Hi, everyone. Let's get started on BP and Technology,
BBN or Virtual private networks. Create a secure tunnel from one private network toe another over a public network and applies encryption and hashing on the data as a transit over the Internet
and uses security protocols for authentication and aims to protect the confidentiality and integrity of data as it travels through an unsecure network.
Generally when setting up a VPN, the following requirements should be accounted for.
Piers are the number devices used. Establish a BB in connection. Hence you will need to ensure that the peers are compatible to support the same protocols. Or, if you're using different hardware brands such as Cisco and Fortinet.
You should define the algorithms you plan to use for hashing and encryption
and include the key size length you want to use
off course. The higher the key size, the more secure.
However, make sure that both peer support those parameters.
At times, you may need to use a legacy particle like three D E S instead of a s for backwards compatibility purposes, so that a more than technology device can establish a connection with the Legacy Technology Device
and consider what available public i p or went I p you want to use
and the private sub nets or land networks that require and toe and communication as it is required to be specified in an access control list. But a C L
for strict communications between authorised networks.
The land that works are defined as source and destination, and it really depends on your perspective. So, for example, when configuring your A c l on the headquarters router,
the source land I p. Seven, it will be
192 at once is a thought. Zero. That's zero.
We'll branch A's land I p sub net 172 That 16 to 550 will be the destination, or remote land
on Branch A's router.
Their source land will be 17 to 16 to 450 and their destination land will be
When configuring VPN, remember that the settings for encryption and hashing must match between piers.
All right, first quiz which parameters are required in order to complete your A C L configuration for enter end communication,
destination land that work in something. Mask and source. Land network. In some, that mess
site to site VPN is a typical set up between Internet gateways. Ritter usually routers or firewalls to allow security communications between two apartment networks.
BBN Configurations are applied on the gateways and includes I K E or Internet key exchange from matching security associations for Pierre authentication and secure data communications.
I can t communicates on UDP Port 500 on the source and destination devices and has two phases. I can t face one and ikey face to
Let's discuss the steps on how a VPN tunnel is established through i p SEC BBN The process begins with tunnel initiation by a simple pink test of the destination network, which creates interesting traffic and initiate psyche. Phase one
I can't fees. Oneness used to stop a secure communications between two piers and establishes to secure tunnel using Internet Security Association Key management protocol or ice. A camp
at this stage noted, isn't over yet.
I can't you face to is where the gateways negotiate the security protocols for secured or encrypted data communications. At this stage, you will also look into the source and destination. I p sub nets foreign and communications between private networks.
Once I he feast wanted to are established,
the transfer can begin between I be sick piers with encryption applied as the data travels over the Internet
and decrypted when it reaches its intended destination network.
If, after a certain amount of time or after a certain number of bytes, I p SEC association will either be deleted, their timed out and the keys will be discarded.
This means if a new data exchanges required between i p sec piers, I can't performs a new face to a times. The process may include having to re negotiate face one or reestablished the tunnel with new keys and essays
in the middle of a data transfer. You essays can be established before the old ones expire, allowing the data transfer to continue without interruptions.
Remote access VPN is where authorized users can securely access their private network from a portable device
such as a laptop tablet or smartphone. As long us into this available to them, it has installed a VPN client software
VP and configurations are applied on the Gateway and VPN client software.
BP and Gateway configurations includes the following parameters as part of their set up for remote access VPN
Tunnel group In authentication method. The tunnel group identifies the policies to be applied for this specific user group.
The policies include which re sources can be accessed.
Appreciate Key Option is an example of the VPN clients authentication method, which is used to establish a tunnel with the gateway. It is similar to ikey phase one policy Pure authentication.
Use Earth indication.
These are the user credentials used by the clients when they log in to access. Network resource is at headquarters network. Through the VPN,
user credentials can be stored in the gateways, local user authentication data base
or on the Triple A server.
I P address pool is a pool of dynamic I P addresses assigned by the gate waiting to remote BP and clients.
And secure Data Communications specifies the encryption and hashing algorithm that must match with the gateway and client.
Once all these configure races are in place in the gateway, the VPN client has his own configurations to set, which include
the when I P of the Gateway
and user authentication
using PB and the network operations ensures secure communications between peers, whether it be site to site between me being gateways or remote access between the VPN client and the VPN. Gateway
Dave Exchange within the VPN tunnel will be encrypted,
which includes user access and configurations me to the devices and systems on your network.
All right. Next quiz
BPM peers are authenticating their match shared keys in which faces this process take place.
Remember authentication and tunnel establishment between piers takes place in I can t phase one while negotiating security association parameters for data communication used to encrypt data happens in I k e fees too.
In today's video, we discuss the general requirements for VPN which were appears encryption and hashing algorithms and I p addressing
and we also learned how to site to site B P ends and remote access re peons are set up for secure communications.
Now on to our next topic regarding key rotation