Atjaunināt sīkdatņu piekrišanu

E-grāmata: IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS

4.60/5 (5 ratings by Goodreads)
,
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 46,87 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOSPalielināt
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Create and manage highly-secure Ipsec VPNs with IKEv2 and Cisco FlexVPN

The IKEv2 protocol significantly improves VPN security, and Ciscos FlexVPN offers a unified paradigm and command line interface for taking full advantage of it. Simple and modular, FlexVPN relies extensively on tunnel interfaces while maximizing compatibility with legacy VPNs. Now, two Cisco network security experts offer a complete, easy-tounderstand, and practical introduction to IKEv2, modern IPsec VPNs, and FlexVPN.

The authors explain each key concept, and then guide you through all facets of FlexVPN planning, deployment, migration, configuration, administration, troubleshooting, and optimization. Youll discover how IKEv2 improves on IKEv1, master key IKEv2 features, and learn how to apply them with Cisco FlexVPN.

IKEv2 IPsec Virtual Private Networks offers practical design examples for many common scenarios, addressing IPv4 and IPv6, servers, clients, NAT, pre-shared keys, resiliency, overhead, and more. If youre a network engineer, architect, security specialist, or VPN administrator, youll find all the knowledge you need to protect your organization with IKEv2 and FlexVPN.





Understand IKEv2 improvements: anti-DDoS cookies, configuration payloads, acknowledged responses, and more Implement modern secure VPNs with Cisco IOS and IOS-XE Plan and deploy IKEv2 in diverse real-world environments Configure IKEv2 proposals, policies, profiles, keyrings, and authorization Use advanced IKEv2 features, including SGT transportation and IKEv2 fragmentation Understand FlexVPN, its tunnel interface types, and IOS AAA infrastructure Implement FlexVPN Server with EAP authentication, pre-shared keys, and digital signatures Deploy, configure, and customize FlexVPN clients Configure, manage, and troubleshoot the FlexVPN Load Balancer Improve FlexVPN resiliency with dynamic tunnel source, backup peers, and backup tunnels Monitor IPsec VPNs with AAA, SNMP, and Syslog Troubleshoot connectivity, tunnel creation, authentication, authorization, data encapsulation, data encryption, and overlay routing Calculate IPsec overhead and fragmentation Plan your IKEv2 migration: hardware, VPN technologies, routing, restrictions, capacity, PKI, authentication, availability, and more
Foreword xxvii
Introduction xxxiii
Part I Understanding IPsec VPNs
Chapter 1 Introduction to IPsec VPNs
1(22)
The Need and Purpose of IPsec VPNs
2(1)
Building Blocks of IPsec
2(1)
Security Protocols
2(1)
Security Associations
3(1)
Key Management Protocol
3(1)
IPsec Security Services
3(2)
Access Control
4(1)
Anti-replay Services
4(1)
Confidentiality
4(1)
Connectionless Integrity
4(1)
Data Origin Authentication
4(1)
Traffic Flow Confidentiality
4(1)
Components of IPsec
5(2)
Security Parameter Index
5(1)
Security Policy Database
5(1)
Security Association Database
