CCNA Security 640-554
VPN types:
1- Site to Site (enable both sides to communicate with each others)
2- One direction (token) (allow other side to access our network)
ISAKMP negotiation consists of 2 phases
- phase 1 create the first tunnel
- phase 2 create the second tunnel which protect the data
VPN Components:
- Symmetrical encryption algorithms (use the same key for encrypting and decrypting data)
Ex: DES, 3DES, AES, IDEA
- Asymmetrical encryption (use a public and a private key. one key encrypts the data, and the other key in the pair is used to decrypt)
Ex: RSA, Diffie-Hellman.
- Digital Signature (Encryption of hash using private key, and decryption of hash with the sender's public key)
Ex: RSA signature
- Diffie-Hellman key exchange (uses a public-private key pair asymmetrical algorithm, but creates final shared secrets (keys) that are then used by symmetrical algorithms.
Ex: used as one of the many services of IPsec
- confidentiality (encryption algorithms provides this by turning clear text into cipher text)
Ex: DES, 3DES, AES, RSA, IDEA
- Data Integrity (validates data by comparing hash values)
Ex: MD5, SHA-1
- Authentication (verifies the peer's identity to the other peer)
VPN Commands:
# Show vpn crypto isakmp sa (to see VPN connection status)
VPN types:
1- Site to Site (enable both sides to communicate with each others)
2- One direction (token) (allow other side to access our network)
ISAKMP negotiation consists of 2 phases
- phase 1 create the first tunnel
- phase 2 create the second tunnel which protect the data
VPN Components:
- Symmetrical encryption algorithms (use the same key for encrypting and decrypting data)
Ex: DES, 3DES, AES, IDEA
- Asymmetrical encryption (use a public and a private key. one key encrypts the data, and the other key in the pair is used to decrypt)
Ex: RSA, Diffie-Hellman.
- Digital Signature (Encryption of hash using private key, and decryption of hash with the sender's public key)
Ex: RSA signature
- Diffie-Hellman key exchange (uses a public-private key pair asymmetrical algorithm, but creates final shared secrets (keys) that are then used by symmetrical algorithms.
Ex: used as one of the many services of IPsec
- confidentiality (encryption algorithms provides this by turning clear text into cipher text)
Ex: DES, 3DES, AES, RSA, IDEA
- Data Integrity (validates data by comparing hash values)
Ex: MD5, SHA-1
- Authentication (verifies the peer's identity to the other peer)
VPN Commands:
# Show vpn crypto isakmp sa (to see VPN connection status)
0 Comments