IP Security, or IPsec for short, is a framework of standards that provides the following key security features at the network layer between two peer devices:
The Internet Engineering Task Force (IETF) defines the standards for IPsec in various RFCs. Because it provides network layer protection between devices or networks, and because it is an open standard, it is commonly used in today's networks that use IPv4 and IPv6.
This chapter will explore many of the standards that IPsec uses to provide a secure transport for communication. I'll first cover the standards used, and then discuss how these standards are implemented by IPsec in the "ISAKMP/IKE Phase 1" and "ISAKMP/IKE Phase 2" sections. As you will see in the chapter, vendors (such as Cisco), have a tendency to enhance the standards to overcome problems that IPsec can experience in data networks. Cisco, for example, has added many features to enhance both LAN-to-LAN (L2L) and remote access sessions. I'll discuss many of these features at the end of this chapter.
Part I: VPNs
Overview of VPNs
VPN Technologies
IPsec
PPTP and L2TP
SSL VPNs
Part II: Concentrators
Concentrator Product Information
Concentrator Remote Access Connections with IPsec
Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN
Concentrator Site-to-Site Connections
Concentrator Management
Verifying and Troubleshooting Concentrator Connections
Part III: Clients
Cisco VPN Software Client
Windows Software Client
3002 Hardware Client
Part IV: IOS Routers
Router Product Information
Router ISAKMP/IKE Phase 1 Connectivity
Router Site-to-Site Connections
Router Remote Access Connections
Troubleshooting Router Connections
Part V: PIX Firewalls
PIX and ASA Product Information
PIX and ASA Site-to-Site Connections
PIX and ASA Remote Access Connections
Troubleshooting PIX and ASA Connections
Part VI: Case Study
Case Study
Index