CCNA课件 4_VPN.ppt要点解析.ppt

(legacy) VPN Clients 建立VPN隧道的技术（协议） GRE（Cisco通用路由选择封装）； L2TP（第二层隧道协议），兼容L2F； PPTP（点到点隧道协议） MPLS（多协议标签交换 ） IPSec（IP安全协议） SSL（安全套接字层 ） 对数据进行加密/解密时必须使用密钥，密钥指的是加密算法： DES（数据加密标准）：使用56位密钥。 3DES：使用112位密钥，并执行三次DES加密操作。 AES（高级加密标准）：使用128、192、256位密钥。 在协商密钥（加密算法）时，就需要使用IKE协议来进行。 What Is IPsec? IPsec是指为网络层IP数据包提供保护和验证的一套安全协议. It is a framework of open standards that is algorithm independent. It provides data confidentiality, data integrity, and origin authentication. IPsec Security Services Confidentiality（数据机密性）： IPSec发送方在将数据发送并穿越网络之前，就加密数据包。 Data integrity（数据完整性）： 验证数据包在传送过程中是否被修改。MD5、SHA Data origin Authentication（数据源验证）： 验证IPsec数据包的源头。 Anti-replay protection（防止重放）： IPSec接收方可以检测到被中间者捕捉后重新投放到网上的数据,并拒收旧的或重复的数据包，它是通过报文的序列号实现。 IPsec algorithms and Security Protocols IPsec algorithms IPsec Security Protocols ? 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-* ? 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8-* * IPsec acts at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers), such as other PIX Firewalls, Cisco routers, VPN 3000 Concentrator Series, Cisco Secure VPN Client, and other IPsec-compliant products. IPsec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers at the IP layer. IPsec encompasses a suite of protocols. It is not bound to any specific encryption or authentication algorithms, key generation technique, or security association. IPsec supplies the rules while existing algorithms provide the encryption, authentication, key management, and so on. In this way, IPsec can allow the use of updated algorithms and key techniques without patching the IPsec protocol. In this topic, we’ll discuss how those open standards provide data confidentiality, integrity, and authentication. * The first VPN solution is remote access. Remote access is targeted to mobile user and Home telecommuters. Most