58,80 €*
Versandkostenfrei per Post / DHL
Lieferzeit 2-4 Werktage
IKEv2 IPsec Virtual Private Networks is the first plain English introduction to IKEv2: both a complete primer on this important new security protocol, and a practical guide to deploying it with Cisco's FlexVPN implementation.
Cisco experts Graham Bartlett and Amjad Inamdar explain how IKEv2 can be used to perform mutual authentication, and to establish and maintaining security associations (SAs). Their insights into IKEv2's goals, theory, and underlying concepts will be invaluable to all network security professionals, whatever technologies or solutions they choose for implementation.
Next, Bartlett and Inamdar thoroughly introduce FlexVPN, Cisco's high-value implementation of the IKEv2 standard. You'll discover FlexVPN's unified paradigm, and learn how its command-line interface can be used to manage IKEv2 in site-to-site, remote access, hub and spoke topology, and partial mesh (spoke to spoke direct) environments.
The authors explain how FlexVPN's simple, modular framework relies on the tunnel interface paradigm while remaining compatible with legacy VPN implementations. They offer detailed guidance on configuring IKEv2 VPNs using FlexVPN in both Cisco IOS and IOS-XE environments, and show how FlexVPN unifies previous Cisco overlay solutions, including crypto maps, EasyVPN, DMVPN, and remote access. Their practical design examples and hands-on troubleshooting steps will help you gain real mastery of FlexVPN configuration and operations in any network environment.
IKEv2 IPsec Virtual Private Networks is the first plain English introduction to IKEv2: both a complete primer on this important new security protocol, and a practical guide to deploying it with Cisco's FlexVPN implementation.
Cisco experts Graham Bartlett and Amjad Inamdar explain how IKEv2 can be used to perform mutual authentication, and to establish and maintaining security associations (SAs). Their insights into IKEv2's goals, theory, and underlying concepts will be invaluable to all network security professionals, whatever technologies or solutions they choose for implementation.
Next, Bartlett and Inamdar thoroughly introduce FlexVPN, Cisco's high-value implementation of the IKEv2 standard. You'll discover FlexVPN's unified paradigm, and learn how its command-line interface can be used to manage IKEv2 in site-to-site, remote access, hub and spoke topology, and partial mesh (spoke to spoke direct) environments.
The authors explain how FlexVPN's simple, modular framework relies on the tunnel interface paradigm while remaining compatible with legacy VPN implementations. They offer detailed guidance on configuring IKEv2 VPNs using FlexVPN in both Cisco IOS and IOS-XE environments, and show how FlexVPN unifies previous Cisco overlay solutions, including crypto maps, EasyVPN, DMVPN, and remote access. Their practical design examples and hands-on troubleshooting steps will help you gain real mastery of FlexVPN configuration and operations in any network environment.
Graham Bartlett, CCIE No. 26709, has designed a number of large scale Virtual Private Networks within the UK and worked with customers throughout the world using IKEv2 and Next Generation Encryption. Graham’s interests include Security and Virtual Private Networks. Within this space he has discovered zero-day vulnerabilities, including the higest severity security advisory in the March 2015 Cisco IOS software and IOS XE software security advisory bundled publication. He has contributed to numerous IETF RFCs, and has intellectual property published as prior art. He is a CiscoLive speaker and has developed Cisco Security exam content (CCIE/CCNP). He is a CCP (Senior) IA Architect, CCP (Practitioner) Security & Information Risk Advisor, CCNP, CISSP, Cisco Security Ninja and holds a BSc(Hons) in Computer Systems and Networks.
Amjad Inamdar CISSP 460898, is a Senior Technical Leader with Cisco IOS Security Engineering, India. He has primarily worked on design, development and deployment of Cisco IOS secure connectivity solutions including the industry leading FlexVPN, DMVPN, GETVPN and EzVPN solutions and is currently working on the Cisco next generation SD-WAN solution. He has contributed to IETF drafts, holds a Cisco patent and has prior art publications. He holds many industry certifications including CISSP, CCSK, CCNP Security, CCDP, CCNP R/S, CCNA (SP, Data Center, Wireless, Voice), Cisco Security Ninja and has presented security at conferences, internal forums and to Cisco customers and partners. He holds a degree (B.E) in Electronics and Communication Engineering.
