IPSec VPN Design [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

IPSec VPN Design [Electronic resources] - نسخه متنی

Vijay Bollapragada

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

 

 

Sitemap

 

 

Table of Contents

 

Copyright

 

About the Authors

 

About the Technical Editors

 

Acknowledgments

 

This Book Is Safari Enabled

 

Icons Used in This Book

 

Command Syntax Conventions

 

Introduction

 

Chapter 1. Introduction to VPNs

 

Motivations for Deploying a VPN

 

VPN Technologies

 

Summary

 

Chapter 2. IPSec Overview

 

Encryption Terminology

 

IPSec Security Protocols

 

Key Management and Security Associations

 

Summary

 

Chapter 3. Enhanced IPSec Features

 

IKE Keepalives

 

Dead Peer Detection

 

Idle Timeout

 

Reverse Route Injection

 

Stateful Failover

 

IPSec and Fragmentation

 

GRE and IPSec

 

IPSec and NAT

 

Summary

 

Chapter 4. IPSec Authentication and Authorization Models

 

Extended Authentication (XAUTH) and Mode Configuration (MODE-CFG)

 

Mode-Configuration (MODECFG)

 

Easy VPN (EzVPN)

 

Digital Certificates for IPSec VPNs

 

Summary

 

Chapter 5. IPSec VPN Architectures

 

IPSec VPN Connection Models

 

Hub-and-Spoke Architecture

 

Full-Mesh Architectures

 

Summary

 

Chapter 6. Designing Fault-Tolerant IPSec VPNs

 

Link Fault Tolerance

 

IPSec Peer Redundancy Using SLB

 

Intra-Chassis IPSec VPN Services Redundancy

 

Summary

 

Chapter 7. Auto-Configuration Architectures for Site-to-Site IPSec VPNs

 

IPSec Tunnel Endpoint Discovery

 

Dynamic Multipoint VPN

 

Summary

 

Chapter 8. IPSec and Application Interoperability

 

QoS-Enabled IPSec VPNs

 

VoIP Application Requirements for IPSec VPN Networks

 

IPSec VPN Architectural Considerations for VoIP

 

Multicast over IPSec VPNs

 

Summary

 

Chapter 9. Network-Based IPSec VPNs

 

Fundamentals of Network-Based VPNs

 

The Network-Based IPSec Solution: IOS Features

 

Operation of Network-Based IPSec VPNs

 

Network-Based VPN Deployment Scenarios

 

Summary

 

 
توضیحات
افزودن یادداشت جدید







Summary


In this chapter, you reviewed a new type of VPN service known as network-based VPNs, which allow service providers to offer value-added services. The most common application for network-based VPNs is for MPLS VPN providers to extend their footprint to sites where they have no direct connectivity to the CEs. You reviewed various connection methods with which remote sites used IPSec to reach a network-based VPN. The various connection options (that is, IPSec, EzVPN, IPSec over GRE, and DMVPN) each provide unique capabilities and constraints. Service providers may offer a combination of these IPSec access methods based on the requirements of the customer's CE site or remote access client. The customer may choose the IPSec access protocol that best meets the needs of the VPN.

The service provider's value in providing IPSec access to network-based VPNs is to assume the role of traffic management and capacity planning. The PE effectively plays the role of the enterprise "hub" VPN gateway, but does so in a distributed manner. The provider is now responsible for managing the scalability and performance of the enterprise IPSec "hub," using the same principles described in the previous chapters. The enterprise is also able to leverage the provider's investment in redundant infrastructure. Likewise, the enterprise achieves any-to-any data paths between CE sites without having to invest in expensive CE equipment capable of building a full mesh of IPSec tunnels.

The primary drawback to the network-based VPN is that customer traffic is decrypted at the PE. The network-based VPN does require more coordination between the enterprise and provider with regards to ensuring that packet QoS attributes are treated appropriately and routing updates are processed appropriately. Despite the fact that traffic segregation is retained at the PE, many customers require encryption from CE to CE. CE to CE encryption requires a per-peer relationship. Running end-to-end encryption between the CE devices through the MPLS VPN negates many of the advantages of the MPLS VPN. Most significant losses are the any-to-any data connectivity, the optimized provisioning with O(1) changes per site, and the scalable routing relationships. These are significant trade-offs that network designers must consider when building a network-based VPN. The decision to use end-to-end IPSec or CE-PE IPSec in the context of a network-based VPN will be determined by taking into account security risks and potential threats.


/ 61