6(1)
Peer Authorization Database
6(1)
Lifetime
7(1)
Cryptography Used in IPsec VPNs
7(4)
Symmetric Cryptography
7(1)
Asymmetric Cryptography
8(1)
The Diffie-Hellman Exchange
8(3)
Public Key Infrastructure
11(2)
Public Key Cryptography
11(1)
Certificate Authorities
12(1)
Digital Certificates
12(1)
Digital Signatures Used in IKEv2
12(1)
Pre-Shared-Keys, or Shared Secret
13(1)
Encryption and Authentication
14(6)
IP Authentication Header
15(1)
Anti-Replay
16(1)
IP Encapsulating Security Payload (ESP)
17(1)
Authentication
18(1)
Encryption
18(1)
Anti-Replay
18(1)
Encapsulation Security Payload Datagram Format
18(1)
Encapsulating Security Payload Version 3
19(1)
Extended Sequence Numbers
19(1)
Traffic Flow Confidentiality
20(1)
Dummy Packets
20(1)
Modes of IPsec
20(2)
IPsec Transport Mode
20(1)
IPsec Tunnel Mode
21(1)
Summary
22(1)
References
22(1)
Part II Understanding IKEv v2
Chapter 2 IKEv2: The Protocol
23(44)
IKEv2 Overview
23(1)
The IKEv2 Exchange
24(1)
IKE SA INIT
25(14)
Diffie-Hellman Key Exchange
26(3)
Security Association Proposals
29(5)
Security Parameter Index (SPI)
34(1)
Nonce
35(1)
Cookie Notification
36(2)
Certificate Request
38(1)
HTTP CERT — LOOKUP —SUPPORTED
39(1)
Key Material Generation
39(3)
IKE AUTH
42(11)
Encrypted and Authenticated Payload
42(1)
Encrypted Payload Structure
43(1)
Identity
44(1)
Authentication
45(1)
Signature-Based Authentication
46(1)
(Pre) Shared-Key-Based Authentication
47(1)
EAP
48(2)
Traffic Selectors
50(2)
Initial Contact
52(1)
CREATE CHILD_SA
53(2)
IPsec Security Association Creation
53(1)
IPsec Security Association Rekey
54(1)
IKEv2 Security Association Rekey
54(1)
IKEv2 Packet Structure Overview
55(1)
The INFORMATIONAL Exchange
56(5)
Notification
56(1)
Deleting Security Associations
57(1)
Configuration Payload Exchange
58(1)
Dead Peer Detection/Keepalive/NAT Keepalive
59(2)
IKEv2 Request — Response
61(1)
IKEv2 and Network Address Translation
61(4)
NAT Detection
64(1)
Additions to RFC7296
65(1)
RFC5998 An Extension for EAP-Only Authentication in IKEv2
65(1)
RFC5685 Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
65(1)
RFC6989 Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
65(1)
RFC6023 A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
66(1)
Summary
66(1)
References
66(1)
Chapter 3 Comparison of IKEv1 and IKEv2
67(12)
Brief History of IKEvl
67(2)
Exchange Modes
69(3)
IKEv1
70(1)
IKEv2
71(1)
Anti-Denial of Service
72(1)
Lifetime
72(1)
Authentication
73(1)
High Availability
74(1)
Traffic Selectors
74(1)
Use of Identities
74(1)
Network Address Translation
74(1)
Configuration Payload
75(1)
Mobility & Multi-homing
75(1)
Matching on Identity
75(2)
Reliability
77(1)
Cryptographic Exchange Bloat
77(1)
Combined Mode Ciphers
77(1)
Continuous Channel Mode
77(1)
Summary
77(1)
References
78(1)
Part III IPsec VPNs on Cisco IOS
Chapter 4 IOS IPsec Implementation
79(26)
Modes of Encapsulation
82(4)
GRE Encapsulation
82(1)
GRE over IPsec
83(1)
IPsec Transport Mode with GRE over IPsec
83(1)
IPsec Tunnel mode with GRE over IPsec
84(1)
Traffic
85(1)
Multicast Traffic
85(1)
Non-IP Protocols
86(1)
The Demise of Crypto Maps
86(1)
Interface Types
87(7)
