IPSec VPN Design

Description:

 

The definitive design and deployment guide for secure virtual private networks

• Learn about IPSec protocols and Cisco IOS IPSec packet processing
• Understand the differences between IPSec tunnel mode and transport mode
• Evaluate the IPSec features that improve VPN scalability and fault tolerance, such as dead peer detection and control plane keepalives
• Overcome the challenges of working with NAT and PMTUD
• Explore IPSec remote-access features, including extended authentication, mode-configuration, and digital certificates
• Examine the pros and cons of various IPSec connection models such as native IPSec, GRE, and remote access
• Apply fault tolerance methods to IPSec VPN designs
• Employ mechanisms to alleviate the configuration complexity of a large- scale IPSec VPN, including Tunnel End-Point Discovery (TED) and Dynamic Multipoint VPNs (DMVPN)
• Add services to IPSec VPNs, including voice and multicast
• Understand how network-based VPNs operate and how to integrate IPSec VPNs with MPLS VPNs

Among the many functions that networking technologies permit is the ability for organizations to easily and securely communicate with branch offices, mobile users, telecommuters, and business partners. Such connectivity is now vital to maintaining a competitive level of business productivity. Although several technologies exist that can enable interconnectivity among business sites, Internet-based virtual private networks (VPNs) have evolved as the most effective means to link corporate network resources to remote employees, offices, and mobile workers. VPNs provide productivity enhancements, efficient and convenient remote access to network resources, site-to-site connectivity, a high level of security, and tremendous cost savings.

 

IPSec VPN Design is the first book to present a detailed examination of the design aspects of IPSec protocols that enable secure VPN communication. Divided into three parts, the book provides a solid understanding of design and architectural issues of large-scale, secure VPN solutions. Part I includes a comprehensive introduction to the general architecture of IPSec, including its protocols and Cisco IOS® IPSec implementation details. Part II examines IPSec VPN design principles covering hub-and-spoke, full-mesh, and fault-tolerant designs. This part of the book also covers dynamic configuration models used to simplify IPSec VPN designs. Part III addresses design issues in adding services to an IPSec VPN such as voice and multicast. This part of the book also shows you how to effectively integrate IPSec VPNs with MPLS VPNs.

 

IPSec VPN Design provides you with the field-tested design and configuration advice to help you deploy an effective and secure VPN solution in any environment.

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

 

 

描述：
這本書是關於安全虛擬私人網路（VPN）設計和部署的權威指南。

- 學習有關IPSec協議和Cisco IOS IPSec封包處理的知識。
- 瞭解IPSec隧道模式和傳輸模式之間的差異。
- 評估提升VPN可擴展性和容錯能力的IPSec功能，例如死對等檢測和控制平面保持活動。
- 克服與NAT和PMTUD的相關挑戰。
- 探索IPSec遠程訪問功能，包括擴展驗證、模式配置和數字證書。
- 檢視各種IPSec連接模型（如本機IPSec、GRE和遠程訪問）的優缺點。
- 在IPSec VPN設計中應用容錯方法。
- 使用Tunnel End-Point Discovery（TED）和Dynamic Multipoint VPNs（DMVPN）等機制減輕大規模IPSec VPN的配置複雜性。
- 向IPSec VPN添加語音和多播等服務。
- 瞭解基於網絡的VPN的運作方式，以及如何將IPSec VPN與MPLS VPN集成。

在現今競爭激烈的商業環境中，組織能夠輕鬆且安全地與分支機構、移動用戶、遠程工作者和商業合作夥伴進行溝通是至關重要的。這種連接現在對於保持競爭力的業務生產力至關重要。儘管存在多種技術可以實現業務場所之間的互聯性，但基於互聯網的虛擬私人網路（VPN）已經成為將企業網絡資源與遠程員工、辦公室和移動工作者連接起來的最有效手段。VPN提供了提高生產力、高效便捷的遠程訪問網絡資源、站點到站點連接、高水平的安全性和巨大的成本節省。

《IPSec VPN設計》是第一本詳細介紹設計IPSec協議以實現安全VPN通信的書籍。分為三個部分，本書提供了對大規模安全VPN解決方案的設計和架構問題的全面理解。第一部分包括對IPSec的一般架構的全面介紹，包括其協議和Cisco IOS® IPSec實現細節。第二部分探討了IPSec VPN設計原則，包括集線器-分支、全網格和容錯設計。本書的這一部分還涵蓋了用於簡化IPSec VPN設計的動態配置模型。第三部分討論了向IPSec VPN添加語音和多播等服務的設計問題。本書的這一部分還展示了如何有效地將IPSec VPN與MPLS VPN集成。