Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемАльбина Шушлебина
1 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec over UDP and IPSec over TCP
2 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon the completion of this lesson, you will be able to perform the following tasks: Describe how address translation works at the port level. Explain the IPSec address translation issue. Describe the three Concentrator translation options. Configure the Concentrator for IPSec over UDP. Configure the Concentrator for NAT Traversal. Configure the Concentrator for IPSec over TCP. Monitor session statistics.
3 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Overview of Port Address Translation
4 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT Application server NAT Remote office Corporate office Internet
5 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT (cont.) Application server NAT Remote office Corporate office ? Internet
6 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN PAT – Port Application server Port PAT Remote office Corporate office Port – Port Internet
7 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN PAT (cont.) Application server PAT Remote office Corporate office Internet
8 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IKE and UDP Issue Concentrator NAT IKE IPSec Dropped Internet
9 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec over UDPProprietary IPSec over UDP (Proprietary) Cisco VPN Client PAT device Internet Hash Data IP ESP UDP IP
10 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN NAT TraversalStandards-Based IPSec over UDP NAT-T (Standards-based IPSec over UDP) PAT device Internet 4500 Initiator UDP (X,500) … VID UDP (X, 4500) …NAT-D, NAT-D Responder UDP (500, X) …VID, NAT-D, NAT-D UDP (4500, X) … Concentrator Hash Data IP ESP UDP IP Cisco VPN Client
11 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec over TCP IPSec over TCP (System-wide) PAT device Internet Hash Data IP ESP TCP IP Cisco VPN Client
12 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec Through PAT Mode
13 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring IPSec over UDP
14 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Configuration IPSec over UDP Client Concentrator Internet Hash Data IP ESP UDP IP
15 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Configuration IPSec over UDP Client Concentrator Internet
16 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring NAT Traversal
17 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator ConfigurationNAT-T Client Concentrator Internet Hash Data IP ESP UDP IP
18 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client ConfigurationNAT-T Client Concentrator Internet
19 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring IPSec over TCP
20 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN ConcentratorIPSec over TCP Configuration Client Concentrator Internet Hash Data IP ESP TCP IP
21 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Hardware ClientIPSec over TCP Configuration Concentrator Internet SOHO Hash Data IP ESP TCP IP
22 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software ClientIPSec over TCP Configuration Client Concentrator Internet
23 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Monitoring Session Statistics
24 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Connection Status Client Concentrator Internet
25 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Hardware Client Connection Status Client Concentrator Internet
26 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Monitor Session Client Concentrator Internet Hash Data IP ESP TCP IP
27 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator Monitor Session Detail
28 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary
29 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary IPSec does not translate through a NAT or PAT device. Configure IPSec over UDP, NAT-T, or TCP in both the Concentrator and clients. For each tunnel type, an applicable port number is defined. IPSec over TCP, NAT-T, or UDP statistics are viewable on both the Concentrator and clients.
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.