Comparing, Designing, and Deploying VPNs

Comparing, Designing, and Deploying VPNs

3 (2 ratings by Goodreads)
By (author) 

List price: US$85.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

A practical guide for comparing, designing, and deploying IPsec, MPLS Layer 3, L2TPv3, L2TPv2, AToM, and SSL virtual private networksExplore the major VPN technologies and their applications, design, and configurations on the Cisco IOS (R) Router, Cisco (R) ASA 5500 Series, and the Cisco VPN 3000 Series Concentrator platforms Compare the various VPN protocols and technologies, learn their advantages and disadvantages, and understand their real-world applications and methods of integration Find out how to design and implement Secure Socket Layer (SSL) VPNs, including consideration of clientless operation, the Cisco SSL VPN Client, the Cisco Secure Desktop, file and web server access, e-mail proxies, and port forwarding Learn how to deploy scalable and secure IPsec and L2TP remote access VPN designs, including consideration of authentication, encryption, split-tunneling, high availability, load-balancing, and NAT transparency Master scalable IPsec site-to-site VPN design and implementation including configuration of security protocols and policies, multiprotocol/ multicast traffic transport, NAT/PAT traversal, quality of service (QoS), Dynamic Multipoint VPNs (DMVPNs), and public key infrastructure (PKI)Virtual private networks (VPNs) enable organizations to connect offices or other sites over the Internet or a service provider network and allow mobile or home-based users to enjoy the same level of productivity as those who are in the same physical location as the central network. However, with so many flavors of VPNs available, companies and providers are often hard pressed to identify, design, and deploy the VPN solutions that are most appropriate for their particular network architecture and service needs. Comparing, Designing, and Deploying VPNs brings together the most popular VPN technologies for convenient reference. The book examines the real-world operation, application, design, and configuration of the following site-to-site VPNs: Layer 2 Tunneling Protocol version 3 (L2TPv3)-based Layer 2 VPNs (L2VPN); Any Transport over MPLS (AToM)-based L2VPN; MPLS Layer 3-based VPNs; and IP Security (IPsec)-based VPNs. The book covers the same details for the following remote access VPNs: Layer 2 Tunneling Protocol version 2 (L2TPv2) VPNs; L2TPv3 VPNs; IPsec-based VPNs; and Secure Socket Layer (SSL) VPNs. Through the operation, application, and configuration details offered in each chapter, you'll learn how to compare and contrast the numerous types of VPN technologies, enabling you to consider all relevant VPN deployment options and select the VPN technologies that are most appropriate for your network. Comparing, Designing, and Deploying VPNs begins with an introduction of the types of VPNs available. Subsequent chapters begin with an overview of the technology, followed by an examination of deployment pros and cons that you can use to determine if the particular VPN technology is appropriate for your network. Detailed discussion of design, deployment, and configuration make up the heart of each chapter. Appendix A offers insight into two multipoint emulated LAN services that can be deployed over a MAN or WAN: Virtual Private LAN Service (VPLS) and IP-only Private LAN Service (IPLS). If you are a network architect, network engineer, network administrator, an IT manager, or CIO involved in selecting, designing, deploying, and supporting VPNs, you'll find Comparing, Designing, and Deploying VPNs to be an indispensable reference. This book is part of the Cisco Press (R) Networking Technology Series, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.show more

Product details

  • Paperback | 1080 pages
  • 185.4 x 231.1 x 55.9mm | 1,723.67g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587051796
  • 9781587051791
  • 2,434,281

