Why we need to use VPN?
CIA
confidentiality
Integrity of the data
Authenticity
VPN build logical tunnel over un-trusted network. Creates tunnel between user and ASA i.e. gateway
to have secure communication over internet
Types of VPNs?
a. Remote Access VPN (RA)
1. SSL No client s/w
Clientless SSL VPN requires a browser that supports SSL/TLS, and uses public PKI
Perfect for computers that are not managed by you, and the users may not have full admin rights, and only limited server access is required through the SSL Clientless tunnel.
Here client don’t need ip address since all of the traffic is going to proxied off the inside interface of ASA
2. SSL Full tunnel with Anyconnect client s/w
Installed s/w in pc. ip address is assigned from pool of internal network.
Anyconnect s/w requires administrative rights to install on the computer.
Note: if we want 1000 of connections then we can use clientless SSL vpn and once the connection is done we can have a tunnel.
3. IPSec RA Full tunnel VPN Client or Anyconnect
IPsec VPN s/w client requires administrative rights to install on the computer.
get virtual ip address from pool of internal network.
b. Site to Site VPNs
Ipsec site to site VPN
peer to peer between ASA to ASA also called VPN gateway to VPN gateway
Connection Profiles:
also known as Group or tunnel-group
used before the user authenticates.
ASA use connection profile to authenticate user for log on. It tells on which connection profile user is logging on.
Connection profile Types :
pre-logon we have not told asa who we are
Pre-authenticate
Connection profile use three basic things to decide which logical connection profile is used for allowing user
menu i.e. list
url
cert
Technologies used :
SSL /TLS/DTLS
IPSEC
IKEphase 1 and IKEphase 2
IKEv2
No comments:
Post a Comment