MPLS and VPN Architectures, Volume II

By Jim Guichard, Ivan Pepelnjak, Jeff Apcar

Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504

With MPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone

How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.

MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advancedservices based on MPLS VPN technology in a secure and scalable way.
This book is part of the Networking Technology Series from Cisco Press, which offers
networking professionals valuable information for constructing efficient networks,
understanding new technologies, and building successful careers.


With MPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced

• Table of Contents
• Index
MPLS and VPN Architectures, Volume II
By Jim Guichard, Ivan Pepelnjak, Jeff Apcar

Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504

Copyright
About the Authors
About the Technical Reviewers
About the Content Reviewer
Acknowledgments
Introduction
Who Should Read This Book?
How This Book Is Organized
Icons Used in This Book
Command Syntax Conventions
Part I. Introduction
Chapter 1. MPLS VPN Architecture Overview
MPLS VPN Terminology
Connection-Oriented VPNs
Connectionless VPNs
MPLS-Based VPNs
New MPLS VPN Developments
Summary
Part II. Advanced PE-CE Connectivity
Chapter 2. Remote Access to an MPLS VPN
Feature Enhancements for MPLS VPN Remote Access
Overview of Access Protocols and Procedures
Providing Dial-In Access to an MPLS VPN
Providing Dial-Out Access via LSDO
Providing Dial-Out Access Without LSDO (Direct ISDN)
Providing Dial Backup for MPLS VPN Access
Providing DSL Access to an MPLS VPN
Providing Cable Access to an MPLS VPN
Advanced Features for MPLS VPN Remote Access
Summary
Chapter 3. PE-CE Routing Protocol Enhancements and Advanced Features
PE-CE Connectivity: OSPF
PE-CE Connectivity: Integrated IS-IS
PE-CE Connectivity: EIGRP
Summary

MPLS and VPN Architectures, Volume II
By Jim Guichard, Ivan Pepelnjak, Jeff Apcar

Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504

With MPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Chapter 4. Virtual Router Connectivity
Configuring Virtual Routers on CE Routers
Linking the Virtual Router with the MPLS VPN Backbone
VRF Selection Based on Source IP Address
Performing NAT in a Virtual Router Environment
Summary
Part III. Advanced Deployment Scenarios
Chapter 5. Protecting the MPLS-VPN Backbone
Inherent Security Capabilities
Neighbor Authentication
CE-to-CE Authentication
Control of Routes That Are Injected into a VRF
PE to CE Circuits
Extranet Access
Internet Access
IPSec over MPLS
Summary
Chapter 6. Large-Scale Routing and Multiple Service Provider Connectivity
Large Scale Routing: Carrier's Carrier Solution Overview
Carrier Backbone Connectivity
Label Distribution Protocols on PE-CE Links
BGP-4 Between PE/CE Routers
Hierarchical VPNs: Carrier's Carrier MPLS VPNs
VPN Connectivity Between Different Service Providers
Summary
Chapter 7. Multicast VPN
Introduction to IP Multicast
Enterprise Multicast in a Service Provider Environment
mVPN Architecture
MDTs
Case Study of mVPN Operation in SuperCom
Summary
Chapter 8. IP Version 6 Transport Across an MPLS Backbone
IPv6 Business Drivers
Deployment of IPv6 in Existing Networks
Quick Introduction to IPv6
In-Depth 6PE Operation and Configuration
Complex 6PE Deployment Scenarios
Summary
Part IV. Troubleshooting
Chapter 9. Troubleshooting of MPLS-Based Solutions
Introduction to Troubleshooting of MPLS-Based Solutions
Troubleshooting the MPLS Backbone
Other Quick Checks
MPLS Control Plane Troubleshooting
MPLS Data Plane Troubleshooting
MPLS VPN Troubleshooting
In-Depth MPLS VPN Troubleshooting
Summary
Index

Another Network Books
Another VPN Books
Download

The Complete Cisco VPN Configuration Guide

By Richard Deal
...............................................
Publisher: Cisco Press
Pub Date: December 15, 2005
ISBN: 1-58705-204-0
Pages: 1032





Table of Contents | Index

The definitive guide to building a complete VPN solution with Cisco routers, PIX Firewalls, concentrators, and remote access clients

A complete resource for understanding VPN components and VPN design issues

Understand state-of-the-art VPN connection types like IPSec, PPTP, and L2TP

Real-world case studies detail implementation of complex VPN configurations on Cisco devices including routers, PIX Firewalls, concentrators, and software and hardware clients

