Dmvpn? Regards, Alexander Lim
On 30 Oct, 2012, at 5:55 AM, Sheraz Sheraz <[email protected]> wrote: > > IPSEC VPN, GRE, SSL and Webvpn: > > IPSEC VPN site to site tunnel: > > IPSEC VPN can encrypt your traffic to move via internet cloud as hidden > payload to secure enterprise and confidential data so that hackers don't harm > your privacy. > one can both the unit which are agree to established IPSEC tunnels have to be > identical in terms of configuration there are two phases one is main mode and > second is aggressive mode. > > > Main Mode > Main mode has three two-way exchanges between the initiator and receiver. > First exchange—The algorithms and hashes used to secure the > IKE communications are agreed upon in matching IKE SAs in each peer. Second > exchange—This exchange uses a Diffie-Hellman exchange > to generate shared secret keying material used to generate shared secret keys > and to pass nonces, which are random numbers sent to the other party, signed, > and returned to prove their identity. Third exchange—This exchange verifies > the other side's > identity. The identity value is the IPSec peer's IP address in encrypted > form. The main outcome of main mode is matching IKE SAs between peers to > provide > a protected pipe for subsequent protected ISAKMP exchanges between the IKE > peers. The IKE SA specifies values for the IKE exchange: the authentication > method used, the encryption and hash algorithms, the Diffie-Hellman group > used, > the lifetime of the IKE SA in seconds or kilobytes, and the shared secret key > values for the encryption algorithms. The IKE SA in each peer is > bidirectional. > main mode which is (phase-I) > DF Group: > Authentication type: > Encryption type: > Hashing type: > > Aggressive Mode > In the aggressive mode, fewer exchanges are done and with fewer packets. In > the first exchange, almost everything is squeezed into the proposed IKE SA > values, the Diffie-Hellman public key, a nonce that the other party signs, and > an identity packet, which can be used to verify the initiator's identity > through a third party. The receiver sends everything back that is needed to > complete the exchange. The only thing left is for the initiator to confirm the > exchange. The weakness of using the aggressive mode is that both sides have > exchanged information before there is a secure channel. Therefore, it is > possible to sniff the wire and discover who formed the new SA. However, > aggressive mode is faster > > > Aggressive mode (Phase-11) > Encryption > payload encryption > Hashing > Identity information > Lifetime > PFS group > Mode Tunnel or transport or Tunnel > > Link: https://learningnetwork.cisco.com/docs/DOC-8696 > > Remote IPSEC VPN: > same concepts features are used for remote IPSEC VPN but remote user have to > use VPN client such as Cisco VPN client. > > > > GRE Tunnel: > Because IPSEC cant support dynamic routing so one must have to use GRE to > carry the dynamic routing information its is only require when you have to > use OSPF, RIP, EIGRP or BGP between two sites. Its is called IPSEC over GRE > tunnel. > > IPSEC with GRE: https://learningnetwork.cisco.com/docs/DOC-2457 > > > SSL VPN or : > It has to be clientless like remote IPSEC VPN this type dosnt need any client > software to be used only thing which is required is internet browser natively > supports Secure Socket Layer (SSL) encryption. or they can make connections > using a full client (such as AnyConnect) > > SSL VPN: > http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/user/guide/ravpnbas.html > > Webvpn: > WebVPN > http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/webvpn.html > http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml > > Difference between SSL and Web VPN: > Clientless SSL VPN (WebVPN)In my words SSL VPN is actually WebVPN means both > are same because both use browser and SSL/TLS security. > > Both are same: https://supportforums.cisco.com/docs/DOC-2213 > > > https://supportforums.cisco.com/thread/242849 > http://www.networkworld.com/community/node/17677 > > Regards > Sheraz Latif > > > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