Foreword xxvii
Introduction xxxiii
Part I Understanding IPsec VPNs
Chapter 1 Introduction to IPsec VPNs 1
The Need and Purpose of IPsec VPNs 2
Building Blocks of IPsec 2
Security Protocols 2
Security Associations 3
Key Management Protocol 3
IPsec Security Services 3
Access Control 4
Anti-replay Services 4
Confidentiality 4
Connectionless Integrity 4
Data Origin Authentication 4
Traffic Flow Confidentiality 4
Components of IPsec 5
Security Parameter Index 5
Security Policy Database 5
Security Association Database 6
Peer Authorization Database 6
Lifetime 7
Cryptography Used in IPsec VPNs 7
Symmetric Cryptography 7
Asymmetric Cryptography 8
The Diffie-Hellman Exchange 8
Public Key Infrastructure 11
Public Key Cryptography 11
Certificate Authorities 12
Digital Certificates 12
Digital Signatures Used in IKEv2 12
Pre-Shared-Keys, or Shared Secret 13
Encryption and Authentication 14
IP Authentication Header 15
Anti-Replay 16
IP Encapsulating Security Payload (ESP) 17
Authentication 18
Encryption 18
Anti-Replay 18
Encapsulation Security Payload Datagram Format 18
Encapsulating Security Payload Version 3 19
Extended Sequence Numbers 19
Traffic Flow Confidentiality 20
Dummy Packets 20
Modes of IPsec 20
IPsec Transport Mode 20
IPsec Tunnel Mode 21
Summary 22
References 22
Part II Understanding IKEv2
Chapter 2 IKEv2: The Protocol 23
IKEv2 Overview 23
The IKEv2 Exchange 24
IKE_SA_INIT 25
Diffie-Hellman Key Exchange 26
Security Association Proposals 29
Security Parameter Index (SPI) 34
Nonce 35
Cookie Notification 36
Certificate Request 38
HTTP_CERT_LOOKUP_SUPPORTED 39
Key Material Generation 39
IKE_AUTH 42
Encrypted and Authenticated Payload 42
Encrypted Payload Structure 43
Identity 44
Authentication 45
Signature-Based Authentication 46
(Pre) Shared-Key-Based Authentication 47
EAP 48
Traffic Selectors 50
Initial Contact 52
CREATE_CHILD_SA 53
IPsec Security Association Creation 53
IPsec Security Association Rekey 54
IKEv2 Security Association Rekey 54
IKEv2 Packet Structure Overview 55
The INFORMATIONAL Exchange 56
Notification 56
Deleting Security Associations 57
Configuration Payload Exchange 58
Dead Peer Detection/Keepalive/NAT Keepalive 59
IKEv2 Request Response 61
IKEv2 and Network Address Translation 61
NAT Detection 64
Additions to RFC 7296 65
RFC 5998 An Extension for EAP-Only Authentication in IKEv2 65
RFC 5685 Redirect Mechanism for the Internet Key Exchange
Protocol Version 2 (IKEv2) 65
RFC 6989 Additional Diffie-Hellman Tests for the Internet Key
Exchange Protocol Version 2 (IKEv2) 65
RFC 6023 A Childless Initiation of the Internet
Key Exchange Version 2 (IKEv2) Security Association (SA) 66
Summary 66
References 66
Chapter 3 Comparison of IKEv1 and IKEv2 67
Brief History of IKEv1 67
Exchange Modes 69
IKEv1 70
IKEv2 71
Anti-Denial of Service 72
Lifetime 72
Authentication 73
High Availability 74
Traffic Selectors 74
Use of Identities 74
Network Address Translation 74
Configuration Payload 75
Mobility & Multi-homing 75
Matching on Identity 75
Reliability 77
Cryptographic Exchange Bloat 77
Combined Mode Ciphers 77
Continuous Channel Mode 77
Summary 77
References 78
Part III IPsec VPNs on Cisco IOS
Chapter 4 IOS IPsec Implementation 79
Modes of Encapsulation 82
