IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture - - PowerPoint PPT Presentation

▶

Feb 28, 2024 578 likes •681 views

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE PE CPE/CLE Host PE CPE to CPE IPSEC can be used for : PE to PE PE to CPE Bryan Gleeson, Page-1 CPE to CPE IPSEC tunnels

SLIDE 1

IPSEC VPN overview IPSEC VPN overview

SLIDE 2

Bryan Gleeson, Page-1

Basic VPN Architecture

CPE/CLE
PE
CPE/CLE
PE
PE
Host
CPE/CLE
IPSEC can be used for :
CPE to CPE
PE to CPE
PE to PE

SLIDE 3

Bryan Gleeson, Page-2

CPE to CPE IPSEC tunnels

IPSEC tunnel
CPE
PE
CPE
CPE
PE
PE
Host
Site to site IPSEC tunnels
Voluntary IPSEC tunneling

SLIDE 4

Bryan Gleeson, Page-3

PE to PE IPSEC tunnels

IPSEC tunnel
CPE
PE
CPE
CPE
PE
PE
Host
Can be used for both Layer 3 + Layer 2 VPNs

SLIDE 5

Bryan Gleeson, Page-4

CPE to PE IPSEC tunnels

IP/ MPLS
CPE
PE/

LAC

CPE
PE
PE
Host
CPE/LNS
Secure remote access to NB-VPN
Compulsory L2TP/IPSEC tunneling

SLIDE 6

Bryan Gleeson, Page-5

Current IPSEC WGs

IPSEC
IPSEC Policy (IPSP) - allows configuration of

IPSEC policy for hosts + security gateways, security gateway discovery for hosts etc

IPSEC Remote Access (IPSRA) - extend IPSEC to

allow for remote client user authentication and configuration

SLIDE 7

Bryan Gleeson, Page-6

Requirements Solicited - some possibilities are:

Ability to associate an IPSEC tunnel with a VPN

(e.g. add VPN-ID to IKE phase 2 negotiation)

Ability to run routing protocols over an IPSEC

tunnel (possible issue with wildcard QM client IDs)

Allow null encryption / null authentication option
More flexible diffserv marking rules

SLIDE 8

Bryan Gleeson, Page-7