[...]... Encryption 20 RC4 21 DES and 3DES 22 AES 22 Diffie-Hellman 23 RSA and DSA 24 Digital Signatures and Digital Certification 24 Digital Signatures 24 Public Key Infrastructure, Digital Certificates, and Certification SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection Setup 34 Application... routers/firewalls and their command-line interface (CLI), and a general understanding of the overall SSL VPN solution How This Book Is Organized Part I of this book includes Chapters 1 and 2, which provide an overview of the remote access VPN technologies and introduce the SSL VPN technology The remainder of the book is divided into two parts Part II encompasses Chapters 3 and 4 and introduces the Cisco SSL VPN... (SSL VPN) VPN protocols can be categorized into two distinct groups: • • Site -to- site protocols Remote access protocols Site -to- site protocols allow an organization to establish secure connections between two or more offices so that it can send traffic back and forth using a shared medium such as the Internet These connections can also be used to connect the private or semiprivate networks of an organization... of SSL VPNs, including cryptographic algorithms, SSL and Transport Layer Security (TLS), and common SSL VPN technologies xix • • Part II, SSL VPN Design Considerations and Cisco Solution Overview,” includes the following chapters: Chapter 3, SSL VPN Design Considerations”: This chapter discusses the common design best practices for planning and designing an SSL VPN solution Chapter 4, “Cisco SSL. .. looking for remote access VPN solutions that provide ubiquitous access and low-cost deployment and management At present, no official standards exist for SSL VPN technologies; various vendors use different implementations This chapter takes a close look at the evolution of the SSL VPN technology to help you understand how this technology works Cryptographic Building Blocks of SSL VPNs A VPN carries private. .. with the private or semiprivate networks of a different organization over the shared medium This eliminates the need for dedicated leased lines to connect the remote offices to the organization’s network IPsec, GRE, and MPLS VPN are commonly used site -to- site VPN protocols Figure 1-1 shows a simple IPsec VPN topology that SecureMe (a fictitious company) is planning to deploy SecureMe wants to ensure... Site -to- Site VPN Tunnel Message Message Chicago London Host A Host B Message Message The remote access protocols benefit an organization by allowing mobile users to work from remote locations such as home, hotels, airport internet kiosks and Internet cafes as if they were directly connected to their organization’s network Organizations do not need to maintain a huge pool of modems and access servers to. .. 1829, and 1851 Internet Key Exchange (IKE) uses the framework provided by the Internet Security Association and Key Management Protocol (ISAKMP) and parts of two other key management protocols, namely Oakley and Secure Key Exchange Mechanism (SKEME) The purpose of IKE, as defined in RFC 2409, “The Internet Key Exchange,” is to negotiate different security associations (SA) by using the available key management... are migrating to broadband digital subscriber line (DSL) and cable-modem connections As a result, corporations are in the process of moving these dialup users to remote access VPNs for faster communication To help you select a remote access VPN technology that meets the needs and requirements of your organization, this chapter provides an overview of the different technologies The remote access VPN technologies... IPsec, SSL VPN, L2TP, L2TP over IPsec, and PPTP This page intentionally left blank This chapter describes the following topics: • • • Background SSL and TLS SSL VPN CHAPTER 2 SSL VPN Technology As Secure Socket Layer (SSL) Virtual Private Network (VPN) technology has become more mature and has rapidly been deployed over recent years, it has gained the attention of network and IT administrators who . Certification 25 SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection. Erum and Sana, sister-in-law Asiya, my cute nephew Shayan, and my adorable nieces Shiza and Alisha. Thank you for your patience and understanding during the development of this book. Qiang Huang: I. 96th Street Indianapolis, IN 46240 USA Cisco Press SSL Remote Access VPNs Jazib Frahim, CCIE No. 5459 Qiang Huang, CCIE No. 4937 ii SSL Remote Access VPNs Jazib Frahim, Qiang Huang Copyright©