Course Name
VPN Fundamentals
Course Number
LS 122 104
Course Duration
2 days
Course Description
A VPN is a communications environment in which access is
controlled to permit peer connections only within a defined
community of interest, and is constructed though some form of
partitioning of a common underlying communications medium,
where this underlying communications medium provides services to
the network on a non-exclusive basis.
Virtual private networks have become an essential part of today's
business networks, as they provide a cost-effective means of
assuring private internal and external communications over the
shared Internet infrastructure. Virtual Private Networks:
Technologies and Solutions is a comprehensive, practical guide to
VPNs.
VPN Fundamentals includes VPN concepts and architectures,an indepth examination of advanced features and functions such as
tunneling, authentication, access control, VPN gateways, VPN
clients, and VPN network and service management.
This course presents the various technology components, concrete
solutions, and best practices you need to deploy and manage a
highly successful VPN.
Course Objective
After completing this course, attendees will be able to:





Understand IPsec, featuring the Authentication Header,
Encapsulating
Security
Payload,
Internet
Key
Exchange, and implementation details
Understand PPTP, L2F, L2TP, and MPLS as VPN tunneling
protocols
Review Two-party and three-party authentication, including
RADIUS and Kerberos
Explore Public key infrastructure (PKI) concept and its
integration into VPN solutions
Understand Access control policies, mechanisms, and










management, and their application to VPNs
Review VPN gateway functions, including site-to-site intranet,
remote access, and extranet
Review Gateway configuration, provisioning, monitoring, and
accounting
Explore Gateway interaction with firewalls and routers
Understand VPN client implementation issues, including
interaction with operating systems
Understand Client operation issues, including working with NAT,
DNS, and link MTU limits
Explore VPN service and network management architectures
and tunnel and security management
Review successful VPN deployments
Discuss successful and unsuccessful VPN deployments
Step through a practical process for managing a VPN
deployment project
Explore the current and future market trends
Target Audience
IT Managers, Security Officers, Network Engineers, Tech Support
and anyone who is interested in VPN.
Prerequisites
Basic Knowledge of TCP/IP and Networking
Course Module













Introduction
VPN Definition
Potential Uses and Benefits
VPN Motivation
The VPN Market
VPN Requirements
Building Blocks of a VPN
VPN Technologies
VPN Topology
VPN Protocols
VPN versus Mobile IP
VPN Architectures
VPN Requirements, Building Blocks, and Architectures



































Implementer-based VPN Architectures
Security-based VPN Architectures
Layer-based VPN Architectures
Class-based VPN Architectures Site-to-Site Intranet VPNs
Remote Access VPNs
Extranet VPNs
Key Aspects of VPN Security
Overview of Network Security
Internet Architecture
Security Issues Connecting to Internet
Relevant Cryptography
Generic Secure Channel
Cryptography
Shared Key Cryptography
Public Key Cryptography
Digital Signatures
Message Authentication Codes
Tunnels and VPN
Data Integrity and Confidentiality.
VPN Tunneling Protocols
PPTP
L2F
L2TP
Ipsec
MPLS
Point-to-Point Protocol (PPP)
Overview and Basic Operation
Basis for L2 VPN Protocols
Major Components
Wire Authentication Protocols
Backend Authentication Servers
Configuration of Network Protocols
Layer Two VPN Protocols
Common Aspects
Advantages and Disadvantages



































Layer Two Forwarding (L2F)
Point-to-Point Tunneling Protocol (PPTP)
Layer Two Tunneling Protocol (L2TP)
IP Security Protocol (IPSEC)
Basic IPsec Concepts
IPsec and VPNs
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
Operational Modes
Security Associations
Mandatory Configurations
Issues with Remote Access
Key Management
ANX Implementation
L2TP with IPSEC
Phase 1 Negotiation
Phase 2 Negotiation
IPsec Implementation
Authentication and access control in VPN
PAP and CHAP
PPP Authentication
RADIUS
S/KEY and OTP
Trusted Third-Party Authentication
Kerberos
X.509 Public Key Infrastructure
Pretty Good Privacy Trust Model
Authentication in VPNs
Gateway-Gateway Authentication
Access Control Policy
Access Control Rules
Access Control Lists
Access Control Policy Management
Access Control in VPNs



































Public Key Infrastructure (PKI) and VPNs
PKI Architecture
Certification
Validation
Trust Models
Digital Certificate Formats
X.509 Digital Certificate
Certificate Management System
Certificate Protocols
Certificate Use in VPNs
VPN SOLUTIONS and implementations
Assessing Your Environment and Needs
Design Methodology
Basic Administrative Tasks
VPN Project Management
Successful VoIP deployments
A practical process for managing a VoIP deployment project
VPN Gateways.
Gateway Configuration and Provisioning
VPN Gateway and Firewall
VPN Design Issues
A VPN Solution Scenario
VPN Clients
Alternative VPN Clients
A Remote Access VPN Scenario
QOS and Performance Issues
Factors Affecting Performance
QOS Defined
TCP Operation
Broad Protocol Options
Applicability to VPNs
Role of the ISP
Multiprotocol Label Switching (MPLS)
Evolution of Typical ISP Backbone
Attempts at Switching IP Traffic

















Applicability to VPNs
VPN Network and Service Management
Network Management Architecture
Network Management Protocols
Applicable MIBs and Probes
SNMP Issues
VPN Service Management.
Service Level Agreement.
Network Operations Center (NOCs)
Redundancy and Load-balancing
Integration with Existing Security
Survey of VPN Products and Services
Product Categories
Vendor Survey
Factors in Product Selection
Outsourcing Options
Future Trends