IPSec VPN Design

By Vijay Bollapragada, Mohamed Khalid, Scott Wainner

Publisher : Cisco Press
Pub Date : April 07, 2005
ISBN : 1-58705-111-7
Pages : 384





Master IPSec-based Virtual Private Networks with guidance from the Cisco Systems® VPN Solutions group

Understand how IPSec VPNs are designed, built, and administered

Improve VPN performance through enabling of modern VPN services such as performance, scalability, QoS, packet processing, multicast, and security

Integrate IPSec VPNs with MPLS, Frame Relay, and ATM technologies

As the number of remote branches and work-from-home employees grows throughout corporate America, VPNs are becoming essential to both enterprise networks and service providers. IPSec is one of the more popular technologies for deploying IP-based VPNs. IPSec VPN Design provides a solid understanding of the design and architectural issues of IPSec VPNs. Some books cover IPSec protocols, but they do not address overall design issues. This book fills that void.

IPSec VPN Design consists of three main sections. The first section provides a comprehensive introduction to the IPSec protocol, including IPSec Peer Models. This section also includes an introduction to site-to-site, network-based, and remote access VPNs. The second section is dedicated to an analysis of IPSec VPN architecture and proper design methodologies. Peer relationships and fault tolerance models and architectures are examined in detail. Part three addresses enabling VPN services, such as performance, scalability, packet processing, QoS, multicast, and security. This book also covers the integration of IPSec VPNs with other Layer 3 (MPLS VPN) and Layer 2 (Frame Relay, ATM) technologies; and discusses management, provisioning, and troubleshooting techniques. Case studies highlight design, implementation, and management advice to be applied in both service provider and enterprise environments.


Copyright
About the Authors
About the Technical Editors
Acknowledgments
This Book Is Safari Enabled
Icons Used in This Book
Command Syntax Conventions
Introduction
Chapter 1. Introduction to VPNs
Motivations for Deploying a VPN
VPN Technologies
Summary
Chapter 2. IPSec Overview
Encryption Terminology
IPSec Security Protocols
Key Management and Security Associations
Summary
Chapter 3. Enhanced IPSec Features
IKE Keepalives
Dead Peer Detection
Idle Timeout
Reverse Route Injection
Stateful Failover
IPSec and Fragmentation
GRE and IPSec
IPSec and NAT
Summary
Chapter 4. IPSec Authentication and Authorization Models
Extended Authentication (XAUTH) and Mode Configuration (MODE-CFG)
Mode-Configuration (MODECFG)
Easy VPN (EzVPN)
Digital Certificates for IPSec VPNs
Summary
Chapter 5. IPSec VPN Architectures
IPSec VPN Connection Models
Hub-and-Spoke Architecture
Full-Mesh Architectures
Summary
Chapter 6. Designing Fault-Tolerant IPSec VPNs
Link Fault Tolerance
IPSec Peer Redundancy Using SLB
Intra-Chassis IPSec VPN Services Redundancy
Summary
Chapter 7. Auto-Configuration Architectures for Site-to-Site IPSec VPNs
IPSec Tunnel Endpoint Discovery
Dynamic Multipoint VPN
Summary
Chapter 8. IPSec and Application Interoperability
QoS-Enabled IPSec VPNs
VoIP Application Requirements for IPSec VPN Networks
IPSec VPN Architectural Considerations for VoIP
Multicast over IPSec VPNs
Summary
Chapter 9. Network-Based IPSec VPNs
Fundamentals of Network-Based VPNs
The Network-Based IPSec Solution: IOS Features
Operation of Network-Based IPSec VPNs
Network-Based VPN Deployment Scenarios
Summary
Index


Another Network Books
Download