The process of establishing, maintaining, and tearing down an IPsec site-to-site VPN consists of five primary steps, which are illustrated in figure 19.4 and described in detail in the list that follows.
Step 1. PC1 sends traffic destined for PC2. Router 1 classifies the traffic as "interesting" traffic, and this classification initiates the creation of an IPsec tunnel.
Step 2. Router1 and Router2 negotiate an SA (security association) used to form an IKE (Internet Key exchange) Phase 1 tunnel, which is also known as an ISAKMP (Internet Security Association and Key Management Protocol) tunnel.
Step 3. Within the protection of the IKE Phase 1 tunnel, an IKE Phase 2 tunnel is negotiated and set up. An IKE Phase 2 tunnel is also known as an IPsec tunnel.
Step 4. After the IPsec tunnel is established, interesting traffic (for example traffic classified by an ACL) flows through the protected IPsec tunnel. Note that traffic not deemed interesting can still be sent between PC1 and PC2. However. the noninteresting traffic outside the protection of the IPsec tunnel.
Step 5. After no interesting traffic is seen for a specified amount of time, the IPsec tunnel is torn down and IPsec SA is deleted.
This example describes an IPsec site-to-site VPN, but the procedure is similar for a client-to-site VPN. IPsec is typically deployed using IKEv1, with its two phases (Phase 1 and Phase 2).
About The Author
Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor (CCSI) and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion-teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company, KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next-generation of KnowledgeNet, StormWind.com. Anthony is also a VMware Certified Professional.
CompTIA Network+ N10-008 Cert Guide contains proven study features that allow you to succeed on the exam the first time. Expert instructor Anthony Sequeira shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills, essential for successful completion of the performance-based testing items on the exam. This complete, CompTIA-approved study package includes the following:
• A test-preparation routine proven to help you pass the exams
• Clearly defined chapter learning objectives covering all N10-008 exam topics
• Chapter-ending review questions and exam preparation exercises, which help you drill on key concepts you must know thoroughly
• The powerful Pearson Test Prep practice test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
• 40 performance-based exercises to help you prepare for the hands-on exam questions
• A free copy of the CompTIA Network+ N10-008 Simulator Lite software, complete with meaningful lab exercises that enhance your hands-on skills
• More than 60 minutes of video mentoring
• A final preparation chapter that guides you through tools and resources to help you craft your review and test taking strategies
• An Exam Essentials appendix that quickly recaps all major chapter topics for easy reference, both in print and interactive digital format
• A key terms Glossary in both print and on the companion website, which acts as an interactive flash-card application
• Study plan suggestions and templates to help you organize and optimize your study time
• A 10% exam discount voucher (a $33+ value!)
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this approved study guide helps you master the concepts and techniques that ensure your exam success.
Master the topics on the CompTIA Network+ N10-008 exam, including:
• Network topologies and media types
• IP addressing
• Network services
• Data center architectures and cloud concepts
• Routing, Ethernet switching, and wireless networking
• Network availability and disaster recovery
• Network security
• Remote access
• Network troubleshooting
Reader Paulo Cardoso says, "This is a great book. In addition, it comes with great additional resources."
Learn more about the CompTIA Network+ N10-008 Cert Guide at amazon.com
More Network Security Articles:
• The Role of Security Penetration Testers
• Multi-Layered Approach to Cyber Security
• Difference Between Rule and Role Based Access Control
• How to Tell if Someone is Lurking on Your Wireless Network
• How to Secure Your Wireless Network
• Methods to Combat Distributed Denial of Service (DDoS) Attacks
• Understanding the Dangers Your Systems Face
• Overview of IPsec with IKEv1
• How SSL (Secure Sockets Layer) Works
• Wireless Network Security - The Basics of Securing a Wireless LAN