Instructor Materials – Chapter 8: Implementing Virtual Private Networks
Chapter Outline:
8.0 Introduction
8.1 VPNs
8.2 IPsec VPN Components and Operations
8.3 Implementing Site-to-Site IPsec VPNs with CLI
8.4 Summary
Section 8.1: VPNs
Topic 8.1.1: VPN Overview
- Introducing VPNs
- Layer 3 IPsec VPNs
Topic 8.1.2: VPN Technologies
- Two Types of VPNs
- Components of Remote-Access VPNs
- Components of Site-to-Site VPNs
Section 8.2: IPsec VPN Components and Operation
Topic 8.2.1: Introducing IPsec
- IPsec Technologies
- Confidentiality
- Integrity
- Authentication
- Secure Key Exchange
Topic 8.2.2: IPsec Protocols
- IPsec Protocol Overview
- Authentication Header
- ESP
- ESP Encrypts and Authenticates
- Transport and Tunnel Modes
Topic 8.2.3: Internet Key Exchange
- The IKE Protocol
- Phase 1 and 2 Key Negotiation
- Phase 2: Negotiating SAs
Section 8.3: Implementing Site-to-Site IPsec VPNs with CLI
Topic 8.3.1: Configuring a Site-to-Site IPsec VPN
- IPsec Negotiation
- Site-to-Site IPsec VPN Topology
- IPsec VPN Configuration Tasks
- Existing ACL Configurations
- Introduction to GRE Tunnels
Topic 8.3.2: ISAKMP Policy
- The Default ISAKMP Policies
- Syntax to Configure a New ISAKMP Policy
- XYZCORP ISAKMP Policy Configuration
- Configuring a Pre-Shared Key
Topic 8.3.3: IPsec Policy
- Define Interesting Traffic
- Configure IPsec Transform Set
Topic 8.3.4: Crypto Map
- Syntax to Configure a Crypto Map
- XYZCORP Crypto Map Configuration
- Apply the Crypto Map
Topic 8.3.5: IPsec VPN
- Send Interesting Traffic
- Verify ISAKMP and IPsec Tunnels
Section 8.4: Summary
Chapter Objectives:
- Explain the purpose of VPNs.
- Explain how IPsec VPNs operate.
- Configure a site-to-site IPsec VPN, with pre-shared key authentication,
using the CLI.