session_09_vpn__ipsec__and_tls_101908

Mogollon 0108 7 7 vpn ipsec and tls vpn applications

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: e seen my message. • I know that the message recipient can’t deny receiving my message. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 7 7 VPN, IPSec and TLS VPN Applications: Extranets and Remote Access Security Policy Server Security Policy Server Internet Server Tunnel Mode Gateway Transport Mo de Protected Subnet • Tunnel Mode • Certificate Authority Protected Subnet Mobile Workforce with IPsec Client Software Authentication is provided between a client and a corporate VPN device, or between two VPN devices. Transport Mode Authentication is provided directly between a client and a server or between two work stations. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 8 • A VPN is a private network, built on top of a public network, in which secure connections are set up dynamically between a sender and a receiver. In networks, virtual implies that connections are set up according to the organizational needs. • A VPN connection is established either by LAN to LAN or client to LAN connections. Gateway switches integrate all of the features needed (firewall, filtering, tunneling, security, bandwidth management and policy management) for high performance, reliable, and secure virtual private networking. Features may include the following: o Support for Point-to-Point Tunneling Protocol (PPTP), L2F, and IPsec with internet key exchange and X.509 Digital Certificates. o AES, DES, triple DES and RC4 encryption with MD5 and SHA hashing. o Internal or external LDAP, RADIUS, NT Domains, and token card authentication services. • The paths that the encapsulated packets follow in the Internet VPNs are called tunnels, not virtual circuits. Part of the encapsulation process performed by a tunnel endpoint includes adding a new address to the packet; this address is the one corresponding to the other endpoint of the tunnel. • Transport mode is employed between a pair of host for end-to-end security service. • Whenever either end of a security association (SA) is a security gateway the SA must be a tunnel. When the security gateway is acting as a host, then transport mode i...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online