GRE Encapsulation 82
GRE over IPsec 83
IPsec Transport Mode with GRE over IPsec 83
IPsec Tunnel mode with GRE over IPsec 84
Traffic 85
Multicast Traffic 85
Non-IP Protocols 86
The Demise of Crypto Maps 86
Interface Types 87
Virtual Interfaces: VTI and GRE/IPsec 87
Traffic Selection by Routing 88
Static Tunnel Interfaces 90
Dynamic Tunnel Interfaces 91
sVTI and dVTI 92
Multipoint GRE 92
Tunnel Protection and Crypto Sockets 94
Implementation Modes 96
Dual Stack 96
Mixed Mode 96
Auto Tunnel Mode 99
VRF-Aware IPsec 99
VRF in Brief 99
VRF-Aware GRE and VRF-Aware IPsec 101
VRF-Aware GRE over IPsec 102
Summary 103
Reference 104
Part IV IKEv2 Implementation
Chapter 5 IKEv2 Configuration 105
IKEv2 Configuration Overview 105
The Guiding Principle 106
Scope of IKEv2 Configuration 106
IKEv2 Configuration Constructs 106
IKEv2 Proposal 107
Configuring the IKEv2 Proposal 108
Configuring IKEv2 Encryption 111
Configuring IKEv2 Integrity 113
Configuring IKEv2 Diffie-Hellman 113
Configuring IKEv2 Pseudorandom Function 115
Default IKEv2 Proposal 115
IKEv2 Policy 117
Configuring an IKEv2 Policy 118
Configuring IKEv2 Proposals under IKEv2 Policy 119
Configuring Match Statements under IKEv2 Policy 120
Default IKEv2 Policy 121
IKEv2 Policy Selection on the Initiator 122
IKEv2 Policy Selection on Responder 124
IKEv2 Policy Configuration Examples 125
Per-peer IKEv2 Policy 125
IKEv2 Policy with Multiple Proposals 126
IKEv2 Keyring 128
Configuring IKEv2 Keyring 129
Configuring a Peer Block in Keyring 130
Key Lookup on Initiator 132
Key Lookup on Responder 133
IKEv2 Keyring Configuration Example 134
IKEv2 Keyring Key Points 136
IKEv2 Profile 136
IKEv2 Profile as Peer Authorization Database 137
Configuring IKEv2 Profile 138
Configuring Match Statements in IKEv2 Profile 139
Matching any Peer Identity 142
Defining the Scope of IKEv2 Profile 143
Defining the Local IKE Identity 143
Defining Local and Remote Authentication Methods 145
IKEv2 Dead Peer Detection 149
IKEv2 Initial Contact 151
IKEv2 SA Lifetime 151
NAT Keepalives 152
IVRF (inside VRF) 152
Virtual Template Interface 153
Disabling IKEv2 Profile 153
Displaying IKEv2 Profiles 153
IKEv2 Profile Selection on Initiator and Responder 154
IKEv2 Profile Key Points 154
IKEv2 Global Configuration 155
HTTP URL-based Certificate Lookup 156
IKEv2 Cookie Challenge 156
IKEv2 Call Admission Control 157
IKEv2 Window Size 158
Dead Peer Detection 158
NAT Keepalive 159
IKEv2 Diagnostics 159
PKI Configuration 159
Certificate Authority 160
Public-Private Key Pair 162
PKI Trustpoint 163
PKI Example 164
IPsec Configuration 166
IPsec Profile 167
IPsec Configuration Example 168
Smart Defaults 168
Summary 169
Chapter 6 Advanced IKEv2 Features 171
Introduction to IKEv2 Fragmentation 171
IP Fragmentation Overview 172
IKEv2 and Fragmentation 173
IKEv2 SGT Capability Negotiation 178
IKEv2 Session Authentication 181
IKEv2 Session Deletion on Certificate Revocation 182
IKEv2 Session Deletion on Certificate Expiry 184
IKEv2 Session Lifetime 185
Summary 187
References 188
Chapter 7 IKEv2 Deployments 189
Pre-shared-key Authentication with Smart Defaults 189
Elliptic Curve Digital Signature Algorithm Authentication 194
RSA Authentication Using HTTP URL Lookup 200
IKEv2 Cookie Challenge and Call Admission Control 207
Summary 210
Part V FlexVPN
Chapter 8 Introduction to FlexVPN 211
FlexVPN Overview 211
The Rationale 212
FlexVPN Value Proposition 213
FlexVPN Building Blocks 213
IKEv2 213
Cisco IOS Point-to-Point Tunnel Interfaces 214
Configuring Static P2P Tunnel Interfaces 214
Configuring Virtual-Template Interfaces 216
Auto-Detection of Tunnel Encapsulation and Transport 219
Benefits of Per-Peer P2P Tunnel Interfaces 221
Cisco IOS AAA Infrastructure 221
Configuring AAA for FlexVPN 222
IKEv2 Name Mangler 223
Configuring IKEv2 Name Mangler 224
Extracting Name from FQDN Identity 225
Extracting Name from Email Identity 226
Extracting Name from DN Identity 226
Extracting Name from EAP Identity 227
IKEv2 Authorization Policy 228
Default IKEv2 Authorization Policy 229
FlexVPN Authorization 231
Configuring FlexVPN Authorization 233
FlexVPN User Authorization 235
FlexVPN User Authorization, Using an External AAA Server 235
FlexVPN Group Authorization 237
FlexVPN Group Authorization, Using a Local AAA Database 238
FlexVPN Group Authorization, Using an External AAA Server 239
FlexVPN Implicit Authorization 242
FlexVPN Implicit Authorization Example 243
FlexVPN Authorization Types: Co-existence and Precedence 245
User Authorization Taking Higher Precedence 247
Group Authorization Taking Higher Precedence 249
FlexVPN Configuration Exchange 250
Enabling Configuration Exchange 250
FlexVPN Usage of Configuration Payloads 251
Configuration Attributes and Authorization 253
Configuration Exchange Examples 259
FlexVPN Routing 264
Learning Remote Subnets Locally 265
Learning Remote Subnets from Peer 266
Summary 268
Chapter 9 FlexVPN Server 269
Sequence of Events 270
EAP Authentication 271
EAP Methods 272
EAP Message Flow 273
EAP Identity 273
EAP Timeout 275
EAP Authentication Steps 275
Configuring EAP 277
EAP Configuration Example...
| Erscheinungsjahr: | 2016 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| ISBN-13: | 9781587144608 |
| ISBN-10: | 1587144603 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Bartlett, Graham
Inamdar, Amjad |
| Auflage: | 1. Auflage |
| Hersteller: | Cisco Press |
| Verantwortliche Person für die EU: | preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de |
| Maße: | 235 x 195 x 36 mm |
| Von/Mit: | Graham Bartlett (u. a.) |
| Erscheinungsdatum: | 12.09.2016 |
| Gewicht: | 1,23 kg |
Graham Bartlett, CCIE No. 26709, has designed a number of large scale Virtual Private Networks within the UK and worked with customers throughout the world using IKEv2 and Next Generation Encryption. Graham’s interests include Security and Virtual Private Networks. Within this space he has discovered zero-day vulnerabilities, including the higest severity security advisory in the March 2015 Cisco IOS software and IOS XE software security advisory bundled publication. He has contributed to numerous IETF RFCs, and has intellectual property published as prior art. He is a CiscoLive speaker and has developed Cisco Security exam content (CCIE/CCNP). He is a CCP (Senior) IA Architect, CCP (Practitioner) Security & Information Risk Advisor, CCNP, CISSP, Cisco Security Ninja and holds a BSc(Hons) in Computer Systems and Networks.