Virtual Interfaces: VII and GRE/IPsec
87(1)
Traffic Selection by Routing
88(2)
Static Tunnel Interfaces
90(1)
Dynamic Tunnel Interfaces
91(1)
sVTI and dVTI
92(1)
Multipoint GRE
92(2)
Tunnel Protection and Crypto Sockets
94(2)
Implementation Modes
96(3)
Dual Stack
96(1)
Mixed Mode
96(3)
Auto Tunnel Mode
99(1)
VRF-Aware IPsec
99(4)
VRF in Brief
99(2)
VRF-Aware GRE and VRF-Aware IPsec
101(1)
VRF-Aware GRE over IPsec
102(1)
Summary
103(1)
Reference
104(1)
Part IV IKEv2 Implementation
Chapter 5 IKEv2 Configuration
105(66)
IKEv2 Configuration Overview
105(2)
The Guiding Principle
106(1)
Scope of IKEv2 Configuration
106(1)
IKEv2 Configuration Constructs
106(1)
IKEv2 Proposal
107(10)
Configuring the IKEv2 Proposal
108(3)
Configuring IKEv2 Encryption
111(2)
Configuring IKEv2 Integrity
113(1)
Configuring IKEv2 Diffie-Hellman
113(2)
Configuring IKEv2 Pseudorandom Function
115(1)
Default IKEv2 Proposal
115(2)
IKEv2 Policy
117(11)
Configuring an IKEv2 Policy
118(1)
Configuring IKEv2 Proposals under IKEv2 Policy
119(1)
Configuring Match Statements under IKEv2 Policy
120(1)
Default IKEv2 Policy
121(1)
IKEv2 Policy Selection on the Initiator
122(2)
IKEv2 Policy Selection on Responder
124(1)
IKEv2 Policy Configuration Examples
125(1)
Per-peer IKEv2 Policy
125(1)
IKEv2 Policy with Multiple Proposals
126(2)
IKEv2 Keyring
128(8)
Configuring IKEv2 Keyring
129(1)
Configuring a Peer Block in Keyring
130(2)
Key Lookup on Initiator
132(1)
Key Lookup on Responder
133(1)
IKEv2 Keyring Configuration Example
134(2)
IKEv2 Keyring Key Points
136(1)
IKEv2 Profile
136(19)
IKEv2 Profile as Peer Authorization Database
137(1)
Configuring IKEv2 Profile
138(1)
Configuring Match Statements in IKEv2 Profile
139(3)
Matching any Peer Identity
142(1)
Defining the Scope of IKEv2 Profile
143(1)
Defining the Local IKE Identity
143(2)
Defining Local and Remote Authentication Methods
145(4)
IKEv2 Dead Peer Detection
149(2)
IKEv2 Initial Contact
151(1)
IKEv2 SA Lifetime
151(1)
NAT Keepalives
152(1)
IVRF (inside VRF)
152(1)
Virtual-Template Interface
153(1)
Disabling IKEv2 Profile
153(1)
Displaying IKEv2 Profiles
153(1)
IKEv2 Profile Selection on Initiator and Responder
154(1)
IKEv2 Profile Key Points
154(1)
IKEv2 Global Configuration
155(4)
HTTP URL-based Certificate Lookup
156(1)
IKEv2 Cookie Challenge
156(1)
IKEv2 Call Admission Control
157(1)
IKEv2 Window Size
158(1)
Dead Peer Detection
158(1)
NAT Keepalive
159(1)
IKEv2 Diagnostics
159(1)
PKI Configuration
159(7)
Certificate Authority
160(2)
Public-Private Key Pair
162(1)
PKI Trustpoint
163(1)
PKI Example
164(2)
IPsec Configuration
166(2)
IPsec Profile
167(1)
IPsec Configuration Example
168(1)
Smart Defaults
168(1)
Summary
169(2)
Chapter 6 Advanced IKEv2 Features
171(18)
Introduction to IKEv2 Fragmentation
171(7)
IP Fragmentation Overview
172(1)
IKEv2 and Fragmentation
173(5)
IKEv2 SGT Capability Negotiation
178(3)
IKEv2 Session Authentication
181(4)
IKEv2 Session Deletion on Certificate Revocation
182(2)
IKEv2 Session Deletion on Certificate Expiry
184(1)
IKEv2 Session Lifetime
185(2)
Summary
187(1)
References
188(1)
Chapter 7 IKEv2 Deployments
189(22)
Pre-shared-key Authentication with Smart Defaults