Back cover copy

A practical guide for comparing, designing, and deploying IPsec, MPLS Layer 3, L2TPv3, L2TPv2, AToM, and SSL virtual private networks Explore the major VPN technologies and their applications, design, and configurations on the Cisco IOS(R) Router, Cisco(R) ASA 5500 Series, and the Cisco VPN 3000 Series Concentrator platforms Compare the various VPN protocols and technologies, learn their advantages and disadvantages, and understand their real-world applications and methods of integration Find out how to design and implement Secure Socket Layer (SSL) VPNs, including consideration of clientless operation, the Cisco SSL VPN Client, the Cisco Secure Desktop, file and web server access, e-mail proxies, and port forwarding Learn how to deploy scalable and secure IPsec and L2TP remote access VPN designs, including consideration of authentication, encryption, split-tunneling, high availability, load-balancing, and NAT transparency Master scalable IPsec site-to-site VPN design and implementation including configuration of security protocols and policies, multiprotocol/ multicast traffic transport, NAT/PAT traversal, quality of service (QoS), Dynamic Multipoint VPNs (DMVPNs), and public key infrastructure (PKI) Virtual private networks (VPNs) enable organizations to connect offices or other sites over the Internet or a service provider network and allow mobile or home-based users to enjoy the same level of productivity as those who are in the same physical location as the central network. However, with so many flavors of VPNs available, companies and providers are often hard pressed to identify, design, and deploy the VPN solutions that are most appropriate for their particular network architecture and service needs. "Comparing, Designing, and Deploying VPNs" brings together the most popular VPN technologies for convenient reference. The book examines the real-world operation, application, design, and configuration of the following site-to-site VPNs: Layer 2 Tunneling Protocol version 3 (L2TPv3)-based Layer 2 VPNs (L2VPN); Any Transport over MPLS (AToM)-based L2VPN; MPLS Layer 3-based VPNs; and IP Security (IPsec)-based VPNs. The book covers the same details for the following remote access VPNs: Layer 2 Tunneling Protocol version 2 (L2TPv2) VPNs; L2TPv3 VPNs; IPsec-based VPNs; and Secure Socket Layer (SSL) VPNs. Through the operation, application, and configuration details offered in each chapter, you'll learn how to compare and contrast the numerous types of VPN technologies, enabling you to consider all relevant VPN deployment options and select the VPN technologies that are most appropriate for your network. "Comparing, Designing, and Deploying VPNs" begins with an introduction of the types of VPNs available. Subsequent chapters begin with an overview of the technology, followed by an examination of deployment pros and cons that you can use to determine if the particular VPN technology is appropriate for your network. Detailed discussion of design, deployment, and configuration make up the heart of each chapter. Appendix A offers insight into two multipoint emulated LAN services that can be deployed over a MAN or WAN: Virtual Private LAN Service (VPLS) and IP-only Private LAN Service (IPLS). If you are a network architect, network engineer, network administrator, an IT manager, or CIO involved in selecting, designing, deploying, and supporting VPNs, you'll find "Comparing, Designing, and Deploying VPNs" to be an indispensable reference. This book is part of the Cisco Press(R) Networking Technology Series, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.show more

About Mark Lewis

Mark Lewis, CCIE (R) No. 6280, is technical director of MJL Network Solutions (www.mjlnet.com), a leading provider of internetworking solutions that focuses on helping enterprise and service provider customers to implement leading-edge technologies. Mark specializes in next-generation network technologies and has extensive experience designing, deploying, and migrating large-scale IP/MPLS networks. He is an active participant in the IETF, a member of the IEEE, and a certified Cisco Systems (R) instructor. Mark is the author of Troubleshooting Virtual Private Networks, published by Cisco Press.show more