Virtual Private Networks (VPNs) are the most popular component in a company's remote access solution. With increased use of Internet connectivity and less reliance on private WAN networks, VPNs provide a much-needed secure method of transferring critical information. Vendors like Cisco Systems continually upgrade products to provide features that take advantage of advances in standards and protocols like IPSec and L2TP (Layer 2 Tunneling Protocol). Cisco VPN equipment is at the center of this access revolution; nearly every enterprise network contains Cisco gear and most of this equipment supports VPN functionality. As Cisco integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. Engineers need to know how to set up various VPN deployments using Cisco equipment. Currently, there is no single book that covers how to deploy VPNs using all of Cisco's VPN-capable products, including IOS routers, PIX Firewalls, 3000 series Concentrators, and the Cisco software and hardware clients. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco VPN products, describing the details of setting up IPSec and SSL connections on any type of Cisco device, including concentrators, clients, routers, or the PIX Firewall. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN design.

Copyright
About the Author
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Goals and Methods
Who Should Read This Book?
How This Book Is Organized
Additional Information
Part I: VPNs
Chapter 1. Overview of VPNs
Traffic Issues
VPN Definition
VPN Components
VPN Designs
VPN Implementations
VPNs: Choosing a Solution
Summary
Chapter 2. VPN Technologies
Keys
Encryption
Packet Authentication
Key Exchange
Authentication Methods
Summary
Chapter 3. IPsec
IPsec Standards
ISAKMP/IKE Phase 1
ISAKMP/IKE Phase 2
IPsec Traffic and Networks
Summary
Chapter 4. PPTP and L2TP
PPTP
L2TP
Summary
Chapter 5. SSL VPNs
SSL Overview
When to Use SSL VPNs
Cisco WebVPN Solution
Summary
Part II: Concentrators
Chapter 6. Concentrator Product Information
Concentrator Models
Concentrator Modules
Concentrator Features
Introduction to Accessing a Concentrator
Summary
Chapter 7. Concentrator Remote Access Connections with IPsec
Controlling Remote Access Sessions to the Concentrator
IPsec Remote Access
Network Access Control (NAC) for IPsec and L2TP/IPsec Users
Summary
Chapter 8. Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN
PPTP and L2TP Remote Access
WebVPN Remote Access
Summary
Chapter 9. Concentrator Site-to-Site Connections
L2L Connectivity Example
ISAKMP/IKE Phase 1 Preparation
Adding Site-to-Site Connections
Address Translation and L2L Sessions
Summary
Chapter 10. Concentrator Management
Bandwidth Management
Routing on the Concentrator
Chassis Redundancy
Administration Screens
Summary
Chapter 11. Verifying and Troubleshooting Concentrator Connections
Concentrator Tools
Troubleshooting Problems
Summary
Part III: Clients
Chapter 12. Cisco VPN Software Client
Cisco VPN Client Overview
Cisco VPN Client Interface
IPsec Connections
VPN Client GUI Options
VPN Client Software Updates
VPN Client Troubleshooting
Summary
Chapter 13. Windows Software Client
Windows Client
Configuring the Windows VPN Client
Configuring the VPN 3000 Concentrator
Microsoft Client Connections
Troubleshooting VPN Connections
Summary
Chapter 14. 3002 Hardware Client
Overview of the 3002 Hardware Client
Initial Access to the 3002
Authentication and Connection Options
Connection Modes
Administrative Tasks
Summary
Part IV: IOS Routers
Chapter 15. Router Product Information
Router Deployment Scenarios
Router Product Overview
Summary
Chapter 16. Router ISAKMP/IKE Phase 1 Connectivity
IPsec Preparation
ISAKMP/IKE Phase 1 Policies
ISAKMP/IKE Phase 1 Device Authentication
Monitoring and Managing Management Connections
Routers as Certificate Authorities
Summary
Chapter 17. Router Site-to-Site Connections
ISAKMP/IKE Phase 2 Configuration
Viewing and Managing Connections
Issues with Site-to-Site Connections
Summary
Chapter 18. Router Remote Access Connections
Easy VPN Server
Easy VPN Remote
IPsec Remote Access and L2L Sessions on the Same Router
WebVPN
Summary
Chapter 19. Troubleshooting Router Connections
ISAKMP/IKE Phase 1 Connections
ISAKMP/IKE Phase 2 Connections
New IPsec Troubleshooting Features
Fragmentation Problems
Summary
Part V: PIX Firewalls
Chapter 20. PIX and ASA Product Information
PIX Deployment Scenarios
PIX and ASA Feature and Product Overview
Summary
Chapter 21. PIX and ASA Site-to-Site Connections
ISAKMP/IKE Phase 1 Management Connection
ISAKMP/IKE Phase 2 Data Connections
L2L Connection Examples
Summary
Chapter 22. PIX and ASA Remote Access Connections
Easy VPN Server Support for 6.x
Easy VPN Remote Support for 6.x
Easy VPN Server Support for 7.0
Summary
Chapter 23. Troubleshooting PIX and ASA Connections
ISAKMP/IKE Phase 1 Connections
ISAKMP/IKE Phase 2 Connections
Summary
Part VI: Case Study
Chapter 24. Case Study
Company Profile
Case Study Configuration
Summary
Index


