MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets
Vložit
- čas přidán 12. 09. 2012
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, CBT Nuggets trainer Keith Barker takes a look at the concepts behind how IPsec site-to-site VPNs work. Keith uses a protocol analyzer to show you the before and after picture of a packet that's been encrypted and transmitted.
Sending packets in the wild can be dangerous. The Big Bad Internet is just waiting for you to send sensitive or important information so it can be sniffed out and exploited. So any time you send a packet out there, it's a good idea to give it some protection. IPSec lets you do that
Imagine a company with two geographically separated offices. They want full data networking between the two sites. All the servers and resources of both should be shared fully between the two.
With high-speed connectivity at both sites, the impulse might be to just send it all over the internet. But that can pose a security risk.
An IPsec VPN site-to-site tunnel can provide a number of things. First, confidentiality thanks to encryption. Also, integrity - IPsec can confirm that no bits were manipulated in transit. It can even provide authentication and anti-replay support.
See the benefits of IPsec VPN tunnels and what the packets themselves look like before and after transmission.
0:25: When you might need a VPN tunnel
1:00: The risk of using the Internet
1:45: What are IPsec’s claims to fame?
2:40: How does it do it?
3:55: Two perspectives of what the VPN looks like
5:10: Side-by-side comparison of the encrypted packet
6:40: Overview
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/i297
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/on5i
Start learning with CBT Nuggets:
• Intro to Networking | courses.cbt.gg/tuv
• MPLS Fundamentals | courses.cbt.gg/u7u
You have a remarkable gift for teaching in plain language; I have watched a few of your videos on YT and gained in understanding, even though I am not an IT novice - I sense you enjoy what you do: thanks for taking the time to assist others.
You teach amazingly well. I can see the hard work you put into first explain the theory and then back it up with a practical example.
This was incredible. Simple, clear, well-paced, sticks to the subject, practical use-case. Just very well done.
Best of the best! Super simplified nugget, this is the best explanation of IPsec I have seen, very informative and useful. Thank you so much, Keith!
This stuff was pure gibberish before I started studying Cisco; now it's pure gold. Thank you very much CBT Nuggets.
Your enthusiasm made this much easier to understand
Thanks for the vid Mr. Barker...you take complicated topics and explain them so i can understand, keep up the great work!!
Hi Keith, thank you for taking the time and answering my question. Great video!
Simple. Easy to Understand. Straight to the point. Awesome!
Hello Ashwin-
Yes, you've got it. The outside IP header will have the source IP of the VPN gateway sending the packet, with a destination IP header of the remote VPN gateway who will be receiving the packet over the internet. When the receiving router gets the packet, it will de-encapsulate and throw away the old outside header, decrypt the contents (which include the initial IP header addresses the client was using) and continue to route the packet.
Keith
Great description and even I got. :)
Very good voice to match the video tutorial. Thanks Keith!!
Amazing! I'm blown away. Thank you for the intelligent explanation.
The way you explain it makes it seem so easy to the point where it becomes funny!!, thank you
Your style of explaining is second to none. 👍🙏🙏🙏
Awesome video, love your enthusiasm! :)
Man you're way of teaching is just awesome.. pls keep on doing what you're doing..
Subscribed thanks to this video. You sound so happy talking about this lol. Thanks for the vid!
This was so well illustrated and explained. Thanks
You are very welcome Samer!
Best wishes,
Keith
great job by keith barker and one of the best trainer on the internet
This is one of the coolest explanations I've seen ..You've got talent.. Kudos
Excellent, learned something new. thanks for showing packet tracer working in the background
This is just so fun, thanks man!!
Thanks. Been doing site to site VPN for years now. Still is reliable for small and medium sized businesses :)
Thanks so much, really simple and clear explanation.
Made it so clear and easy! Great job!
AH would've been good to mention as well. You do teach very well Keith!
Thank you sir...You know exactly how to teach things..wonderful video
Excellent. You did a great job. Simple to understand. Thanks!
Bro I loved this video. Thank you so much haha you have a gift at teaching simply
Great tutorial man! Great work, Great examples!
Brilliant video...simple and practical example ...loved it.
How can someone thumb down this video, fantastic explanation.
This series is awesome.
I hadn't realised how old this vid is until I saw the Windows XP Start button! Still good, though, thanks.
شكرا للدكتور هيازع البارقي خبير امن نظم المعلومات
Great explanation! Thank you!!!
thanks for this detailed explanation with the actual ping request!
Thank you for such a great explanation.
Great Explanation in Simple Language
Thank you so much, so well explained
Excellent teacher!!! Thanks.
This was great! :D
Thank for this video!
Keith that was amazing .. many thanks :)
Ahmed Abduljabar Thanks for the feedback! It is appreciated.
-Keith
Keith Barker
My best instructor
very professional video. thanks!
You are amazing! I've never heard someone explain something so well! Brilliant!
Great video :) Thanks again!
Excelente !!!!!!!!!!! Congrats!!!!!!!!!!!
Good Job Keith!
thanks. good one. well explained. short and to the point.
Man! You mad helpful! So glad I found ya!
Thank you. Awesome work
viraj ayachit 🎒😈🍯👨👦👚👨👦👦♥️U.K.
