Posted by: Sulaiman Syed
Cisco, Firewall, vpn
Branch connectivity to the HQ or the Datacenter is one of the essential topics that almost all businesses have to deal with. Various methods has been developed to connect Branches. All these methods fall under the WAN connectivity module. Wan connectivity can be achieved using:
- MPLS VPN
- Dedicated Leased Lines
Even when the internet is used to provide Branch Connectivity. various methods and models can’t be used. from Dynamic Multipoint VPN (DMVPN), SSL VPN for clients, IPsec VPN, etc. We would discuss IPsec VPN here, and later would see a sample configurations.
Site-to-Site VPN uses Internet Security Association and Key Management Protocol (ISAKMP) and IPSec to create the tunnel. ISAKMP is a negotiation protocol that allow two routers to secure the tunnel. This negotiation is done in Two phases.
Phase one creates the first tunnel, this tunnel will protect the negotiations of the second phase (Second Tunnel). Phase one will protect the IPSec parameters that are being negotiated between the end points.
Phase two is the IPSec Tunnel, where the encryption of data, and authentication methods are negotiated and applied for the interesting traffic.