Another VPN Books
Download

MPLS VPN Security

By Michael H. Behringer, Monique J. Morrow
...............................................
Publisher: Cisco Press
Pub Date: June 08, 2005
ISBN: 1-58705-183-4
Pages: 312



Table of Contents | Index


A practical guide to hardening MPLS networks Define "zones of trust" for your MPLS VPN environment Understand fundamental security principles and how MPLS VPNs work Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network's backbone, misconfigurations, sniffing, and inside attack forms Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues Operate and maintain a secure MPLS core with industry best practices Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS) Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidentsMultiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network.MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions.Drawing upon the authors' considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment. "The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks." —Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems®

Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
Foreword
Icons Used in This Book
Command Syntax Conventions
Introduction
Who Should Read This Book
How This Book Is Organized
Part I. MPLS VPN and Security Fundamentals
Chapter 1. MPLS VPN Security: An Overview
Key Security Concepts
Other Important Security Concepts
Overview of VPN Technologies
Fundamentals of MPLS VPNs
A Security Reference Model for MPLS VPNs
Summary
Chapter 2. A Threat Model for MPLS VPNs
Threats Against a VPN
Threats Against an Extranet Site
Threats Against the Core
Threats Against the Internet
Threats from Within a Zone of Trust
Reconnaissance Attacks
Summary
Part II. Advanced MPLS VPN Security Issues
Chapter 3. MPLS Security Analysis
VPN Separation
Robustness Against Attacks
Hiding the Core Infrastructure
Protection Against Spoofing
Specific Inter-AS Considerations
Specific Carrier's Carrier Considerations
Security Issues Not Addressed by the MPLS Architecture
Comparison to ATM/FR Security
Summary
Footnotes
Chapter 4. Secure MPLS VPN Designs
Internet Access
Extranet Access
MPLS VPNs and Firewalling
Designing DoS-Resistant Networks
Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues
Carriers' Carrier
Layer 2 Security Considerations
Multicast VPN Security
Summary
Footnotes
Chapter 5. Security Recommendations
General Router Security
CE-Specific Router Security and Topology Design Considerations
PE-Specific Router Security
PE Data Plane Security
PE-CE Connectivity Security Issues
P-Specific Router Security
Securing the Core
Routing Security
CE-PE Routing Security Best Practices
Internet Access
Sharing End-to-End Resources
LAN Security Issues
IPsec: CE to CE
MPLS over IP Operational Considerations: L2TPv3
Securing Core and Routing Check List
Summary
Part III. Practical Guidelines to MPLS VPN Security
Chapter 6. How IPsec Complements MPLS
IPsec Overview
Location of the IPsec Termination Points
Deploying IPsec on MPLS
Using Other Encryption Techniques
Summary
Chapter 7. Security of MPLS Layer 2 VPNs
Generic Layer 2 Security Considerations
C2 Ethernet Topologies
C3 VPLS Overview
C4 VPWS Overview
C5 VPLS and VPWS Service Summary and Metro Ethernet Architecture Overview
C6 VPLS and VPWS Security Overview
Customer Edge
Summary
Chapter 8. Secure Operation and Maintenance of an MPLS Core
Management Network Security
Securely Managing CE Devices
Securely Managing the Core Network
Summary
Part IV. Case Studies and Appendixes
Chapter 9. Case Studies
Internet Access
Multi-Lite VRF Mechanisms
Layer 2 LAN Access
Summary
Appendix A. Detailed Configuration Example for a PE
Appendix B. Reference List
Cisco Press Books
IETF
ITU-T
Index


Another VPN Books
Download

Layer 2 VPN Architectures

By Wei Luo, - CCIE No. 13,291, Carlos Pignataro, - CCIE No. 4619, Dmitry Bokotey, - CCIE No. 4460, Anthony Chan, - CCIE No. 10,266

Publisher : Cisco Press
Pub Date : March 10, 2005
ISBN : 1-58705-168-0
Pages : 648

Synopsis

This is the eBook version of the printed book.