Table of contents

IntroductionPart I Understanding VPN TechnologyChapter 1 What Is a Virtual Private Network?VPN DevicesVPN Technologies and ProtocolsModeling and Characterizing VPNsDeploying Site-to-Site and Remote Access VPNs: A ComparisonSummaryReview QuestionsPart II Site-to-Site VPNsChapter 2 Designing and Deploying L2TPv3-Based Layer 2 VPNsBenefits and Drawbacks of L2TPv3-Based L2VPNsL2TPv3 Pseudowire OperationL2TPv3 Deployment ModelsL2TPv3 Message TypesThe L2TPv3 Control ConnectionConfiguring and Verifying L2TPv3 PseudowiresDeploying L2TPv3 Pseudowires with Dynamic Session SetupImplementing L2TPv3 Pseudowire-Based L2VPNs Using Static Session ConfigurationL2VPN Interworking with L2TPv3Transporting IPv6 over an IPv4 Backbone Using IPv6 Protocol DemultiplexingProvisioning Quality of Service for L2TPv3 PseudowiresAvoiding Packet Fragmentation and Packet Drops with L2TPv3 PseudowiresSummaryReview QuestionsChapter 3 Designing and Implementing AToM-Based Layer 2 VPNsBenefits and Drawbacks of AToM-Based L2VPNsAToM Pseudowire OperationControl Channel MessagesAToM Data Channel Packet ForwardingDeploying AToM PseudowiresImplementing AToM Pseudowires for Ethernet Traffic TransportDeploying AToM Pseudowires for HDLC and PPP Traffic TransportFrame Relay Traffic Transport with AToM PseudowiresUsing AToM Pseudowires to Transport ATM TrafficImplementing Advanced AToM FeaturesDeploying AToM Pseudowire QoSTunnel Selection for AToM PseudowiresL2VPN Pseudowire Switching with AToML2VPN Interworking with AToM PseudowiresConfiguring and Verifying Local SwitchingResolving AToM Data Channel Packet Drop IssuesSummaryReview QuestionsChapter 4 Designing MPLS Layer 3 Site-to-Site VPNsAdvantages and Disadvantages of MPLS Layer 3 VPNsMPLS Layer 3 VPNs OverviewIP Reachability in an MPLS Layer 3 VPNUser Packet Forwarding Between MPLS Layer 3 VPN SitesA Detailed Examination of MPLS Layer 3 VPNsDistinguishing Customer VPN Prefixes Using Route Distinguishers (RD)Using Route Targets (RT) to Control Customer VPN Route DistributionDeploying MPLS Layer 3 VPNsConfiguration of PE RoutersConfiguration of P RoutersProvisioning Route Distribution for VPN TopologiesPreventing Routing Loops When Customer VPN Sites Are MultihomedImplementing Internet Access for MPLS Layer 3 VPNsSummaryReview QuestionsChapter 5 Advanced MPLS Layer 3 VPN Deployment ConsiderationsThe Carriers' Carrier ArchitectureCSC Architecture When MPLS Is Not Enabled Within CSC Customer SitesCSC Architecture When MPLS Is Enabled Within CSC Customer SitesThe Inter-Autonomous System/Interprovider MPLS VPN ArchitectureVRF-to-VRF Connectivity at ASBRsAdvertisement of Labeled VPN-IPv4 (VPNv4) Between ASBRs Using MP-eBGPAdvertisement of Labeled VPN-IPv4 (VPNv4) Between Route Reflectors in Separate Autonomous Systems Using Multihop MP-eBGPSupporting Multicast Transport in MPLS Layer 3 VPNsPoint-to-Point GRE TunnelsMulticast VPNs (MVPN)Implementing QoS for MPLS Layer 3 VPNsMPLS DiffServ Tunneling ModelsConfiguring MPLS QoS on Cisco RoutersSupporting IPv6 Traffic Transport in MPLS Layer 3 VPNs Using 6VPE6VPE Route Exchange6VPE Data Packet ForwardingConfiguring and Verifying 6VPESummaryReview QuestionsChapter 6 Deploying Site-to-Site IPsec VPNsAdvantages and Disadvantages of IPsec Site-to-Site VPNsIPsec: A Security Architecture for IPCryptographic AlgorithmsSecurity Protocols: AH and ESPSecurity AssociationsIPsec DatabasesSA and Key Management TechniquesPutting It All Together: IPsec Packet ProcessingDeploying IPsec VPNs: Fundamental ConsiderationsSelecting and Configuring IKE Policies for Automated SA and Key ManagementSelecting and Configuring IPsec TransformsDesigning and Configuring Crypto Access ListsPulling Everything Together with a Crypto MapComplete IPsec VPN Gateway ConfigurationsTransporting Multiprotocol and Multicast Traffic over an IPsec VPNManual SA and Key ManagementDeploying IPsec VPNs with NAT/PATAllowing IPsec to Traverse a FirewallSummaryReview QuestionsChapter 7 Scaling and Optimizing IPsec VPNsScaling IPsec Virtual Private NetworksReducing the Number of IPsec Tunnels Required in a VPNReducing IPsec VPN Configuration Complexity with TED and DMVPNScaling IPsec VPNs with Digital Signature AuthenticationEnsuring High Availability in an IPsec VPNHigh Availability with HSRPHigh Availability with GREDesigning QoS for IPsec VPNsUsing DiffServ in an IPsec VPNConfiguring QoS with the qos pre-classify CommandIPsec Anti-Replay Considerations with QoSOther Considerations When Provisioning QoS for an IPsec VPNMTU and Fragmentation Considerations in an IPsec VPNIPsec Packet OverheadEnsuring That Large IPsec Packets Are Not Fragmented or DroppedSummaryReview QuestionsPart III Remote Access VPNsChapter 8 Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNsBenefits and Drawbacks of L2TP Remote Access VPNsOperation of L2TP Voluntary/Client-Initiated Tunnel ModeL2TPv2 Message Formats and Message TypesL2TP/IPsec Remote Access VPN