Practical Networking .net
post

VPN Deep Dive

This course is a deep dive into the world of VPNs. The class is split into two portions, the first covers the basics of Cryptography. This serves as a review of the basic building blocks of a VPN and how each individual part works together to achieve the goal of secured communication. The second part of the class offers an in-depth look at the VPN Negotiation process, and what two peers must agree upon before a VPN tunnel will successfully build.

This is an advanced level class intended for students who can build VPNs without any assistance, and who have started troubleshooting VPNs using the available VPN Debugging.

By the end of class, the student will be able to:

  • Speak confidently about each of the Security services and how they are provided in a VPN tunnel
  • Explain the concept of Confidentiality and how it is provided
  • Explain the concept of Integrity and how it is provided
  • Explain the concept of Authenticity and how it is provided
  • Explain the concept of Anti-Replay and how it is provided
  • Understand the uses of the Diffie-Hellman Key Exchange
  • Describe and Contrast the two protocols that provide IP Security
  • Understand the two Modes to deploy IPsec and how they differently modify the original packet
  • Describe ISAKMP and its various functions
  • Describe a Security Association and its contents
  • Explain the function of the Internet Key Exchange (IKE) in the overall VPN negotiation process
  • Illustrate the 6 messages in Main Mode
  • Illustrate the 3 messages in Aggressive Mode
  • Illustrate the 3 messages in Quick Mode
  • Explain the Lifetime and how the Rekey process works
  • Understand PFS and what it does
  • Understand NAT Traversal and what it does
Dates:
No scheduled public classes.
Contact us to schedule a private delivery.
Duration
1 day / 8 hours
Delivery Format:
Physical Classroom
Virtual – Live delivery
Testimonials
Target Audience
  • Engineers who operate, deploy, and troubleshoot VPNs on any Cisco firewall platform
  • Engineers who want to understand everything that is happening in the VPN Negotiation
Pre-requisites

Students should be familiar with the configuration of VPNs. Course covers IPsec/IKE/ISAKMP protocols only.

Syllabus

Modules:

  • Cryptography Fundamentals
    • What is a VPN?
    • Confidentiality
      • Symmetric Encryption
      • Asymmetric Encryption
      • Public and Private Keys
    • Integrity
      • Hashing
      • HMAC
    • Authentication
    • Anti-Replay
    • Diffie-Hellman
  • VPN Negotiation
    • IPsec
      • Functionality
      • Authentication Header (AH)
      • Encapsulated Security Payload (ESP)
      • Transport Mode –
      • Tunnel Mode
    • ISAKMP
      • Functionality
      • Key Management
      • Policy Suites
      • Security Association
      • Key Generation
    • Internet Key Exchange (IKE)
      • Functionality
      • Tying together IPsec and ISAKMP
    • IKE Phase 1
      • Main mode & Aggressive Mode
      • Main Mode – First Exchange
      • Main Mode – Second Exchange
      • Main Mode – Third Exchange
      • Aggressive Mode – Message 1
      • Aggressive Mode – Message 2
      • Aggressive Mode – Message 3
    • IKE Phase 2
      • Quick Mode
      • Quick Mode – Message 1
      • Quick Mode – Message 2
      • Quick Mode – Message 3
      • Data Transfer
      • Tunnel Termination
    • IKE
      • NAT Traversal
      • Perfect Forward Secrecy