A complete guide to understanding, designing, and deploying Layer 2 VPN technologies and pseudowire emulation applications

Evaluate market drivers for Layer 2 VPNs
Understand the architectural frame-work and choices for Layer 2 VPNs, including AToM and L2TPv3
Grasp the essentials of Layer 2 LAN and WAN technologies
Examine the theoretical and operational details of MPLS and LDP as they pertain to AToM
Understand the theoretical and operational details of Layer 2 protocols over L2TPv3 in IP networks
Learn about Layer 2 VPN bridged and routed interworking and Layer 2 local switching
Understand the operation and application of Virtual Private LAN Services (VPLS)
Learn about foundation and advanced AToM and L2TPv3 topics through an extensive collection of case studies

The historical disconnect between legacy Layer 2 and Layer 3 VPN solutions has forced service providers to build, operate, and maintain separate infrastructures to accommodate various VPN access technologies. This costly proposition, however, is no longer necessary. As part of its new Unified VPN Suite, Cisco Systems® now offers next-generation Layer 2 VPN services like Layer 2 Tunneling Protocol version 3 (L2TPv3) and Any Transport over MPLS (AToM) that enable service providers to offer Frame Relay, ATM, Ethernet, and leased-line services over a common IP/MPLS core network. By unifying multiple network layers and providing an integrated set of software services and management tools over this infrastructure, the Cisco® Layer 2 VPN solution enables established carriers, IP-oriented ISP/CLECs, and large enterprise customers (LECs) to reach a broader set of potential VPN customers and offer truly global VPNs.

Layer 2 VPN Architectures is a comprehensive guide to consolidating network infrastructures and extending VPN services. The book opens by discussing Layer 2 VPN applications utilizing both AToM and L2TPv3 protocols and comparing Layer 3 versus Layer 2 provider-provisioned VPNs. In addition to describing the concepts related to Layer 2 VPNs, this book provides an extensive collection of case studies that show you how these technologies and architectures work. The case studies include both AToM and L2TPv3 and reveal real-world service provider and enterprise design problems and solutions with hands-on configuration examples and implementation details. The case studies include all Layer 2 technologies transported using AToM and L2TPv3 pseudowires, including Ethernet, Ethernet VLAN, HDLC, PPP, Frame Relay, ATM AAL5 and ATM cells, and advanced topics relevant to Layer 2 VPN deployment, such as QoS and scalability.

Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
This Book Is Safari Enabled
Icons Used in This Book
Command Syntax Conventions
Introduction
Goals and Methods
How This Book Is Organized
Part I: Foundation
Chapter 1. Understanding Layer 2 VPNs
Understanding Traditional VPNs
Introducing Enhanced Layer 2 VPNs
Summary
Chapter 2. Pseudowire Emulation Framework and Standards
Pseudowire Emulation Overview
Pseudowire Emulation Standardization
Summary
Chapter 3. Layer 2 VPN Architectures
Legacy Layer 2 VPNs
Any Transport over MPLS Overview
Layer 2 Tunnel Protocol Version 3 Overview
Summary
Part II: Layer 2 Protocol Primer
Chapter 4. LAN Protocols
Ethernet Background and Encapsulation Overview
Metro Ethernet Overview
Metro Ethernet Service Architectures
Understanding Spanning Tree Protocol
Pure Layer 2 Implementation
802.1q Tunneling
Summary
Chapter 5. WAN Data-Link Protocols
Introducing HDLC Encapsulation
Introducing PPP Encapsulation
Understanding Frame Relay
Understanding ATM
ATM Management Protocols: ILMI and OAM
Summary
Part III: Any Transport over MPLS
Chapter 6. Understanding Any Transport over MPLS
Introducing the Label Distribution Protocol
Understanding AToM Operations
Summary
Chapter 7. LAN Protocols over MPLS Case Studies
Understanding Ethernet over MPLS Technology
EoMPLS Transport Case Studies
Common Troubleshooting Techniques
Summary
Chapter 8. WAN Protocols over MPLS Case Studies
Setting Up WAN over MPLS Pseudowires
Introducing WAN Protocols over MPLS
Configuring WAN Protocols over MPLS Case Studies
Advanced WAN AToM Case Studies
Summary
Chapter 9. Advanced AToM Case Studies
Load Sharing
Preferred Path
Case Study 9-5: Protecting AToM Pseudowires with MPLS Traffic Engineering Fast Reroute
Case Study 9-6: Configuring AToM Pseudowire over GRE Tunnel
Pseudowire Emulation in Multi-AS Networks
Case Study 9-10: Configuring LDP Authentication for Pseudowire Signaling
Verifying Pseudowire Data Connectivity
Quality of Service in AToM
Summary
Part IV: Layer 2 Tunneling Protocol Version 3
Chapter 10. Understanding L2TPv3
Universal Transport Interface: L2TPv3's Predecessor
Introducing L2TPv3
Summary
Chapter 11. LAN Protocols over L2TPv3 Case Studies
Introducing the L2TPv3 Configuration Syntax
LAN Protocols over L2TPv3 Case Studies
Summary
Chapter 12. WAN Protocols over L2TPv3 Case Studies
WAN Protocols over L2TPv3 Technology Overview
Configuring WAN Protocols over L2TPv3 Case Studies
Summary
Chapter 13. Advanced L2TPv3 Case Studies
Case Study 13-1: L2TPv3 Path MTU Discovery
Advanced ATM Transport over L2TPv3
Quality of Service
Summary
Part V: Additional Layer 2 VPN Architectures
Chapter 14. Layer 2 Interworking and Local Switching
Layer 2 Interworking Technology Overview
Layer 2 Interworking Case Studies
Layer 2 Local Switching
Layer 2 Local Switching with Interworking
Understanding Advanced Interworking and Local Switching
Summary
Chapter 15. Virtual Private LAN Service
Understanding VPLS Fundamentals
VPLS Deployment Models
VPLS Configuration Case Studies
Summary
Appendix 1. L2TPv3 AVP Attribute Types
Index

Another VPN Books
Download

CCSP Cisco Secure VPN Exam Certification Guide

Contents at a Glance

Introduction xvii

Chapter 1

All About the Cisco Certified Security Professional 3

Chapter 2

Overview of VPN and IPSec Technologies 15

Chapter 3

Cisco VPN 3000 Concentrator Series Hardware Overview 79

Chapter 4

Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys 125

Chapter 5

Configuring Cisco VPN 3000 for Remote Access Using Digital
Certificates 215

Chapter 6

Configuring the Cisco VPN Client Firewall Feature 259

Chapter 7

Monitoring and Administering the VPN 3000 Series Concentrator 303

Chapter 8

Configuring Cisco 3002 Hardware Client for Remote Access 359

Chapter 9

Configuring Scalability Features of the VPN 3002 Hardware Client 399

Chapter 10

Cisco VPN 3000 LAN-to-LAN with Preshared Keys 443

Chapter 11

Scenarios 473

Appendix A

Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 489

Index

551


Another VPN Books
Another Network Books
Download

Understanding SSL VPN

Language : English
Paperback : 212 pages [ 235mm x 191mm ]
Release Date : March 2005
ISBN : 1904811078
ISBN 13 : 978-1-904811-07-7
Author(s) : Joseph Steinberg, Tim Speed

This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users - a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.


Virtual Private Networks (VPNs) provide remote workers with secure access to their company network via the internet by encrypting all data sent between the company network and the user?s machine (the client). Before SSL VPN this typically required the client machine to have special software installed, or at least be specially configured for the purpose.

Clientless SSL VPNs avoid the need for client machines to be specially configured. Any computer with a Web browser can access SSL VPN systems. This has several benefits:

Low admin costs, no remote configuration
Users can safely access the company network from any machine, be that a public workstation, a palmtop or mobile phone
By pass ISP restrictions on custom VPNs by using standard technologies

SSL VPN is usually provided by a hardware appliance that forms part of the company network. These appliances act as gateways, providing internal services such as file shares, email servers, and applications in a web based format encrypted using SSL. Existing players and new entrants, such as Nokia, Netilla, Symantec, Whale Communications, and NetScreen technologies, are rushing our SSL VPN products to meet growing demand.