Setup (Voluntary/Client-Initiated Tunnel Mode)Implementing L2TP Voluntary/Client-Initiated Tunnel Mode Remote Access VPNsConfiguring PSK Authentication for L2TP/IPsec Voluntary Tunnel Mode VPNsImplementing Digital Signature (Digital Certificate) Authentication with L2TP/ IPsec Voluntary/Client-Initiated Tunnel Mode Remote Access VPNsVerifying L2TP/IPsec Voluntary Tunnel Mode Remote Access VPNsConfiguring L2TP/IPsec Remote Access VPNs to Transit NAT DevicesDeploying L2TP Voluntary/Client-Initiated VPNs on Cisco IOS Routers Designing and Implementing L2TP Compulsory/NAS-Initiated Tunnel Mode Remote Access VPNsL2TP Compulsory Tunnel Mode Setup: LAC PerspectiveL2TP Compulsory Tunnel Mode Setup: LNS PerspectiveConfiguring the LAC for Compulsory Tunnel ModeConfiguring Tunnel Definitions on a RADIUS ServerConfiguring the LNS for Compulsory Tunnel ModeIntegrating L2TP Remote Access VPNs with MPLS VPNsSummaryReview QuestionsChapter 9 Designing and Deploying IPsec Remote Access and Teleworker VPNsComparing IPsec Remote Access VPNs with Other Types of Remote Access VPNsUnderstanding IKE in an IPsec Remote Access VPN EnvironmentResolving Issues Relating to User AuthenticationResolving Issues Relating to Negotiation of Attributes Such as IP Addresses, DNS Server Addresses, and WINS Server AddressesDeploying IPsec Remote Access VPNs Using Preshared Key and Digital Signature AuthenticationImplementing IPsec Remote Access VPNs Using Preshared Key AuthenticationDesigning and Deploying IPsec Remote Access VPNs Using Digital Signature AuthenticationImplementing IPsec Remote Access VPNs Using Hybrid AuthenticationVerifying and Debugging IPsec Remote Access VPNsConfiguring NAT Transparency for IPsec Remote Access VPNsIPsec Remote Access/Telecommuter VPNs Using Easy VPN (EZVPN)Integrating IPsec with MPLS VPNsHigh Availability: Enabling Redundancy for IPsec Remote Access VPNsPlacing IPsec Remote Access VPN Gateways in Relation to FirewallsConsiderations When Building Wireless IPsec VPNsAllowing or Disallowing Split Tunneling for Remote Access VPN ClientsSummaryReview QuestionsChapter 10 Designing and Building SSL Remote Access VPNs (WebVPN)Comparing SSL VPNs to Other Types of Remote Access VPNsUnderstanding the Operation of SSL Remote Access VPNsSSL Overview: TCP, the Record Layer, and the Handshake ProtocolEstablishing an SSL Connection Between a Remote Access VPN User and an SSL VPN Gateway Using an RSA HandshakeUnderstanding the SSL RSA Handshake with Client AuthenticationResuming an SSL SessionClosing an SSL ConnectionUsing Clientless SSL Remote Access VPNs (WebVPN) on the Cisco VPN 3000 ConcentratorCompleting Basic SSL Remote Access VPN Access Configuration Tasks on the Cisco VPN 3000 ConcentratorConfiguring File and Web Server Access via SSL Remote Access VPNsEnabling TCP Applications over Clientless SSL Remote Access VPNsConfiguring E-mail Proxy for SSL Remote Access VPN UsersImplementing Full Network Access Using the Cisco SSL VPN ClientInstalling and Enabling the Cisco VPN Client SoftwareUnderstanding Remote Access Connectivity When Using the Cisco SSL VPN ClientStrengthening SSL Remote Access VPNs Security by Implementing Cisco Secure DesktopInstalling the Cisco Secure DesktopConfiguring the Cisco Secure Desktop for Windows ClientsConfiguring Cache Cleaner Options for Mac and Linux UsersEnabling the Cisco Secure DesktopEnabling SSL VPNs (WebVPN) on Cisco IOS DevicesStep 1: Configure Domain Name and Name Server AddressesStep 2: Configure Remote AAA for Remote Access User Login AuthenticationStep 3: Enroll the IOS Router with a CA and Obtain an Identity CertificateStep 4: Enable WebVPNStep 5: Configure Basic SSL ParametersStep 6: Customize Login and Home Pages (Optional)Step 7: Specify URLsStep 8: Configure Port ForwardingDeploying SSL VPNs (WebVPN) on the ASA 5500Step 1: Configure the HTTP ServerStep 2: Enable WebVPN on the Outside InterfaceStep 3: Configure the WebVPN User Group Policy and AttributesStep 4: Configure Remote Access User AuthenticationStep 5: Specify URL ListsStep 6: Configure File Access, Entry, and BrowsingStep 7: Configure Port ForwardingStep 8: Configure E-mail ProxyStep 9: Specify an SSL Trustpoint, SSL Version, and SSL Encryption Algorithm (Optional)Step 10: Customize Login and Home Pages (Optional)Verifying SSL VPNs on the ASASummaryReview QuestionsPart IV AppendixesAppendix A VPLS and IPLS Layer 2 VPNsUnderstanding VPLSEnsuring a Loop-Free Topology in a VPLSFrame Forwarding over a VPLSVPLS MAC Address LearningHierarchical VPLS (H-VPLS) DeploymentsUnderstanding IPLSUnicast and Broadcast/Multicast Pseudowires in IPLSUnicast and Broadcast/Multicast Forwarding in IPLSSummary: Comparing VPLS and IPLSAppendix B Answers to Review QuestionsChapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Index 1578051796TOC040706show more

Rating details

2 ratings
3 out of 5 stars
5 0% (0)
4 0% (0)
3 100% (2)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X