189(21)
Elliptic Curve Digital Signature Algorithm Authentication
194(6)
RSA Authentication Using HTTP URL Lookup
200(7)
IKEv2 Cookie Challenge and Call Admission Control
207(3)
Summary
210(1)
Part V FIexVPN
Chapter 8 Introduction to FIexVPN
211(58)
FlexVPN Overview
211(2)
The Rationale
212(1)
FIexVPN Value Proposition
213(1)
FlexVPN Building Blocks
213(10)
IKEv2
213(1)
Cisco IOS Point-to-Point Tunnel Interfaces
214(1)
Configuring Static P2P Tunnel Interfaces
214(2)
Configuring Virtual-Template Interfaces
216(3)
Auto-Detection of Tunnel Encapsulation and Transport
219(2)
Benefits of Per-Peer P2P Tunnel Interfaces
221(1)
Cisco IOS AAA Infrastructure
221(1)
Configuring AAA for FlexVPN
222(1)
IKEv2 Name Mangler
223(5)
Configuring IKEv2 Name Mangler
224(1)
Extracting Name from FQDN Identity
225(1)
Extracting Name from Email Identity
226(1)
Extracting Name from DN Identity
226(1)
Extracting Name from EAP Identity
227(1)
IKEv2 Authorization Policy
228(3)
Default IKEv2 Authorization Policy
229(2)
FlexVPN Authorization
231(19)
Configuring F1exVPN Authorization
233(2)
FlexVPN User Authorization
235(1)
FlexVPN User Authorization, Using an External AAA Server
235(2)
FlexVPN Group Authorization
237(1)
FlexVPN Group Authorization, Using a Local AAA Database
238(1)
FlexVPN Group Authorization, Using an External AAA Server
239(3)
FlexVPN Implicit Authorization
242(1)
FlexVPN Implicit Authorization Example
243(2)
FlexVPN Authorization Types: Co-existence and Precedence
245(2)
User Authorization Taking Higher Precedence
247(2)
Group Authorization Taking Higher Precedence
249(1)
FlexVPN Configuration Exchange
250(14)
Enabling Configuration Exchange
250(1)
FlexVPN Usage of Configuration Payloads
251(2)
Configuration Attributes and Authorization
253(6)
Configuration Exchange Examples
259(5)
FlexVPN Routing
264(4)
Learning Remote Subnets Locally
265(1)
Learning Remote Subnets from Peer
266(2)
Summary
268(1)
Chapter 9 FIexVPN Server
269(62)
Sequence of Events
270(1)
EAP Authentication
271(12)
EAP Methods
272(1)
EAP Message Flow
273(1)
EAP Identity
273(2)
EAP Timeout
275(1)
EAP Authentication Steps
275(2)
Configuring EAP
277(1)
EAP Configuration Example
278(5)
AAA-based Pre-shared Keys
283(4)
Configuring AAA-based Pre-Shared Keys
284(1)
RADIUS Attributes for AAA-Based Pre-Shared Keys
285(1)
AAA-Based Pre-Shared Keys Example
285(2)
Accounting
287(3)
Per-Session Interface
290(7)
Deriving Virtual-Access Configuration from a Virtual-Template
291(2)
Deriving Virtual-Access Configuration from AAA Authorization
293(1)
The interface-config AAA Attribute
293(1)
Deriving Virtual-Access Configuration from an Incoming Session
294(1)
Virtual-Access Cloning Example
295(2)
Auto Detection of Tunnel Transport and Encapsulation
297(2)
RADIUS Packet of Disconnect
299(4)
Configuring RADIUS Packet of Disconnect
300(1)
RADIUS Packet of Disconnect Example
301(2)
RADIUS Change of Authorization (CoA)
303(6)
Configuring RADIUS CoA
304(1)
RADIUS CoA Examples
305(1)
Updating Session QoS Policy, Using CoA
305(2)
Updating the Session ACL, Using CoA
307(2)
IKEv2 Auto-Reconnect
309(6)
Auto-Reconnect Configuration Attributes
310(1)
Smart DPD
311(2)