Brilliant.. Thanks a lot for simplifying it.
Thank you for not having a monotone voice!
Dear Sir, you teach very very nice "super nice" than the other
awesome video thank u so much !
Superb! Got it exact
To check the data integrity of the packets as they are sent means they undergo tests like CRC (cyclic redundacy checking).
so helpful thx !
Great Stuff!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Awesome video, thank you so much!
Hi Keith..What tool are you using in creating your topology? and also the tool you use to capture the packet
Hello CBT, This was quit a great one. Could you please share a simulated one with packet tracer or GNS3 what ever ... Please. it will be very helpfull begginers as me :D
Your channel enlighten some dark spots i had in networking, I'd like to thank you I have my network security exam at the end of this month.
Otherwise, would you tell me what software are you using for the facilitation of the course?
awesome dude. thx
great and simplified vedio
good job!
THANK YOU !!!!!!!!!!!!!!!!!!!!!!!
Very nice !
Nice explanation. What i'm missing is: Who to do this? How do i create R1 and R2?
After all, it's about. How to get this to work.
Amazing! Thank you!
Our pleasure! Glad you were able to find value in this video! :)
Great facilitated! thanks
Glad it helped!
Thanks for the video, what did you use to draw on the screen? Is that a pad you can hook up to a computer?
The VPN client installed in our home machines will do the ESP encapsulation at machine itself before it sends to our ISP ? Is that right ? In this example you said Router R1(ISP's router) is doing it.
IPSec or OpenVPN, which would you suggest in terms of security?
Hi Keith,
I have a short question. Why do we not use SSL universally/predominantly for VPNs but use IPSec? One good reason to use SSL as opposed to IPSec is the popularity of port on which it works (443). The positive is that it's open everywhere! Am I missing something?? Maybe one similar question should be - What prevents us from using SSL instead of IPSEC protocol suite in Site-to-site tunnels?
The the crypto ACL says any-any, there are 2 challenges. The two peers will need to agree on that to bring up a tunnel, and then secondly, all traffic leaving the VPN peers would be sent to the peer on the other side. There may be some corner cases where something similar to that would work, but for general site to site VPNs it would be a configuration/design error.
How were you able to capture the packets sent from machine to router? Then router to web?
You're awesome.
thank you
Hi Keith,
At around 3:05 you say the packet is going to be encapsulated. Does this mean that the Packet basically has 2 Destination and 2 Source IP adresses, from which only 1 Destination and 1 Source Address are visable when the packet is send over the Internet?
You Deserved 5 star ⭐ believe me
That is awesome.
Danke Bre
hi , thanks for your nice video but, software did you use??
thanks
Great video on VPN tunnels. I was trying to setup S2S VPN in AWS and what I did not understand is role of Inside IPv4 addresses (typically 169.254.0.0/16 range). It would be great if you could help me understand what these inside IPs are, why they are used, are these actual IPs?
This is a year late but that looks to be APIPA range. Just google that and I think you'll be good to go
Muchas Gracias! implementar una VPN.
Hi, I just wanna ask. What will happen if I use an access-list with permit ip any any in Ipsec VPN? Will the network be able to browse the internet?
Thanks
if I get the videos on your CBT Nuggets, would subtitles in my language?
Does Ipsec add latency to voip calls because it has to encrypt the message? When would I turn on or off ipsec? Any help would be appreciated.
What I never understood is why a VPN is necessary at all - why not send a regular IP packet with encrypted payload?
But I am getting the feeling that this is *exactly* what VPN (or rather IPsec) is doing. It always seemed to me that the encapsulation part, which was always presented as one of the two critical components of a VPN (the other being encryption), was a VPN-exclusive thing, but I guess when two PCs in their respective local networks talk to each other, encapsulation is *always* present - is that correct?
My pleasure! Glad you liked the video.
Keth
Thanks. But how do you connect two routers with each other? Do you use Public IP addres forwarding to each Router? For Example....How can i RDP from 172.16.0.2 to 192.168.0.20 ?
Hi dear teacher. As always, an amazing teaching video, and thank you! Beginning VPN self-studying, why so many companies selling VPN connections? Can't we set up VPNs from both sites using just internet connections of two routers? Thank you!
So.. the routing table of R1 is supposed to contain the entire range of IPs of PCs under R2, or else how does it understand which of the requests are to be encrypted and sent to R2's IP ???? (and vice versa)
Hi Keith,
Can u help with something. I have this network that I'm working on packet tracer. I have two sites site A and B. Site A is ASN 10 and B is ASN 20. In the middle is an ISP router on the ASN 50. I use OSPF for the interior routing on my two sites and bgp has been configured successfully on all three routers and I managed to get IP connectivity from hosts on site A to B and vice versa. The thing is when I implemented the IPsec VPN tunnel, the hosts on site A can reach until the router that connects the destination hosts but never reached them. The thing is the pings from a host in A reaches all networks inside site B except the network of the destination host. Like if 192.168.1.0 / 24 is the source network in site A and 192.168.2.0 / 24 is the destination network on B, the hosts on A can reach all networks except the network on which my destination hosts live. Pls help me understand what could have gone wrong
ipsec uses 2 protocols ESP for encryption and AH for authentication . using sha1 sha2 or md5 and using aes for authentication