Time
1 hour 43 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
Hi, everyone. Let's get started on BP and Technology,
00:05
BBN or Virtual private networks. Create a secure tunnel from one private network toe another over a public network and applies encryption and hashing on the data as a transit over the Internet
00:20
and uses security protocols for authentication and aims to protect the confidentiality and integrity of data as it travels through an unsecure network.
00:34
Generally when setting up a VPN, the following requirements should be accounted for.
00:40
Piers are the number devices used. Establish a BB in connection. Hence you will need to ensure that the peers are compatible to support the same protocols. Or, if you're using different hardware brands such as Cisco and Fortinet.
00:55
Ensure interoperability.
00:59
You should define the algorithms you plan to use for hashing and encryption
01:03
and include the key size length you want to use
01:07
off course. The higher the key size, the more secure.
01:11
However, make sure that both peer support those parameters.
01:15
At times, you may need to use a legacy particle like three D E S instead of a s for backwards compatibility purposes, so that a more than technology device can establish a connection with the Legacy Technology Device
01:33
and consider what available public i p or went I p you want to use
01:38
and the private sub nets or land networks that require and toe and communication as it is required to be specified in an access control list. But a C L
01:49
for strict communications between authorised networks.
01:53
The land that works are defined as source and destination, and it really depends on your perspective. So, for example, when configuring your A c l on the headquarters router,
02:05
the source land I p. Seven, it will be
02:07
192 at once is a thought. Zero. That's zero.
02:12
We'll branch A's land I p sub net 172 That 16 to 550 will be the destination, or remote land
02:21
on Branch A's router.
02:23
Their source land will be 17 to 16 to 450 and their destination land will be
02:30
192.168 that 00
02:35
When configuring VPN, remember that the settings for encryption and hashing must match between piers.
02:46
All right, first quiz which parameters are required in order to complete your A C L configuration for enter end communication,
02:53
choose to answers
03:07
destination land that work in something. Mask and source. Land network. In some, that mess
03:16
site to site VPN is a typical set up between Internet gateways. Ritter usually routers or firewalls to allow security communications between two apartment networks.
03:29
BBN Configurations are applied on the gateways and includes I K E or Internet key exchange from matching security associations for Pierre authentication and secure data communications.
03:42
I can t communicates on UDP Port 500 on the source and destination devices and has two phases. I can t face one and ikey face to
03:55
Let's discuss the steps on how a VPN tunnel is established through i p SEC BBN The process begins with tunnel initiation by a simple pink test of the destination network, which creates interesting traffic and initiate psyche. Phase one
04:11
I can't fees. Oneness used to stop a secure communications between two piers and establishes to secure tunnel using Internet Security Association Key management protocol or ice. A camp
04:23
at this stage noted, isn't over yet.
04:26
I can't you face to is where the gateways negotiate the security protocols for secured or encrypted data communications. At this stage, you will also look into the source and destination. I p sub nets foreign and communications between private networks.
04:42
Once I he feast wanted to are established,
04:45
the transfer can begin between I be sick piers with encryption applied as the data travels over the Internet
04:51
and decrypted when it reaches its intended destination network.
04:55
If, after a certain amount of time or after a certain number of bytes, I p SEC association will either be deleted, their timed out and the keys will be discarded.
05:05
This means if a new data exchanges required between i p sec piers, I can't performs a new face to a times. The process may include having to re negotiate face one or reestablished the tunnel with new keys and essays
05:21
in the middle of a data transfer. You essays can be established before the old ones expire, allowing the data transfer to continue without interruptions.
05:33
Remote access VPN is where authorized users can securely access their private network from a portable device
05:41
such as a laptop tablet or smartphone. As long us into this available to them, it has installed a VPN client software
05:50
VP and configurations are applied on the Gateway and VPN client software.
06:00
BP and Gateway configurations includes the following parameters as part of their set up for remote access VPN
06:06
Tunnel group In authentication method. The tunnel group identifies the policies to be applied for this specific user group.
06:15
The policies include which re sources can be accessed.
06:17
Appreciate Key Option is an example of the VPN clients authentication method, which is used to establish a tunnel with the gateway. It is similar to ikey phase one policy Pure authentication.
06:31
Use Earth indication.
06:33
These are the user credentials used by the clients when they log in to access. Network resource is at headquarters network. Through the VPN,
06:42
user credentials can be stored in the gateways, local user authentication data base
06:46
or on the Triple A server.
06:50
I P address pool is a pool of dynamic I P addresses assigned by the gate waiting to remote BP and clients.
07:00
And secure Data Communications specifies the encryption and hashing algorithm that must match with the gateway and client.
07:10
Once all these configure races are in place in the gateway, the VPN client has his own configurations to set, which include
07:17
the when I P of the Gateway
07:20
Tunnel group name
07:21
tunnel authentication
07:24
and user authentication
07:30
using PB and the network operations ensures secure communications between peers, whether it be site to site between me being gateways or remote access between the VPN client and the VPN. Gateway
07:44
Dave Exchange within the VPN tunnel will be encrypted,
07:46
which includes user access and configurations me to the devices and systems on your network.
07:57
All right. Next quiz
07:59
BPM peers are authenticating their match shared keys in which faces this process take place.
08:20
I can t face one.
08:22
Remember authentication and tunnel establishment between piers takes place in I can t phase one while negotiating security association parameters for data communication used to encrypt data happens in I k e fees too.
08:41
In today's video, we discuss the general requirements for VPN which were appears encryption and hashing algorithms and I p addressing
08:50
and we also learned how to site to site B P ends and remote access re peons are set up for secure communications.
08:58
Now on to our next topic regarding key rotation

Up Next

Network Operational Management

This course is designed to help network specialists understand the responsibilities and best practices involved with monitoring and managing network operations.

Instructed By

Instructor Profile Image
Sheane Jayne
Network Engineer
Instructor