IPSec VPN Design [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

IPSec VPN Design [Electronic resources] - نسخه متنی

Vijay Bollapragada

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

 

 

Sitemap

 

 

Table of Contents

 

Copyright

 

About the Authors

 

About the Technical Editors

 

Acknowledgments

 

This Book Is Safari Enabled

 

Icons Used in This Book

 

Command Syntax Conventions

 

Introduction

 

Chapter 1. Introduction to VPNs

 

Motivations for Deploying a VPN

 

VPN Technologies

 

Summary

 

Chapter 2. IPSec Overview

 

Encryption Terminology

 

IPSec Security Protocols

 

Key Management and Security Associations

 

Summary

 

Chapter 3. Enhanced IPSec Features

 

IKE Keepalives

 

Dead Peer Detection

 

Idle Timeout

 

Reverse Route Injection

 

Stateful Failover

 

IPSec and Fragmentation

 

GRE and IPSec

 

IPSec and NAT

 

Summary

 

Chapter 4. IPSec Authentication and Authorization Models

 

Extended Authentication (XAUTH) and Mode Configuration (MODE-CFG)

 

Mode-Configuration (MODECFG)

 

Easy VPN (EzVPN)

 

Digital Certificates for IPSec VPNs

 

Summary

 

Chapter 5. IPSec VPN Architectures

 

IPSec VPN Connection Models

 

Hub-and-Spoke Architecture

 

Full-Mesh Architectures

 

Summary

 

Chapter 6. Designing Fault-Tolerant IPSec VPNs

 

Link Fault Tolerance

 

IPSec Peer Redundancy Using SLB

 

Intra-Chassis IPSec VPN Services Redundancy

 

Summary

 

Chapter 7. Auto-Configuration Architectures for Site-to-Site IPSec VPNs

 

IPSec Tunnel Endpoint Discovery

 

Dynamic Multipoint VPN

 

Summary

 

Chapter 8. IPSec and Application Interoperability

 

QoS-Enabled IPSec VPNs

 

VoIP Application Requirements for IPSec VPN Networks

 

IPSec VPN Architectural Considerations for VoIP

 

Multicast over IPSec VPNs

 

Summary

 

Chapter 9. Network-Based IPSec VPNs

 

Fundamentals of Network-Based VPNs

 

The Network-Based IPSec Solution: IOS Features

 

Operation of Network-Based IPSec VPNs

 

Network-Based VPN Deployment Scenarios

 

Summary

 

 
توضیحات
افزودن یادداشت جدید







Summary


We provided two viable means of building auto-configuration IPSec VPNs using dynamic IPSec connection models. In both methods, the configuration complexity is dramatically simplified while temporarily establishing IPSec connections for specific data flows. The models conserve IPSec resources that may be critical in low-end routers where full-mesh networks are required. The spoke-to-spoke IPSec SAs are established only when direct traffic flows are present and may use dynamically assigned backbone interfaces. Once the traffic flows are present, the IPSec proxies are automatically instantiated based on traffic flow requirements. All of these attributes enable the IPSec VPN to scale to very large network topologies.

You learned that there are limitations with both of the auto-configuration modelsparticularly with key management. However, DMVPN has some significant advantages. Particularly, the DMVPN leverages the mGRE encapsulation process to allow private address to traverse public IP networks. In addition, the mGRE interface supports multicast traffic. The multicast-capable mGRE interface enables IPSec protection of routing protocols and also allows other multicast routing processes to function on the IPSec VPN.

Clearly, the DMVPN model facilitates the creation of a robust IPSec VPN that scales to large networks while conserving resources in low-end routers that do not require permanent IPSec connections to all members of the VPN. You also saw that the DMVPN model can significantly simplify the configuration of the basic hub-and-spoke configuration. Even if there is no requirement for spoke-to-spoke traffic, the DMVPN is quite useful for operational simplification. DMVPN does support spokes with dynamical public addresses because the NHRP process provides a means of reconciling the private to public address for each spoke registered with the NHRP server.

You have observed several ways in which constraints come into play when designing large networks, especially in the areas of provisioning, peer termination scalability, and fault tolerance. The next chapter addresses many of the scalability and performance limitations that dominate the design criteria when building large IPSec VPNs.


/ 61