Configuring IKEv2 Auto-Reconnect
313(2)
User Authentication, Using AnyConnect-EAP
315(5)
AnyConnect-EAP
315(1)
AnyConnect-EAP XML Messages for User Authentication
316(2)
Configuring User Authentication, Using AnyConnect-EAP
318(2)
AnyConnect Configuration for Aggregate Authentication
320(1)
Dual-factor Authentication, Using AnyConnect-EAP
320(5)
AnyConnect-EAP XML Messages for dual-factor authentication
322(2)
Configuring Dual-factor Authentication, Using AnyConnect-EAP
324(1)
RADIUS Attributes Supported by the F1exVPN Server
325(4)
Remote Access Clients Supported by F1exVPN Server
329(1)
FlexVPN Remote Access Client
329(1)
Microsoft Windows7 IKEv2 Client
329(1)
Cisco IKEv2 AnyConnect Client
330(1)
Summary
330(1)
Reference
330(1)
Chapter 10 FIexVPN Client
331(32)
Introduction
331(1)
FlexVPN Client Overview
332(4)
FlexVPN Client Building Blocks
333(1)
IKEv2 Configuration Exchange
334(1)
Static Point-to-Point Tunnel Interface
334(1)
FlexVPN Client Profile
334(1)
Object Tracking
334(1)
NAT
335(1)
F1exVPN Client Features
335(1)
Dual Stack Support
335(1)
EAP Authentication
335(1)
Dynamic Routing
335(1)
Support for EzVPN Client and Network Extension Modes
336(1)
Advanced Features
336(1)
Setting up the F1exVPN Server
336(1)
EAP Authentication
337(1)
Split-DNS
338(5)
Components of Split-DNS
340(3)
Windows Internet Naming Service (WINS)
343(1)
Domain Name
344(1)
FlexVPN Client Profile
345(1)
Backup Gateways
346(1)
Resolution of Fully Qualified Domain Names
346(1)
Reactivating Peers
346(1)
Backup Gateway List
347(1)
Tunnel Interface
347(3)
Tunnel Source
348(1)
Tunnel Destination
349(1)
Tunnel Initiation
350(2)
Automatic Mode
350(1)
Manual Mode
350(1)
Track Mode
350(1)
Tracking a List of Objects, Using a Boolean Expression
350(2)
Dial Backup
352(1)
Backup Group
353(1)
Network Address Translation
354(2)
Design Considerations
356(2)
Use of Public Key Infrastructure and Pre-Shared Keys
356(1)
The Power of Tracking
356(1)
Tracked Object Based on Embedded Event Manager
356(2)
Troubleshooting F1exVPN Client
358(3)
Useful Show Commands
358(2)
Debugging FIexVPN Client
360(1)
Clearing IKEv2 FIexVPN Client Sessions
360(1)
Summary
361(2)
Chapter 11 FIexVPN Load Balancer
363(18)
Introduction
363(1)
Components of the F1exVPN Load Balancer
363(4)
IKEv2 Redirect
363(3)
Hot Standby Routing Protocol
366(1)
FIexVPN IKEv2 Load Balancer
367(7)
Cluster Load
369(3)
IKEv2 Redirect
372(1)
Redirect Loops
373(1)
FlexVPN Client
374(1)
Troubleshooting IKEv2 Load Balancing
374(2)
IKEv2 Load Balancer Example
376(3)
Summary
379(2)
Chapter 12 FIexVPN Deployments
381(36)
Introduction
381(1)
FlexVPN AAA-Based Pre-Shared Keys
381(5)
Configuration on the Branch-1 Router
382(1)
Configuration on the Branch-2 Router
383(1)
Configuration on the Hub Router
383(1)
Configuration on the RADIUS Server
384(2)
FlexVPN User and Group Authorization
386(5)
FlexVPN Client Configuration at Branch 1
386(1)
FlexVPN Client Configuration at Branch 2
387(1)
Configuration on the F1exVPN Server
387(1)
Configuration on the RADIUS Server
388(1)
Logs Specific to F1exVPN Client-1
389(1)
Logs Specific to FIexVPN Client-2
390(1)
FlexVPN Routing, Dual Stack, and Tunnel Mode Auto