Amjad Inamdar CISSP 460898, is a Senior Technical Leader with Cisco IOS Security Engineering, India. He has primarily worked on design, development and deployment of Cisco IOS secure connectivity solutions including the industry leading FlexVPN, DMVPN, GETVPN and EzVPN solutions and is currently working on the Cisco next generation SD-WAN solution. He has contributed to IETF drafts, holds a Cisco patent and has prior art publications. He holds many industry certifications including CISSP, CCSK, CCNP Security, CCDP, CCNP R/S, CCNA (SP, Data Center, Wireless, Voice), Cisco Security Ninja and has presented security at conferences, internal forums and to Cisco customers and partners. He holds a degree (B.E) in Electronics and Communication Engineering.
Foreword xxvii
Introduction xxxiii
Part I Understanding IPsec VPNs
Chapter 1 Introduction to IPsec VPNs 1
The Need and Purpose of IPsec VPNs 2
Building Blocks of IPsec 2
Security Protocols 2
Security Associations 3
Key Management Protocol 3
IPsec Security Services 3
Access Control 4
Anti-replay Services 4
Confidentiality 4
Connectionless Integrity 4
Data Origin Authentication 4
Traffic Flow Confidentiality 4
Components of IPsec 5
Security Parameter Index 5
Security Policy Database 5
Security Association Database 6
Peer Authorization Database 6
Lifetime 7
Cryptography Used in IPsec VPNs 7
Symmetric Cryptography 7
Asymmetric Cryptography 8
The Diffie-Hellman Exchange 8
Public Key Infrastructure 11
Public Key Cryptography 11
Certificate Authorities 12
Digital Certificates 12
Digital Signatures Used in IKEv2 12
Pre-Shared-Keys, or Shared Secret 13
Encryption and Authentication 14
IP Authentication Header 15
Anti-Replay 16
IP Encapsulating Security Payload (ESP) 17
Authentication 18
Encryption 18
Anti-Replay 18
Encapsulation Security Payload Datagram Format 18
Encapsulating Security Payload Version 3 19
Extended Sequence Numbers 19
Traffic Flow Confidentiality 20
Dummy Packets 20
Modes of IPsec 20
IPsec Transport Mode 20
IPsec Tunnel Mode 21
Summary 22
References 22
Part II Understanding IKEv2
Chapter 2 IKEv2: The Protocol 23
IKEv2 Overview 23
The IKEv2 Exchange 24
IKE_SA_INIT 25
Diffie-Hellman Key Exchange 26
Security Association Proposals 29
Security Parameter Index (SPI) 34
Nonce 35
Cookie Notification 36
Certificate Request 38
HTTP_CERT_LOOKUP_SUPPORTED 39
Key Material Generation 39
IKE_AUTH 42
Encrypted and Authenticated Payload 42
Encrypted Payload Structure 43
Identity 44
Authentication 45
Signature-Based Authentication 46
(Pre) Shared-Key-Based Authentication 47
EAP 48
Traffic Selectors 50
Initial Contact 52
CREATE_CHILD_SA 53
IPsec Security Association Creation 53
IPsec Security Association Rekey 54
IKEv2 Security Association Rekey 54
IKEv2 Packet Structure Overview 55
The INFORMATIONAL Exchange 56
Notification 56
Deleting Security Associations 57
Configuration Payload Exchange 58
Dead Peer Detection/Keepalive/NAT Keepalive 59
IKEv2 Request Response 61
IKEv2 and Network Address Translation 61
NAT Detection 64
Additions to RFC 7296 65
RFC 5998 An Extension for EAP-Only Authentication in IKEv2 65
RFC 5685 Redirect Mechanism for the Internet Key Exchange
Protocol Version 2 (IKEv2) 65
RFC 6989 Additional Diffie-Hellman Tests for the Internet Key
