IPsec VPN Introduction - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] in this video we'll get into some of the basically direction of IPSec VPN what is what is exactly IPSec so first of all we'll start up with some of the basic review of the VPNs and then we'll talk about what is IPSec and what exactly it is going to provide and then finally we will see some of the VPN types implementations we can we can have by using IPSec if you just go with the basics of the VPNs what we have discussed in our VPN frictions in the previous videos we have we have something like a virtually private network which is going to replace most of the point-to-point connection and we can have a virtually a point-to-point connection over the existing it can be a service for network or it can be an Internet as well so virtually is going to have a dedicated point-to-point connection established now we've got some different implementations like we have some GRE implementations because from dmvpn even we got from MPLS or l2tp v3 protocols frame relay now IPSec is going to be something different here now the main main reason of implementing I see sig here is to provide some more security for your information when it goes over a private or public network it can be an internet or any other network Nyepi SiC is a protocol a set of protocols we can say which was developed by internet Engineering Task Force which is going to allow the communication between the two different hosts like in our scenario likes a router what router two we want them to communicate over to the existing network in their most secure manners by by doing some authentication and by doing some encryption kind of things so in a simple way is going to create a secured channel or the second communication process between the two hosts or two devices over any any other network any public network so now this IPSec can be implemented individually with some IPSec VPN or we can implement this IPSec protocols over GRE or or dmvpn kind of commendations now it's going to support from from very small to very large size networks and this IPSec feature is is available in the Cisco I based version and also it includes in the different big firewalls and ASF firewalls as well now here our main focus will be on going through with IPSec features in the later on videos we'll see how to implement this IP 6 on a Cisco IOS routers so let's let's try to get into some of the features what IPSec is going to provide IPSec majorly provide four different options it's going to provide you the confidentiality data integrity authentication and replay detection or anti replay preventing from and replay attacks let's try to understand one by one like the first thing authentication now syndication is a method of verifying the piece by by using some passwords like probably let's say I want to build a VPN connection between these two different locations and I want to ensure that the remote device is the exact device so what we'll do is we'll go with some authentication process we'll configure some password on both those sites and if the password matches it's going to verify and if the password matches and only the connection will be established authentication will ensure that the remote piece is is the correct piece which we are going to connect and it's going to authenticate the data origin as well so authentication is more similar to the normal authentication which we do or we can have some different authentication methods as well so the IPSec is going to provide you the data original indication and the remote purification and apart from that it also provides you something called data integrity no data integrity is a method veil particular data let's say your information is carrying over the network now probably you need to ensure that your data should not be modified by anyone so that's what we call as integrity so it is going to run some algorithm on this side we call it as a hashing algorithm and then it is going to send that code the information code over the network and it's going to run the same algorithm on the other side and if the algorithm code matches on both the sides it means that no one has modified the information so let's say something changed by anyone automatically the algorithm code will will not match automatically okay it's something like you know day to day examples we can say that let's say I have a bank account in a DC bank and I'm transferring some amount to my another Bank X Y Z I'm doing some online transfer and I want to ensure that no one modifies this information to his destination so something was hashing algorithms will allow you to do so it n chose that no one has modified anything in that particular packet so that's what we call as data integrity now the next thing it also provides you some something like data confidentiality ensuring that no one raised that information so like then when the information is going probably there the IPSec VPN support some of the encryption algorithms which will completely encrypt your information into an unreadable format so that even if someone captures this information probably he will not be able to figure out the exact exact text so and then on the remote end so is they'll be using some keys and based on that kids they will extract the clear text again now this is going to ensure that your data is not visible to any third parties no notes poor no sloping or wiretapping something like that now the next thing so apart from that it also provides used something called replay detection replay detection is a method to ensure that when you're sending information it is received only one because there is one kind of attack called replays replay attacks where the attacker can resend the same information for authentication probably that is something can be avoided here it's a security service where the receiver will reject the hold or duplicate package in order to overcome the replay attacks now these are the four different kinds of features what IPSec provides which make your information is as secure as you will lease line or a dedicated line connection so even though we are connecting over a public network or any other network still we are sending the information as secure as it is in your private network so that that's one of the thing what IPSec is going to provide us the next thing we'll talk about some of the basic VPN kind of implementations we can have is IP six we've got two different types of regions you have something called side to side regions and remote site VPN now the difference is in case of side to side VPNs we have a branch office almost a complete slam because from multiple branch offices here like we saw some different lands and we are allowing you to have virtually a point-to-point connection established between each and every site now probably these devices can be around us or it can be a firewall which will be acting as your VPN D value now we are going to have a virtually a point-to-point connection between site to site more like a dedicated one connection so we call this kind of VPN has a site-to-site VPN we'll see some of the basic implementations of the VPN side to side median implementation in the later on sessions and we've got another kind of VPN called remote access VPN or remote site VPN now in case of remote site VPN the client is going to connect to the production network probably from a remote place now the remote place can be maybe the user is sitting in his home or probably is moving around on a different locations probably is something like marketing manager or maybe he is moving into different locations probably it can connect from any one of his hotel rooms or from any any specific location or from the conference room now the location can be anywhere so he is going to connect what is going to do is is going to install some kind of software we called as b10 client software which will allow him to run this application once you click on it it's going to set up a connects over the existing internet and then he's going to connect the remote network and he can access the resources in the lab as if he is sitting in the land so you can access the resources as if he was sitting in the land and in a more secure way now this what we call as a remote site VPN [Music]

Info

Channel: Sikandar Shaik

Views: 125,983

Rating: 4.8253751 out of 5

Keywords: ccna, ccna videos, noa, ccnp, noa videos, cisco, ccie, subnetting, ccna security, bgp, ospf, firewall, ccna subnetting, ipv6, bgp videos, stp, ccna vdieos, ccna free video, ccie certification, ios, iou, virtual, eigrp, cisco virtual lab, iosv, asav, gns3, routing, noa vdieos, noa solutions, zone based firewall, zone pair, zbf, flsm, cisco firewall, cisco security, cisco certifications, wan, ip addressing, netmetric, vlsm, eigrp configuration, vlan, noa, ccnp, noa videos, cisco

Id: rxKbqR_jzVA

Channel Id: undefined

Length: 9min 17sec (557 seconds)

Published: Fri Jan 20 2017