This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users ? a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.

This book is a business and technical overview of SSL VPN technology in a highly readable style. It provides a vendor-neutral introduction to SSL VPN technology for system architects, analysts and managers engaged in evaluating and planning an SSL VPN implementation.

Another Network Books
Another VPN Books
Download

Selecting MPLS VPN Services

Selecting MPLS VPN Services
By Chris Lewis, Steve Pickavance, Monique Morrow, John Monaghan, Craig Huegen
...............................................
Publisher: Cisco Press
Pub Date: February 13, 2006
Print ISBN-10: 1587051915
Print ISBN-13: 978-1-58705-191-3
Pages: 456


A guide to using and defining MPLS VPN services

Analyze strengths and weaknesses of TDM and Layer 2 WAN services
Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
Develop enterprise quality of service (QoS) policies and implementation guidelines
Achieve scalable support for multicast services
Learn the benefits and drawbacks of various security and encryption mechanisms
Ensure proper use of services and plan for future growth with monitoring and reporting services
Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN

IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.

Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.

Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.

This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.


Copyright
About the Authors
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Part I: Business Analysis and Requirements of IP/MPLS VPN
Chapter 1. Assessing Enterprise Legacy WANs and IP/VPN Migration
Current State of Enterprise Networks
Evolutionary Change of Enterprise Networks
Acme, a Global Manufacturer
New WAN Technologies for Consideration by Acme
Convergence Services
Summary
Chapter 2. Assessing Service Provider WAN Offerings
Enterprise/Service Provider Relationship and Interface
Investigation Required in Selecting a Service Provider
Service Management
Summary
Chapter 3. Analyzing Service Requirements
Application/Bandwidth Requirements
Backup and Resiliency
Enterprise Segmentation Requirements
Access Technologies
QoS Requirements
Subscriber Network QoS Design
Security Requirements
Multiprovider Considerations
Extranets
Case Study: Analyzing Service Requirements for Acme, Inc.
Summary
References
Part II: Deployment Guidelines
Chapter 4. IP Routing with IP/MPLS VPNs
Introduction to Routing for the Enterprise MPLS VPN
Site Typifying WAN Access: Impact on Topology
Case Study: BGP and EIGRP Deployment in Acme, Inc.
Summary
References
Chapter 5. Implementing Quality of Service
Introduction to QoS
QoS Tool Chest: Understanding the Mechanisms
Building the Policy Framework
IP/VPN QoS Strategy
Identification of Traffic
QoS Requirements for Voice, Video, and Data
The LAN Edge: L2 Configurations
Case Study: QoS in the Acme, Inc. Network
QoS Reporting
Summary
References
Chapter 6. Multicast in an MPLS VPN
Introduction to Multicast for the Enterprise MPLS VPN
Mechanics of IP Multicast
Multicast Deployment Models
Multicast in an MPLS VPN Environment: Transparency
Case Study: Implementing Multicast over MPLS for Acme
What Happens When There Is No MVPN Support?
Summary
References
Chapter 7. Enterprise Security in an MPLS VPN Environment
Setting the Playing Field
Comparing MPLS VPN Security to Frame Relay Networks
Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks
Basic Security Techniques
Distributed DoS, Botnets, and Worms
Case Study Selections
Summary
References
Chapter 8. MPLS VPN Network Management
The Enterprise: Evaluating Service Provider Management Capabilities
The Enterprise: Managing the VPN
The Service Provider: How to Meet and Exceed Customer Expectations
Summary
References
Chapter 9. Off-Net Access to the VPN
Remote Access
IPsec Access
Supporting Internet Access in IP VPNs
Case Study Selections
Summary
References
Chapter 10. Migration Strategies
Network Planning
Implementation Planning
On-Site Implementation
Case Study Selections
Summary
Part III: Appendix
Appendix A. Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability
Coverage and Topology
Customer Edge Router Management
Network Access, Resiliency, and Load Balancing
QoS Capability
Multicast Capability
Routing Protocol Capability
Security
Software Deployment Processes
Inter-Provider IP/VPN
IPv6
MTU Considerations
Hosting Capability
IP Telephony PSTN Integration
IP Telephony Hosted Call Agent
Remote and Dial Access
Internet Access
Other Network Services
Index


Another Network Books
Another VPN Books
Download