packets (IPv6/v4) .
What is it good for?
IPSec provides authentication, integrity, access control, and confidentiality.
![Page 12: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/12.jpg)
12
IPSec Overview
Fundamental components of IPSec :
• Algorithms for encryption
• Key management ISAKMP, IKE, SKEME
• Security protocols Authentication header (AH) and encapsulation security payload (ESP)
![Page 13: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/13.jpg)
13
Algorithms for encryption
• Symmetric Algorithms: DES, 3DES, and AES .
• Asymmetric Algorithms-public key algorithms: IKE (Internet Key Exchange )
In 1999, the DES key was cracked in less than 24 hours by using an exhaustive key
search. IPSec
![Page 14: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/14.jpg)
14
Public Key Encryption
![Page 15: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/15.jpg)
15
Diffie-Hellman Key Exchange
![Page 16: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/16.jpg)
16
IPSec Security Protocols
• Encapsulating security payload (ESP) • Authentication header (AH)
>> IP datagram security <<
![Page 17: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/17.jpg)
17
IPSec AH & ESP
Packet in IPSec Transport Mode
IP Packet in IPSec Tunnel Mode
![Page 18: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/18.jpg)
18
Secure Protocol- ESP
IP Packet Protected by ESP
![Page 19: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/19.jpg)
19
Secure Protocol- ESPIP Packet Protected by ESP in Transport Mode
IP Packet Protected by ESP in Tunnel Mode
![Page 20: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/20.jpg)
20
Secure Protocol- AH
AH provides: connectionless integrity,
data authentication, and optional replay protection.
IP Packet Protected by AH
![Page 21: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/21.jpg)
21
Secure Protocol- AHIP Packet Protected by AH in Transport Mode
IP Packet Protected by AH in Tunnel Mode
![Page 22: 1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d4c5503460f94a29f43/html5/thumbnails/22.jpg)
22
References
• http://www.iec.org/
• http://www.raduniversity.com/2004/vpn/
• Cisco Press IPSec VPN Design
• Cisco - Safe VPN - IPSec In Depth