1

IP VPN

Nikolay Scarbnik

2

AgendaIntroduction………………………………………………………….3VPN concept definition……………………………………………..4VPN advantages……………...…………………………………….5VPN types……………………………………………………………6OSI……………………………………………………………………7VPNs classification………………………………………………….8Example:IPSec Tunnel Mode…………………………………………10VPN example- IPSec………………………………………………11IPSec Overview…………………………………………………….12Algorithms for encryption ………………...…………………………11Public Key Encryption……………………………………………...14Diffie-Hellman Key Exchange……………………………………..15IPSec Security Protocols…………………………………………..16IPSec AH & ESP …………………………………………….………17Secure Protocol- ESP……………………………………………...18Secure Protocol- AH………………………………………………..20References…………………………………………………………..22

3

Introduction

This project describes VPNs, or Virtual Private Networks.

I’ll try to briefly describe the main components, technologies and advantages.

The audience is expected to have some basic knowledge the TCP/IP protocols, as well as general security concepts.

4

VPN concept definition

VPN- Virtual Private Network.

The VPN concept is all about combining several separated Private Networks using public infrastructure.

• Virtual- because it’s dynamic connection over public infrastructure.

• Private- data security is preserved.

• Network- connects several LANs or single computers to a mainframe/LAN

5

VPN advantages

• Cost saving.

• Accessibility& secure connection.

• Application transparent .

6

VPN types

• PPTP- point-to-point tunneling protocol • L2F- layer-2 forwarding• L2TP- layer-2 tunneling protocol• IPSec- IP security protocol • GRE- generic routing encapsulation• MPLS- multiprotocol label switching• ATM- asynchronous transfer mode• Frame Relay

7

7 Layers Model

VPN uses the 2’nd or the 3’d layer of the OSI model.

8

VPNs classification

Layer 2 VPN

P2P over VC

ATMFrameRelay

Layer 3 VPN

P2P , Any2Any

GRE MPLS IPSec

9

VPNs classification

ATM

Site-to-site VPNs

Static

FrameRelay

GRE MPLS

Remote access VPNs

Dynamic

IPSec LT2P

10

Example:IPSec Tunnel Mode

11

VPN example- IPSec

Whats IPSec?

IPSecs goal is to secure IP packets (IPv6/v4) .

What is it good for?

IPSec provides authentication, integrity, access control, and confidentiality.

12

IPSec Overview

Fundamental components of IPSec :

• Algorithms for encryption

• Key management ISAKMP, IKE, SKEME

• Security protocols Authentication header (AH) and encapsulation security payload (ESP)

13

Algorithms for encryption

• Symmetric Algorithms: DES, 3DES, and AES .

• Asymmetric Algorithms-public key algorithms: IKE (Internet Key Exchange )

In 1999, the DES key was cracked in less than 24 hours by using an exhaustive key

search. IPSec

14

Public Key Encryption

15

Diffie-Hellman Key Exchange

16

IPSec Security Protocols

• Encapsulating security payload (ESP) • Authentication header (AH)

>> IP datagram security <<

17

IPSec AH & ESP

Packet in IPSec Transport Mode

IP Packet in IPSec Tunnel Mode

18

Secure Protocol- ESP

IP Packet Protected by ESP

19

Secure Protocol- ESPIP Packet Protected by ESP in Transport Mode

IP Packet Protected by ESP in Tunnel Mode

20

Secure Protocol- AH

AH provides: connectionless integrity,

data authentication, and optional replay protection.

IP Packet Protected by AH

21

Secure Protocol- AHIP Packet Protected by AH in Transport Mode

IP Packet Protected by AH in Tunnel Mode

22

References

• http://www.iec.org/

• http://www.raduniversity.com/2004/vpn/

• Cisco Press IPSec VPN Design

• Cisco - Safe VPN - IPSec In Depth