© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.014-1 Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec.

Презентация:



Advertisements
Похожие презентации
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
Option_W_3
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 12 Configure the Cisco Virtual Private Network Client Backup Server, and Load Balancing.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 8 Configure the Cisco VPN Client Auto-Initiation Feature.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Site-to-Site IPsec VPN Operation.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco Secure Virtual Private Networks 4.0.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 4 Cisco Virtual Private Network 3000 Concentrator Series Hardware Overview.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
Chapter 21: Managing ATM VLANs 21-1 Copyright © 1998, Cisco Systems, Inc.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.
Транксрипт:

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec over UDP and IPSec over TCP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon the completion of this lesson, you will be able to perform the following tasks: Describe how address translation works at the port level. Explain the IPSec address translation issue. Describe the three Concentrator translation options. Configure the Concentrator for IPSec over UDP. Configure the Concentrator for NAT Traversal. Configure the Concentrator for IPSec over TCP. Monitor session statistics.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Overview of Port Address Translation

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT Application server NAT Remote office Corporate office Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT (cont.) Application server NAT Remote office Corporate office ? Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN PAT – Port Application server Port PAT Remote office Corporate office Port – Port Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN PAT (cont.) Application server PAT Remote office Corporate office Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IKE and UDP Issue Concentrator NAT IKE IPSec Dropped Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec over UDPProprietary IPSec over UDP (Proprietary) Cisco VPN Client PAT device Internet Hash Data IP ESP UDP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT TraversalStandards-Based IPSec over UDP NAT-T (Standards-based IPSec over UDP) PAT device Internet 4500 Initiator UDP (X,500) … VID UDP (X, 4500) …NAT-D, NAT-D Responder UDP (500, X) …VID, NAT-D, NAT-D UDP (4500, X) … Concentrator Hash Data IP ESP UDP IP Cisco VPN Client

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec over TCP IPSec over TCP (System-wide) PAT device Internet Hash Data IP ESP TCP IP Cisco VPN Client

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec Through PAT Mode

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring IPSec over UDP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Configuration IPSec over UDP Client Concentrator Internet Hash Data IP ESP UDP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Configuration IPSec over UDP Client Concentrator Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring NAT Traversal

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator ConfigurationNAT-T Client Concentrator Internet Hash Data IP ESP UDP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client ConfigurationNAT-T Client Concentrator Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring IPSec over TCP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN ConcentratorIPSec over TCP Configuration Client Concentrator Internet Hash Data IP ESP TCP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Hardware ClientIPSec over TCP Configuration Concentrator Internet SOHO Hash Data IP ESP TCP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software ClientIPSec over TCP Configuration Client Concentrator Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Monitoring Session Statistics

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Connection Status Client Concentrator Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Hardware Client Connection Status Client Concentrator Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Monitor Session Client Concentrator Internet Hash Data IP ESP TCP IP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Monitor Session Detail

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary IPSec does not translate through a NAT or PAT device. Configure IPSec over UDP, NAT-T, or TCP in both the Concentrator and clients. For each tunnel type, an applicable port number is defined. IPSec over TCP, NAT-T, or UDP statistics are viewable on both the Concentrator and clients.