Day 7 - VPN and IPsec Flashcards
A __________ __________ __________ is an encrypted connection between private networks over a public network such as the internet
Virtual Private Network (VPN)
Instead of using a dedicated __________ _____ connection such as a leased line, a __________ uses virtual connections called __________ ___________
Layer 2
VPN
VPN tunnels
What are the 4 benefits of a VPN?
Cost savings
Security
Scalability
Compatibility with broadband technology
What are some types of VPN access methods?
Site-to-Site VPN
Remote access VPN
GRE (Generic Routing Encapsulation
DMVPN (Dynamic Multipoint VPN)
Solve for the type of VPN access method:
These types of VPNs connect entire networks to each other. For example, this type of VPN can connect a branch office network to a company HQ network
Site-to-Site VPN
Solve for the type of VPN access method:
This type of VPN access method enables individual hosts such as telecommuters, mobile users and extranet consumers to access a company network securely over the internet. Typically uses a client based VPN connection
Remote-access VPN
Solve for the type of VPN access method:
A standard IPsec VPN that is a non-secure site-to-site VPN tunneling protocol can support multicast and broadcast traffic needed for network layer protocols.
GRE (Generic routing encapsulation)
Does GRE support encryption by default?
No
Solve for GRE terms regarding the encapsulation process
__________ ___________ for the routing protocol
__________ ___________ for GRE
__________ ___________ for IPsec
Passenger protocol
Carrier protocol
Transport protocol
Solve for the type of VPN access method:
Cisco proprietary solution for building many VPNs in an easy, dynamic, and scalable manner. Allows a network administrator to dynamically form hub-and-spoke tunnels and spoke-to-spoke tunnels
DMVPN (Dynamic Multipoint VPN)
What two tunnels are there for DMVPN?
Hub-to-Spoke tunnels
Spoke-to-Spoke tunnels
What technologies does DMVPN utilize?
NHRP (Next hop redundancy protocol)
IPsec encryption
mGRE
VTI
Service Provider MPLS
VPNs secure data by __________ and __________ it
Encapsulating
Encrypting
Encapsulation is also known as __________
Tunneling
VPN tunneling uses 3 classes of protocols. What are they?
Carrier protocol
Encapsulating protocol
Passenger protocol
What are the 4 VPN encryption algorithms?
DES (Data Encryption Standard)
3DES (Triple DES)
AES (Advanced Encryption Standard)
RSA (Rivest, Shamir and Adleman)
What does HMAC stand for?
Hashed message authentication code
What are the two HMAC algorithms?
MD5
SHA-1
For VPN authentication with the device on the other end of the tunnel, what two peer authentication methods are used?
Pre-Shared key (PSK)
RSA Signature
What are the two IPsec framework protocols?
AH (Authentication Header)
ESP (Encapsulating Security Payload)
This is an open standard configuration for a site to site VPN and it does not support multicast
IPSec Tunnel
This type of VPN configuration added support for multicast but doesn’t support encryption on it’s own so it has to be paired with IPSec Tunnel
GRE (Generic Routing Encapsulation) over IPSec Tunnel
This type of VPN configuration is used between Cisco devices, often site to site VPNs and is Cisco proprietary and supports multicast
IPSec VTI (Virtual Tunnel Interface)
This type of VPN configuration is a simple and scalable hub and spoke style that enables direct full mesh connectivity between all offices
DMVPN (Dynamic Multipoint VPN)
Very similar to DMVPN. Newer technology and it’s Cisco proprietary
FlexVPN
What is different about Layer 3 MPLS vs. Layer 2 MPLS?
The CE devices do not peer with the PE devices. The entire provider network is transparent to the customer
What does VPLS stand for and how many sites can it support and what layer does it run at?
- Virtual Private LAN Service
- 2 or more sites
- Layer 2