391(13)
FlexVPN Spoke Configuration at Branch-1
392(2)
FlexVPN Spoke Configuration at Branch-2
394(1)
FlexVPN Hub Configuration at the HQ
395(2)
Verification on F1exVPN Spoke at Branch-1
397(2)
Verification on F1exVPN Spoke at Branch-2
399(2)
Verification on the FIexVPN Hub at HQ
401(3)
FlexVPN Client NAT to the Server-Assigned IP Address
404(3)
Configuration on the F1exVPN Client
404(1)
Verification on the FIexVPN Client
405(2)
F1exVPN WAN Resiliency, Using Dynamic Tunnel Source
407(4)
FIexVPN Client Configuration on the Dual-Homed Branch Router
408(1)
Verification on the FIexVPN Client
409(2)
FIexVPN Hub Resiliency, Using Backup Peers
411(3)
FIexVPN Client Configuration on the Branch Router
411(1)
Verification on the FlexVPN Client
412(2)
FIexVPN Backup Tunnel, Using Track-Based Tunnel Activation
414(2)
Verification on the F1exVPN Client
415(1)
Summary
416(1)
Part VI IPsec VPN Maintenance
Chapter 13 Monitoring IPsec VPNs
417(28)
Introduction to Monitoring
417(5)
Authentication, Authorization, and Accounting (AAA)
418(1)
NetFlow
418(1)
Simple Network Management Protocol
419(1)
VRF-Aware SNMP
420(1)
Syslog
421(1)
Monitoring Methodology
422(21)
IP Connectivity
423(2)
VPN Tunnel Establishment
425(1)
Cisco IPsec Flow Monitor MIB
425(1)
SNMP with IKEv2
425(3)
Syslog
428(1)
Pre-Shared Key Authentication
429(2)
PKI Authentication
431(3)
EAP Authentication
434(2)
Authorization Using RADIUS-Based AAA
436(1)
Data Encryption: SNMP with IPsec
437(2)
Overlay Routing
439(1)
Data Usage
440(3)
Summary
443(1)
References
443(2)
Chapter 14 Troubleshooting IPsec VPNs
445(58)
Introduction
445(1)
Tools of Troubleshooting
446(11)
Show Commands
447(1)
Syslog Messages
447(1)
Event-Trace Monitoring
447(2)
Debugging
449(1)
IKEv2 Debugging
449(4)
IPsec Debugging
453(1)
Key Management Interface Debugging
453(3)
PKI Debugging
456(1)
Conditional Debugging
456(1)
IP Connectivity
457(3)
VPN Tunnel Establishment
460(4)
IKEv2 Diagnose Error
460(1)
Troubleshooting the IKESAINIT Exchange
461(3)
Troubleshooting the IKE AUTH Exchange
464(1)
Authentication
464(21)
Troubleshooting RSA or ECDSA Authentication
465(4)
Certificate Attributes
469(1)
Debugging Authentication Using PKI
470(1)
Certificate Expiry
470(2)
Matching Peer Using Certificate Maps
472(1)
Certificate Revocation
473(3)
Trustpoint Configuration
476(1)
Trustpoint Selection
476(2)
Pre-Shared Key
478(2)
Extensible Authentication Protocol (EAP)
480(5)
Authorization
485(3)
Data Encryption
488(7)
Debugging IPsec
488(3)
IPsec Anti-Replay
491(4)
Data Encapsulation
495(1)
Mismatching GRE Tunnel Keys
495(1)
Overlay Routing
495(4)
Static Routing
496(1)
IKEv2 Routing
496(2)
Dynamic Routing Protocols
498(1)
Summary
499(3)
References
502(1)
Part VII IPsec Overhead
Chapter 15 IPsec Overhead and Fragmentation
503(36)
Introduction
503(1)
Computing the IPsec Overhead
504(14)
General Considerations
504(1)
IPsec Mode Overhead (without GRE)
505(1)
GRE Overhead
505(2)
Encapsulating Security Payload Overhead
507(2)
Authentication Header Overhead
509(1)
Encryption Overhead
510(1)
Integrity Overhead
511(1)
Combined-mode Algorithm Overhead
512(1)
Plaintext MTU
513(1)
Maximum Overhead
514(1)
