| | Copyright |
| | About the Author |
| | About the Technical Reviewers |
| | Acknowledgments |
| | Command Syntax Conventions |
| | Introduction |
| | | Methodology |
| | | Who Should Read This Book? |
| | | How This Book Is Organized |
| | Part I: Introductory Concepts and Configuration/Troubleshooting |
| | | Chapter 1. Introduction to VPN Technologies |
| | | VPN Overview of Common Terms |
| | | Characteristics of an Effective VPN |
| | | VPN Technologies |
| | | Common VPN Deployments |
| | | Business Drivers for VPNs |
| | | IPsec VPNs and the Cisco Security Framework |
| | | Summary |
| | | Chapter 2. IPsec Fundamentals |
| | | Overview of Cryptographic Components |
| | | Public Key Encryption Methods |
| | | The IP Security Protocol (IPsec) |
| | | IKE and ISAKMP |
| | | Summary |
| | | Chapter 3. Basic IPsec VPN Topologies and Configurations |
| | | Site-to-Site IPsec VPN Deployments |
| | | Site-to-Site IPsec VPN Deployments and GRE (IPsec+GRE) |
| | | Hub-and-Spoke IPsec VPN Deployments |
| | | Remote Access VPN Deployments |
| | | Summary |
| | | Chapter 4. Common IPsec VPN Issues |
| | | IPsec Diagnostic Tools within Cisco IOS |
| | | Common Configuration Issues with IPsec VPNs |
| | | Architectural and Design Issues with IPsec VPNs |
| | | Summary |
| | Part II: Designing VPN Architectures |
| | | Chapter 5. Designing for High Availability |
| | | Network and Path Redundancy |
| | | IPSec Tunnel Termination Redundancy |
| | | Managing Peer and Path Availability |
| | | Managing Path Symmetry |
| | | Load Balancing, Load Sharing, and High Availability |
| | | Summary |
| | | Chapter 6. Solutions for Local Site-to-Site High Availability |
| | | Using Multiple Crypto Interfaces for High Availability |
| | | Stateless IPsec VPN High-Availability Alternatives |
| | | Stateful IPsec VPN High-Availability Alternatives |
| | | Summary |
| | | Chapter 7. Solutions for Geographic Site-to-Site High Availability |
| | | Geographic IPsec VPN HA with Reverse Route Injection and Multiple IPsec Peers |
| | | Geographic IPsec VPN High Availability with IPsec+GRE and Encrypted Routing Protocols |
| | | Dynamic Multipoint Virtual Private Networks |
| | | Summary |
| | | Chapter 8. Handling Vendor Interoperability with High Availability |
| | | Vendor Interoperability Impact on Peer Availability |
| | | Vendor Interoperability Impact on Path Availability |
| | | Vendor Interoperability Design Considerations and Options |
| | | Summary |
| | | Chapter 9. Solutions for Remote-Access VPN High Availability |
| | | IPsec RAVPN Concentrator High Availability Using Virtual Interfaces for Tunnel Termination |
| | | IPsec RAVPN Concentrator HA Using the VCA Protocol |
| | | IPsec RAVPN Geographic HA Design Options |
| | | Summary |
| | | Chapter 10. Further Architectural Options for IPsec |
| | | IPsec VPN Termination On-a-Stick |
| | | In-Path Versus Out-of-Path Encryption with IPsec |
| | | Separate Termination of IPsec and GRE (GRE-Offload) |
| | | Summary |
| | Part III: Advanced Topics |
| | | Chapter 11. Public Key Infrastructure and IPsec VPNs |
| | | PKI Background |
| | | PKI Components |
| | | Life of a Public Key Certificate |
| | | PKI and the IPSec Protocol SuiteWhere PKI Fits into the IPSec model |
| | | OCSP and CRL Scalability |
| | | Case Studies and Sample Configurations |
| | | Summary |
| | | Chapter 12. Solutions for Handling Dynamically Addressed Peers |
| | | Dynamic Crypto Maps |
| | | Tunnel Endpoint Discovery |
| | | Case StudyUsing Dynamic Addressing with Low-Maintenance Small Home Office Deployments |
| | | Summary |
| | Appendix A. Resources |
| | | Books |
| | | RFCs |
| | | Web and Other Resources |
| | Index |