Exchange Protocol Version 2 (IKEv2) 65
RFC 6023 A Childless Initiation of the Internet
Key Exchange Version 2 (IKEv2) Security Association (SA) 66
Summary 66
References 66
Chapter 3 Comparison of IKEv1 and IKEv2 67
Brief History of IKEv1 67
Exchange Modes 69
IKEv1 70
IKEv2 71
Anti-Denial of Service 72
Lifetime 72
Authentication 73
High Availability 74
Traffic Selectors 74
Use of Identities 74
Network Address Translation 74
Configuration Payload 75
Mobility & Multi-homing 75
Matching on Identity 75
Reliability 77
Cryptographic Exchange Bloat 77
Combined Mode Ciphers 77
Continuous Channel Mode 77
Summary 77
References 78
Part III IPsec VPNs on Cisco IOS
Chapter 4 IOS IPsec Implementation 79
Modes of Encapsulation 82
GRE Encapsulation 82
GRE over IPsec 83
IPsec Transport Mode with GRE over IPsec 83
IPsec Tunnel mode with GRE over IPsec 84
Traffic 85
Multicast Traffic 85
Non-IP Protocols 86
The Demise of Crypto Maps 86
Interface Types 87
Virtual Interfaces: VTI and GRE/IPsec 87
Traffic Selection by Routing 88
Static Tunnel Interfaces 90
Dynamic Tunnel Interfaces 91
sVTI and dVTI 92
Multipoint GRE 92
Tunnel Protection and Crypto Sockets 94
Implementation Modes 96
Dual Stack 96
Mixed Mode 96
Auto Tunnel Mode 99
VRF-Aware IPsec 99
VRF in Brief 99
VRF-Aware GRE and VRF-Aware IPsec 101
VRF-Aware GRE over IPsec 102
Summary 103
Reference 104
Part IV IKEv2 Implementation
Chapter 5 IKEv2 Configuration 105
IKEv2 Configuration Overview 105
The Guiding Principle 106
Scope of IKEv2 Configuration 106
IKEv2 Configuration Constructs 106
IKEv2 Proposal 107
Configuring the IKEv2 Proposal 108
Configuring IKEv2 Encryption 111
Configuring IKEv2 Integrity 113
Configuring IKEv2 Diffie-Hellman 113
Configuring IKEv2 Pseudorandom Function 115
Default IKEv2 Proposal 115
IKEv2 Policy 117
Configuring an IKEv2 Policy 118
Configuring IKEv2 Proposals under IKEv2 Policy 119
Configuring Match Statements under IKEv2 Policy 120
Default IKEv2 Policy 121
IKEv2 Policy Selection on the Initiator 122
IKEv2 Policy Selection on Responder 124
IKEv2 Policy Configuration Examples 125
Per-peer IKEv2 Policy 125
IKEv2 Policy with Multiple Proposals 126
IKEv2 Keyring 128
Configuring IKEv2 Keyring 129
Configuring a Peer Block in Keyring 130
Key Lookup on Initiator 132
Key Lookup on Responder 133
IKEv2 Keyring Configuration Example 134
IKEv2 Keyring Key Points 136
IKEv2 Profile 136
IKEv2 Profile as Peer Authorization Database 137
Configuring IKEv2 Profile 138
Configuring Match Statements in IKEv2 Profile 139
Matching any Peer Identity 142
Defining the Scope of IKEv2 Profile 143
Defining the Local IKE Identity 143
Defining Local and Remote Authentication Methods 145
IKEv2 Dead Peer Detection 149
IKEv2 Initial Contact 151
IKEv2 SA Lifetime 151
NAT Keepalives 152
IVRF (inside VRF) 152
Virtual Template Interface 153
Disabling IKEv2 Profile 153
Displaying IKEv2 Profiles 153
IKEv2 Profile Selection on Initiator and Responder 154
IKEv2 Profile Key Points 154
IKEv2 Global Configuration 155
HTTP URL-based Certificate Lookup 156
IKEv2 Cookie Challenge 156
IKEv2 Call Admission Control 157
IKEv2 Window Size 158
Dead Peer Detection 158
NAT Keepalive 159
IKEv2 Diagnostics 159
PKI Configuration 159
Certificate Authority 160
