• Explain how IPSec works.
• Configure IPSec.
• Troubleshoot IPSec.

Duration: 3 days

>> Dates, prices & bookings for this course

>> Back to Security courses overview

What is IPSec?
VPN review, IP review, fragmentation, authentication, encryption, What is IPSec? AH, ESP. IPSec with IPv4, IPSec with IPv6. Hands on: Simple analysis of "normal" IP packets.

IPSec architecture
The IPSec protocols, transport mode, tunnel mode, implementations: Host tack, Bump in the Stack, Bump in the Wire. Hands on: Configuring IPSec.

AH
What AH does, the stack, security associations, Security Parameters Index, The AH header, AH in transport mode, AH in tunnel mode. Hands on: AH packet analysis.

ESP
What ESP does, the ESP header, ESP in transport mode, ESP in tunnel mode, ESP and SA, ESP and SPI. Hands on: ESP packet analysis.

Algorithms
Authentication algorithms: MD5, keyed SHA-1, HMAC-MD5, HMAC-SHA-1, HMAC-RIPEMD, other authentication algorithms. Encryption algorithms: DES, 3DES, Blowfish, AES, other encryption algorithms. Hands on: Algorithm configuration.

IKE
Internet Key Exchange, the two phase negotiation, ISAKMP, ISAKMP header, pre shared keys, digital signatures, public key encryption, Diffie Hellman, proposals, counter proposals, nonces, identities, phase 1 negotiation: main mode, aggressive mode, base mode. Phase 2 negotiation: quick mode, new group mode. Hands on: IKE packet analysis.

More IKE
PFS, IKE and dynamic addresses, XAUTH, hybrid authentication, CRACK, ULA, PIC. User level authentication. IKE renegotiation, heartbeats. Hands on: Troubleshooting IPSec.

Security policies
PF_KEY, policy setting and enforcement, policy configuration, policy servers, policy exchange. Hands on: Policy configuration.

PKI
What is PKI?, CA, RA, VA, certificates, CA hierarchy, CRLs, certificate formats. Hands on: installing and configuring certificate servers.

Summary
IPSec strengths and weaknesses. Where to get further information.