VPN S2S 1 Flashcards

1
Q

Site-to-site VPN

Are VPNs HA?

important

A

Yes, if you configure it correctly

Literally quoted from Cantrill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Site-to-site VPN

VPNs connect what?

A

VPCs and on-prem networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Site-to-site VPN

How long to set up a S2S VPN?

important

A

Les than an hour

Direct from Cantrill: important contrast to DX and other physical things

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Site-to-site VPN

What should you do if you care about latency and consistent response?

A

Don’t use a VPN :-) Goes over public Internet. Get a DX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IKE and Tunnels

Are VPN tunnels kept up all the time?

A

Kinda! Phase 1 tunnels stay up, Phase 2 tunnels start and stop when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IKE and Tunnels

Phases to set up a VPN?

A

IKE Phase 1 (slow & heavy, asymmetric key stuff), IKE Phase 2 (fast, symmetric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IKE and Tunnels

Why two?

A

Phase 1 stays up, Phase 2 can be torn down and re-established with new keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IKE and Tunnels

What is a VPN SA?

A

Security Association – a tunnel with keys attached to it to encrypt/decrypt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IKE and Tunnels

What are the steps to create a Phase 1 tunnel?

A

1: Certificate exchange, only about proving identity. 2: exchange public keys, 3: create symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IKE and Tunnels

How are symmetric keys created in Phase 1?

A

Diffe-Hellmen (DH) keys: each side created pub/priv keypair, gives pub to other, my priv + other pub ==> DH symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IKE and Tunnels

What’s the really cool part about symmetric keys and how they work?

A

Created independently on each side from local priv + other’s pub keys. Symmetric key never traverses the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IKE and Tunnels

What do you have at the end of Phase 1?

A

Common symmetric key (but no actual tunnels to exchange traffic)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IKE and Tunnels

What happens when creating Phase 2?

A

Use symmetric key to encrypt, both sides agree on cipher suites, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IKE and Tunnels

What do you have at the end of Phase 2?

A

Actual tunnels up and ready, with a separate SA for each direction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Policy-based and Route-based

What are the two types of VPNs?

A

Policy-based and route-based VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Policy-based and Route-based

How does policy VPNs pick traffic to send?

A

Rules decide which traffic to pick and encrypt, different on both sides

17
Q

Policy-based and Route-based

How do route-based VPNs pick traffic to send?

A

Target matching prefix

18
Q

Policy-based and Route-based

Example of a Policy-based VPN setup?

A

Separate SAs for web traffic, CCTV traffic, and HR traffic, all running on same Phase 1 tunnel.