Maximum Encapsulation Security Payload Overhead
515(1)
Maximum Authentication Header Overhead
516(1)
Extra Overhead
516(2)
IPsec and Fragmentation
518(18)
Maximum Transmission Unit
518(1)
Fragmentation in IPv4
519(3)
Fragmentation in IPv6
522(1)
Path MTU Discovery
523(2)
TCP MSS Clamping
525(1)
MSS Refresher
525(1)
MSS Adjustment
526(1)
IPsec Fragmentation and PMTUD
527(4)
Fragmentation on Tunnels
531(1)
IPsec Only (VTI)
531(1)
GRE Only
532(2)
GRE over IPsec
534(1)
Tunnel PMTUD
534(1)
The Impact of Fragmentation
535(1)
Summary
536(1)
References
536(3)
Part VIII Migration to IKEv2*
Chapter 16 Migration Strategies
539(28)
Introduction to Migrating to IKEv2 and FlexVPN
539(1)
Consideration when Migrating to IKEv2
539(9)
Hardware Limitations
540(1)
Current VPN Technology
540(1)
Routing Protocol Selection
541(1)
Restrictions When Running IKEv1 and IKEv2 Simultaneously
541(1)
Current Capacity
542(1)
IP Addresses
543(1)
Software
543(1)
Amending the VPN Gateway
543(1)
Global IKE and IPsec Commands
543(1)
FIexVPN Features
544(1)
Familiarization
545(1)
Client Awareness
545(1)
Public Key Infrastructure
545(1)
Internet Protocol Version 6
546(1)
Authentication
546(1)
High Availability
547(1)
Asymmetric Routing
547(1)
Migration Strategies
548(11)
Hard Migration
548(1)
Soft Migration
549(1)
Soft Migration Example
550(9)
Migration Verification
559(2)
Consideration for Topologies
561(5)
Site-to-Site
561(1)
Hub and Spoke
562(3)
Remote Access
565(1)
Summary
566(1)
Index 567
Graham Bartlett, CCIE No. 26709, has designed a number of large scale Virtual Private Networks within the UK and worked with customers throughout the world using IKEv2 and Next Generation Encryption. Grahams interests include Security and Virtual Private Networks. Within this space he has discovered zero-day vulnerabilities, including the higest severity security advisory in the March 2015 Cisco IOS software and IOS XE software security advisory bundled publication. He has contributed to numerous IETF RFCs, and has intellectual property published as prior art. He is a CiscoLive speaker and has developed Cisco Security exam content (CCIE/CCNP). He is a CCP (Senior) IA Architect, CCP (Practitioner) Security & Information Risk Advisor, CCNP, CISSP, Cisco Security Ninja and holds a BSc(Hons) in Computer Systems and Networks.

Amjad Inamdar CISSP 460898, is a Senior Technical Leader with Cisco IOS Security Engineering, India. He has primarily worked on design, development and deployment of Cisco IOS secure connectivity solutions including the industry leading FlexVPN, DMVPN, GETVPN and EzVPN solutions and is currently working on the Cisco next generation SD-WAN solution. He has contributed to IETF drafts, holds a Cisco patent and has prior art publications. He holds many industry certifications including CISSP, CCSK, CCNP Security, CCDP, CCNP R/S, CCNA (SP, Data Center, Wireless, Voice), Cisco Security Ninja and has presented security at conferences, internal forums and to Cisco customers and partners. He holds a degree (B.E) in Electronics and Communication Engineering.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97801344263722e.html
Keywords: