ssl and remote access vpns an introduction to designing and configuring ssl virtual private networks

369 565 0
ssl and remote access vpns an introduction to designing and configuring ssl virtual private networks

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

[...]... Encryption 20 RC4 21 DES and 3DES 22 AES 22 Diffie-Hellman 23 RSA and DSA 24 Digital Signatures and Digital Certification 24 Digital Signatures 24 Public Key Infrastructure, Digital Certificates, and Certification SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection Setup 34 Application... routers/firewalls and their command-line interface (CLI), and a general understanding of the overall SSL VPN solution How This Book Is Organized Part I of this book includes Chapters 1 and 2, which provide an overview of the remote access VPN technologies and introduce the SSL VPN technology The remainder of the book is divided into two parts Part II encompasses Chapters 3 and 4 and introduces the Cisco SSL VPN... (SSL VPN) VPN protocols can be categorized into two distinct groups: • • Site -to- site protocols Remote access protocols Site -to- site protocols allow an organization to establish secure connections between two or more offices so that it can send traffic back and forth using a shared medium such as the Internet These connections can also be used to connect the private or semiprivate networks of an organization... of SSL VPNs, including cryptographic algorithms, SSL and Transport Layer Security (TLS), and common SSL VPN technologies xix • • Part II, SSL VPN Design Considerations and Cisco Solution Overview,” includes the following chapters: Chapter 3, SSL VPN Design Considerations”: This chapter discusses the common design best practices for planning and designing an SSL VPN solution Chapter 4, “Cisco SSL. .. looking for remote access VPN solutions that provide ubiquitous access and low-cost deployment and management At present, no official standards exist for SSL VPN technologies; various vendors use different implementations This chapter takes a close look at the evolution of the SSL VPN technology to help you understand how this technology works Cryptographic Building Blocks of SSL VPNs A VPN carries private. .. with the private or semiprivate networks of a different organization over the shared medium This eliminates the need for dedicated leased lines to connect the remote offices to the organization’s network IPsec, GRE, and MPLS VPN are commonly used site -to- site VPN protocols Figure 1-1 shows a simple IPsec VPN topology that SecureMe (a fictitious company) is planning to deploy SecureMe wants to ensure... Site -to- Site VPN Tunnel Message Message Chicago London Host A Host B Message Message The remote access protocols benefit an organization by allowing mobile users to work from remote locations such as home, hotels, airport internet kiosks and Internet cafes as if they were directly connected to their organization’s network Organizations do not need to maintain a huge pool of modems and access servers to. .. 1829, and 1851 Internet Key Exchange (IKE) uses the framework provided by the Internet Security Association and Key Management Protocol (ISAKMP) and parts of two other key management protocols, namely Oakley and Secure Key Exchange Mechanism (SKEME) The purpose of IKE, as defined in RFC 2409, “The Internet Key Exchange,” is to negotiate different security associations (SA) by using the available key management... are migrating to broadband digital subscriber line (DSL) and cable-modem connections As a result, corporations are in the process of moving these dialup users to remote access VPNs for faster communication To help you select a remote access VPN technology that meets the needs and requirements of your organization, this chapter provides an overview of the different technologies The remote access VPN technologies... IPsec, SSL VPN, L2TP, L2TP over IPsec, and PPTP This page intentionally left blank This chapter describes the following topics: • • • Background SSL and TLS SSL VPN CHAPTER 2 SSL VPN Technology As Secure Socket Layer (SSL) Virtual Private Network (VPN) technology has become more mature and has rapidly been deployed over recent years, it has gained the attention of network and IT administrators who . Certification 25 SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection. Erum and Sana, sister-in-law Asiya, my cute nephew Shayan, and my adorable nieces Shiza and Alisha. Thank you for your patience and understanding during the development of this book. Qiang Huang: I. 96th Street Indianapolis, IN 46240 USA Cisco Press SSL Remote Access VPNs Jazib Frahim, CCIE No. 5459 Qiang Huang, CCIE No. 4937 ii SSL Remote Access VPNs Jazib Frahim, Qiang Huang Copyright©

Ngày đăng: 06/07/2014, 15:29

Từ khóa liên quan

Mục lục

  • SSL Remote Access VPNs

    • Contents

    • Introduction

    • Chapter 1 Introduction to Remote Access VPN Technologies

      • Remote Access Technologies

      • IPsec

        • Software-Based VPN Clients

        • Hardware-Based VPN Clients

      • SSL VPN

      • L2TP

      • L2TP over IPsec

      • PPTP

      • Summary

    • Chapter 2 SSL VPN Technology

      • Cryptographic Building Blocks of SSL VPNs

        • Hashing and Message Integrity Authentication

        • Encryption

        • Digital Signatures and Digital Certification

      • SSL and TLS

        • SSL and TLS History

        • SSL Protocols Overview

        • DTLS

        • SSL VPN

        • Summary

        • References

    • Chapter 3 SSL VPN Design Considerations

      • Not All Resource Access Methods Are Equal

      • User Authentication and Access Privilege Management

        • User Authentication

        • Choice of Authentication Servers

        • AAA Server Scalability and High Availability

      • Security Considerations

        • Security Threats

        • Security Risk Mitigation

      • Device Placement

      • Platform Options

      • Virtualization

      • High Availability

      • Performance and Scalability

      • Summary

      • References

    • Chapter 4 Cisco SSL VPN Family of Products

      • Overview of Cisco SSL VPN Product Portfolio

      • Cisco ASA 5500 Series

        • SSL VPN History on Cisco ASA

        • SSL VPN Specifications on Cisco ASA

        • SSL VPN Licenses on Cisco ASA

      • Cisco IOS Routers

        • SSL VPN History on Cisco IOS Routers

        • SSL VPN Licenses on Cisco IOS Routers

      • Summary

    • Chapter 5 SSL VPNs on Cisco ASA

      • SSL VPN Design Considerations

      • SSL VPN Prerequisites

        • SSL VPN Licenses

        • Client Operating System and Browser and Software Requirements

        • Infrastructure Requirements

      • Pre-SSL VPN Configuration Guide

        • Enrolling Digital Certificates (Recommended)

        • Setting Up ASDM

        • Accessing ASDM

        • Setting Up Tunnel and Group Policies

        • Setting Up User Authentication

      • Clientless SSL VPN Configuration Guide

        • Enabling Clientless SSL VPN on an Interface

        • Configuring SSL VPN Portal Customization

        • Configuring Bookmarks

        • Configuring Web-Type ACLs

        • Configuring Application Access

        • Configuring Client-Server Plug-Ins

      • AnyConnect VPN Client Configuration Guide

        • Loading the SVC Package

        • Defining AnyConnect VPN Client Attributes

        • Advanced Full Tunnel Features

      • Cisco Secure Desktop

        • CSD Components

        • CSD Requirements

        • CSD Architecture

        • Configuring CSD

      • Host Scan

        • Host Scan Modules

        • Configuring Host Scan

      • Dynamic Access Policies

        • DAP Architecture

        • DAP Sequence of Events

        • Configuring DAP

      • Deployment Scenarios

        • AnyConnect Client with CSD and External Authentication

        • Clientless Connections with DAP

      • Monitoring and Troubleshooting SSL VPN

        • Monitoring SSL VPN

        • Troubleshooting SSL VPN

      • Summary

    • Chapter 6 SSL VPNs on Cisco IOS Routers

      • SSL VPN Design Considerations

      • IOS SSL VPN Prerequisites

      • IOS SSL VPN Configuration Guide

        • Configuring Pre-SSL VPN Setup

        • Initial SSL VPN Configuration

      • Advanced SSL VPN Features

        • Configuring Clientless SSL VPNs

        • Windows File Sharing

        • Configuring Application ACL

        • Thin Client SSL VPNs

        • AnyConnect SSL VPN Client

      • Cisco Secure Desktop

        • CSD Components

        • CSD Requirements

        • CSD Architecture

        • Configuring CSD

      • Deployment Scenarios

        • Clientless Connections with CSD

        • AnyConnect Client and External Authentication

      • Monitoring an SSL VPN in Cisco IOS

      • Summary

    • Chapter 7 Management of SSL VPNs

      • Multidevice Policy Provisioning

        • Device View and Policy View

        • Use of Common Objects for Multidevice Management

      • Workflow Control and Role-Based Access Control

        • Workflow Control

        • Workflow Mode

        • Role-Based Administration

      • Summary

      • References

    • Index

      • A

      • B

      • C

      • D

      • E

      • F

      • G

      • H

      • I

      • K

      • L

      • M

      • N

      • O

      • P

      • R

      • S

      • T

      • U

      • V

      • W – Z

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan