Introduction to VPNs (and a magic trick!)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
the next wind technology we want to talk about is a VPN a virtual private network and the cool thing about a VPN is it can allow us to have a private conversation over an untrusted Network like the Internet so a VPN actually gets established over your internet connection at least it can work that way let's take a look at a few benefits of a VPN number one like we just said we can use existing broadband technologies that we may already have in our home or small office like DSL or cable and this is a very scalable solution because if we need to add on a new client a new site that client or that site they just need internet access and then they can connect back to us at the main site of course that main site that we're connecting into whatever we're using as a VPN concentrator there may be a Cisco a sa and adaptive security appliance maybe a Cisco router it has to have capacity to handle all of these incoming VPN sessions but that's about it and thirdly as we mentioned we are able to securely transmit data over an untrusted Network like the Internet this is one of the reasons years ago people would use frame relay or they would have a leased line connection between two sites because they didn't want to send that traffic over the public Internet it was private it was confidential information however now we have the ability to protect information flowing over that VPN and Cisco gives us two broad categories of VPNs number one we have a site-to-site VPN that's what we have here we've got location a we've got location B and we have the routers at each side or these could be adaptive security appliances but here I've got routers at each site that are acting as the end points in this VPN in other words this connection is totally transparent to the end-user we don't have to load up any special VPN client software on our PC now we just go to the router and the router is going to encrypt the traffic and send it over a VPN tunnel over to the other router another type of VPN that we have is a remote access VPN a remote access VPN is where the PC or the device connecting into the VPN that's where the authentication is going to be done we've got a couple of options that use SSL Secure Sockets Layer with one option we do not have to install any special client software on the PC we can just use our web browser and using HTTP we're going to be able to connect to a website maybe back at the main office to give us access to that main offices Network this is called a client las' cisco SSL VPN maybe you're visiting a public library and you need to securely get back into your office well this is an option for doing that another option is to install some client software on that device maybe you install the cisco anyconnect SSL VPN software and for years here's what I've been running I've been running the cisco VPN client on my machine to get back to my corporate office but the bottom line is we have different VPN client options your operating system may come with a VPN client but let's talk for a moment about the actual technology that is going to secure communication between these sites the most popular way of doing this is to use something called IPSec which is short for IP security let's discuss IPSec in a bit more detail IPSec is going to allow us to protect data flowing between a couple of different sites it's going to give us several benefits for example it's going to give us confidentiality through the encryption of our data it's going to give us data integrity making sure that data has not been modified in transit that's done via a hashing algorithm it's going to give us authentication where parties at each end of the tunnel have to prove they are who they claim to be and it's going to give us anti replay protection so somebody could not do a packet capture of a successful login and then play that back to get logged in again and I wanted to show you through a metaphor what it's like to set up an IPSec tunnel it's really a tunnel within a tunnel on the outer side of this IPSec tunnel we have an IKE phase one or an ISO Kempe tunnel that's what's represented by this box now the actual data is not being protected by this tunnel why do we need this isuh camp this is one tunnel well it's within the protection of this outer tunnel that we negotiate the configuration of the inner tunnel this is the ight phase 2 or the IPSec tunnel it's within the IPSec tunnel that our data is actually going to flow it's actually going to be protected so right now we have data going through that inner tunnel now you don't see it here because it's protected you don't see it here because it's all encrypted the point is the outer tunnel is used to negotiate the configuration of the inner tunnel and the inner tunnel through its encryption and hashing algorithms that's going to protect the inner data of course if we were to take away all the tunnel ladders we got rid of the adult unknow and we got rid of the inner tunnel then we would see our traffic as represented here by this bottle of orange juice but there is a downside to IPSec that I want you to know about IPSec can only protect unicast IP traffic what about multicast what about broadcast well what a lot of people do is play a little trick they take their IP unicast broadcast multicast as well as non IP traffic and they encapsulate those packets in a GRE tunnel so we've got a GRE tunnel inside of an IPSec tunnel because GRE it's going to be able to encapsulate just about anything we could send out of an interface and if you take a look at a GRE packet what is it it's a unicast IP packet meaning that that GRE packet can be protected by an IPSec tunnel and at the CCNA level we're not going to get into the configuration of IPSec tunnel but I do want to show you how to configure a basic GRE tunnel let's do that next let's see how easy it is to create a GRE tunnel between these two routers notice that we've got IP addresses assigned to the physical interfaces already 10.1.1.1 on router r1 10.1.1.1 router r2 what we're gonna do is define a virtual interface on each of these routers a virtual tunnel interface here's how this works let's go into global configuration mode and let's just create out of thin air a virtual tunnel interface I'm gonna say interface tunnel and we give it a number I'll just say tunnel 1 and we say who's the source I'll say tunnel source is gonna be the IP address of the serial 1/0 interface it's going to be 10.1.1.1 and I'll say what's the destination it's going to be the far side of that serial link the tunnel destination is going to be 10.1.1.10 Syme in this interface configuration mode I need to assign an IP address to this interface it's gonna be on a different subnet I'm going to say that this tunnel interface has an IP address of 172 dot 16 dot one dot one with a 30 bit subnet mask let's go do the same thing on router r2 just pointing back in the other direction on router r2 let's go into interface tunnel 1 and we'll say the tunnel source is the IP address on this router 10.1.1.1 say the tunnel destination is the other side 10.1.1.1 let's assign an IP address it's gonna be on the same subnet as the IP address we assigned over on router r1 let's make it 172 dot 16 dot 1 dot 2 with a 30 bit subnet mask and we're done it's that easy to create a tunnel let's make sure we have connectivity across this tunnel can I ping the tunnel interface on r1 let's try ping 172 dot 16 dot 1.1 yes I can that is successful let's give a couple of show commands also to confirm this configuration if I do a show IP interface brief we see that this virtual tunnel interface is showing up side-by-side with our physical interfaces it's in the up up State and I can do a show interface ease tunnel 1 to see more specific information about it for example I can see that we're using GRE encapsulation that's what we said is a good combination to use with IPSec and we can also see the tunnel source and destination well that's going to wrap up our video which gave us an introduction to Virtual Private Networks VPNs
Info
Channel: Kevin Wallace Training, LLC
Views: 17,922
Rating: 4.9536681 out of 5
Keywords: cisco, ccna, ccnp, ccie, ccdp, Cisco Career Certifications, Kevin Wallace, 1ExamAMonth, 200-120, 100-101, 200-101, CCNA, Cisco CCNA, CCENT, VPN, ROUTE, #kwtrain
Id: Id_A0fBlp3o
Channel Id: undefined
Length: 9min 3sec (543 seconds)
Published: Wed Jun 25 2014
Related Videos
What is SD-WAN and why do you need it? Quick Explainer Video
Dell
113K
How to Study for Cisco CCNA Certification Exam - CCNA Study Tips
ITProTV
6.7K
OSI Model Deep Dive
Kevin Wallace Training, LLC
50K
Subnet Mask - Explained
PowerCert Animated Videos
235K
Fundamentals of SD-WAN
Kevin Wallace Training, LLC
116K
TCP/IP and Subnet Masking
Eli the Computer Guy
3.5M
MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets
CBT Nuggets
324K
SNMP Explained | Simple Network Management Protocol | Cisco CCNA 200-301
CertBros
50K
How to setup Site to Site (S2S) VPN from local OnPrem to Azure Cloud in 10 steps
ConsulCat
16K
Home Network Tour - 2021
Kevin Wallace Training, LLC
26K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.