Table of Contents | IPSec Virtual Private Network Fundamentals

IPsec Virtual Private Network Fundamentals
By James Henry Carmouche, - CCIE No. 6085
...............................................
Publisher: Cisco Press
Pub Date: July 19, 2006
Print ISBN-10: 1-58705-207-5
Print ISBN-13: 978-1-58705-207-1
Pages: 480

Table of Contents | Index

About the Author

About the Technical Reviewers

Acknowledgments

Command Syntax Conventions

Introduction

Methodology

Who Should Read This Book?

How This Book Is Organized

Part I: Introductory Concepts and Configuration/Troubleshooting

Chapter 1. Introduction to VPN Technologies

VPN Overview of Common Terms

Characteristics of an Effective VPN

VPN Technologies

Common VPN Deployments

Business Drivers for VPNs

IPsec VPNs and the Cisco Security Framework

Summary

Chapter 2. IPsec Fundamentals

Overview of Cryptographic Components

Public Key Encryption Methods

The IP Security Protocol (IPsec)

IKE and ISAKMP

Summary

Chapter 3. Basic IPsec VPN Topologies and Configurations

Site-to-Site IPsec VPN Deployments

Site-to-Site IPsec VPN Deployments and GRE (IPsec+GRE)

Hub-and-Spoke IPsec VPN Deployments

Remote Access VPN Deployments

Summary

Chapter 4. Common IPsec VPN Issues

IPsec Diagnostic Tools within Cisco IOS

Common Configuration Issues with IPsec VPNs

Architectural and Design Issues with IPsec VPNs

Summary

Part II: Designing VPN Architectures

Chapter 5. Designing for High Availability

Network and Path Redundancy

IPSec Tunnel Termination Redundancy

Managing Peer and Path Availability

Managing Path Symmetry

Load Balancing, Load Sharing, and High Availability

Summary

Chapter 6. Solutions for Local Site-to-Site High Availability

Using Multiple Crypto Interfaces for High Availability

Stateless IPsec VPN High-Availability Alternatives

Stateful IPsec VPN High-Availability Alternatives

Summary

Chapter 7. Solutions for Geographic Site-to-Site High Availability

Geographic IPsec VPN HA with Reverse Route Injection and Multiple IPsec Peers

Geographic IPsec VPN High Availability with IPsec+GRE and Encrypted Routing Protocols

Dynamic Multipoint Virtual Private Networks

Summary

Chapter 8. Handling Vendor Interoperability with High Availability

Vendor Interoperability Impact on Peer Availability

Vendor Interoperability Impact on Path Availability

Vendor Interoperability Design Considerations and Options

Summary

Chapter 9. Solutions for Remote-Access VPN High Availability

IPsec RAVPN Concentrator High Availability Using Virtual Interfaces for Tunnel Termination

IPsec RAVPN Concentrator HA Using the VCA Protocol

IPsec RAVPN Geographic HA Design Options

Summary

Chapter 10. Further Architectural Options for IPsec

IPsec VPN Termination On-a-Stick

In-Path Versus Out-of-Path Encryption with IPsec

Separate Termination of IPsec and GRE (GRE-Offload)

Summary

Part III: Advanced Topics

Chapter 11. Public Key Infrastructure and IPsec VPNs

PKI Background

PKI Components

Life of a Public Key Certificate

PKI and the IPSec Protocol SuiteWhere PKI Fits into the IPSec model

OCSP and CRL Scalability

Case Studies and Sample Configurations

Summary

Chapter 12. Solutions for Handling Dynamically Addressed Peers

Dynamic Crypto Maps

Tunnel Endpoint Discovery

Case StudyUsing Dynamic Addressing with Low-Maintenance Small Home Office Deployments

Summary

Appendix A. Resources

Books

RFCs

Web and Other Resources

Index