Public-Private Key Pair 162
PKI Trustpoint 163
PKI Example 164
IPsec Configuration 166
IPsec Profile 167
IPsec Configuration Example 168
Smart Defaults 168
Summary 169
Chapter 6 Advanced IKEv2 Features 171
Introduction to IKEv2 Fragmentation 171
IP Fragmentation Overview 172
IKEv2 and Fragmentation 173
IKEv2 SGT Capability Negotiation 178
IKEv2 Session Authentication 181
IKEv2 Session Deletion on Certificate Revocation 182
IKEv2 Session Deletion on Certificate Expiry 184
IKEv2 Session Lifetime 185
Summary 187
References 188
Chapter 7 IKEv2 Deployments 189
Pre-shared-key Authentication with Smart Defaults 189
Elliptic Curve Digital Signature Algorithm Authentication 194
RSA Authentication Using HTTP URL Lookup 200
IKEv2 Cookie Challenge and Call Admission Control 207
Summary 210
Part V FlexVPN
Chapter 8 Introduction to FlexVPN 211
FlexVPN Overview 211
The Rationale 212
FlexVPN Value Proposition 213
FlexVPN Building Blocks 213
IKEv2 213
Cisco IOS Point-to-Point Tunnel Interfaces 214
Configuring Static P2P Tunnel Interfaces 214
Configuring Virtual-Template Interfaces 216
Auto-Detection of Tunnel Encapsulation and Transport 219
Benefits of Per-Peer P2P Tunnel Interfaces 221
Cisco IOS AAA Infrastructure 221
Configuring AAA for FlexVPN 222
IKEv2 Name Mangler 223
Configuring IKEv2 Name Mangler 224
Extracting Name from FQDN Identity 225
Extracting Name from Email Identity 226
Extracting Name from DN Identity 226
Extracting Name from EAP Identity 227
IKEv2 Authorization Policy 228
Default IKEv2 Authorization Policy 229
FlexVPN Authorization 231
Configuring FlexVPN Authorization 233
FlexVPN User Authorization 235
FlexVPN User Authorization, Using an External AAA Server 235
FlexVPN Group Authorization 237
FlexVPN Group Authorization, Using a Local AAA Database 238
FlexVPN Group Authorization, Using an External AAA Server 239
FlexVPN Implicit Authorization 242
FlexVPN Implicit Authorization Example 243
FlexVPN Authorization Types: Co-existence and Precedence 245
User Authorization Taking Higher Precedence 247
Group Authorization Taking Higher Precedence 249
FlexVPN Configuration Exchange 250
Enabling Configuration Exchange 250
FlexVPN Usage of Configuration Payloads 251
Configuration Attributes and Authorization 253
Configuration Exchange Examples 259
FlexVPN Routing 264
Learning Remote Subnets Locally 265
Learning Remote Subnets from Peer 266
Summary 268
Chapter 9 FlexVPN Server 269
Sequence of Events 270
EAP Authentication 271
EAP Methods 272
EAP Message Flow 273
EAP Identity 273
EAP Timeout 275
EAP Authentication Steps 275
Configuring EAP 277
EAP Configuration Example...
| Erscheinungsjahr: | 2016 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| ISBN-13: | 9781587144608 |
| ISBN-10: | 1587144603 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Bartlett, Graham
Inamdar, Amjad |
| Auflage: | 1. Auflage |
| Hersteller: | Cisco Press |
| Verantwortliche Person für die EU: | preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de |
| Maße: | 235 x 195 x 36 mm |
| Von/Mit: | Graham Bartlett (u. a.) |
| Erscheinungsdatum: | 12.09.2016 |
| Gewicht: | 1,23 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 2-4 Werktage
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen