-
Virtual private networks (VPNs) offer the possibility of connecting company locations via public IP networks and allow mobile users to dial into their company network. There are various VPN concepts for this purpose, which are examined in detail in this course. Another focus is on securing VPNs. After attending the course, participants will be able to weigh up the advantages and disadvantages of different types of IP-based VPNs and plan and implement them independently.
-
Course Contents
-
- Site-to-Site VPNs with IPv4 and IPv6
- GRE and Further Layer 3 Tunnel Protocols
- MPLS VPNs
- Layer 2 Tunnel Protocols for Remote Access VPNs
- Authentication and Authorization
- Voluntary Tunneling and Compulsory Tunneling
- Security in IP VPNs
- Encryption and Data Integrity
- IPsec for Site-to-Site VPNs
- Encapsulating Security Payload (ESP) and Authentication Header (AH)
- IKEv2
- IPsec for Remote Access VPNs
- SSL for Remote Access VPNs
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 175,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at network administrators and planners who deal with the conception and technical implementation of VPNs based on different tunneling technologies in IPv4 and IPv6 networks.
-
Knowledge Prerequisites
-
Network know-how, especially in the field of the TCP/IP protocol family and the associated addressing and routing concepts, is required. A good preparation is the course TCP/IP - Protocols, Addressing, Routing.
| 1 VPN technologies - an introduction |
| 1.1 Why VPNs? |
| 1.1.1 Site-to-site VPNs |
| 1.1.2 Remote access VPNs |
| 1.1.3 Provider solutions |
| 1.1.4 Customer-defined VPNs |
| 1.2 VPN technologies in modern networks |
| 1.2.1 IPv4 VPNs |
| 1.2.2 IPv6 VPNs |
| 1.3 VPNs and security |
| 1.3.1 Security of provider VPNs |
| 1.3.2 Security of customer VPNs |
| 1.4 Planning a VPN solution |
| 1.4.1 Separate VPN gateway |
| 1.4.2 Firewall as VPN gateway |
| 2 Site-to-site VPNs |
| 2.1 MPLS VPNs |
| 2.1.1 The customer connection |
| 2.1.2 Uniqueness of addresses |
| 2.1.3 Directed distribution of routing information |
| 2.1.4 LSP as a tunnel between provider edge routers |
| 2.1.5 Security against attacks |
| 2.1.6 IPv6 VPNs with MPLS |
| 2.2 VPLS - cross-site LANs and VLANs |
| 2.3 Layer 3 tunnels for networks |
| 2.3.1 Tunnel interfaces |
| 2.3.2 Routing in the tunnel |
| 2.3.3 Tunneling IPv4 over IPv4 |
| 2.3.4 Tunneling IPv6 over IPv6 |
| 2.3.5 IPv6 in IPv4 networks |
| 2.3.6 IPv4 in IPv6 networks |
| 2.3.7 Generic Routing Encapsulation (GRE) |
| 2.3.8 IPsec for security |
| 3 Security for VPNs |
| 3.1 IPsec, SSL and Co. - Levels of Security |
| 3.2 What does security mean? |
| 3.3 Symmetric encryption |
| 3.3.1 Lifetime of keys |
| 3.3.2 Distribution of keys |
| 3.4 Data integrity: hash values |
| 3.4.1 Typical properties |
| 3.4.2 Known methods |
| 3.5 Authentication and authenticity |
| 3.5.1 Pre-shared key |
| 3.5.2 Public key procedure |
| 3.6 Certificates |
| 3.6.1 Requesting certificates |
| 3.6.2 Issue certificates |
| 3.6.3 .validity period |
| 3.6.4 Authentication |
| 3.6.5 Authenticity check |
| 3.6.6 Certificate revocation list |
| 3.6.7 Infrastructure |
| 3.6.8 Public PKI |
| 4 IPSec for Site-to-Site VPNs |
| 4.1 The goals of IPSec |
| 4.2 .IPSec - The operating modes |
| 4.2.1 The Transport Mode |
| 4.2.2 The Tunnel Mode |
| 4.3 The basic structure of IPSec |
| 4.3.1 The Authentication Header (AH) |
| 4.3.2 Encapsulating Security Payload (ESP) |
| 4.4 ISAKMP a framework |
| 4.5 Internet Key Exchange |
| 4.5.1 The phases of IKE |
| 4.5.2 The Main Mode |
| 4.5.3 The Quick Mode |
| 4.6 Internet Key Exchange v2 |
| 4.6.1 IKEv2 - The Header |
| 4.6.2 Tunnel structure |
| 4.7 Authentication options for IPsec |
| 4.7.1 Pre Shared Key |
| 4.7.2 Public key |
| 4.8 Connection of remote stations |
| 4.8.1 Problem of incompatibility |
| 4.8.2 Planning authentication |
| 4.8.3 Use of certificates |
| 5 Layer 2 VPNs |
| 5.1 Layer 2 tunnels for dial-in clients |
| 5.1.1 Historically - The dial-in process |
| 5.1.2 The role of PPP |
| 5.1.3 VPDN - Compulsory or Voluntary Tunneling |
| 5.2 Layer 2 tunnel protocols |
| 5.2.1 PPTP in Microsoft networks |
| 5.2.2 L2TP - The IETF Standard |
| 5.3 Security in Layer 2 VPNs |
| 5.3.1 Split tunneling |
| 5.3.2 Layer 2 IP VPNs and IPsec |
| 5.3.3 Secure Socket Tunneling Protocol (SSTP) |
| 6 IPsec RAS VPNs |
| 6.1 Extensions for IKEv1 |
| 6.1.1 The Aggressive Mode |
| 6.1.2 XAUTH - Extended Authentication |
| 6.1.3 Hybrid Authentication |
| 6.1.4 IPsec and dynamic IP address assignment |
| 6.2 IKEv2 in RAS VPNs |
| 6.2.1 Authentication with EAP |
| 6.2.2 Assignment of internal addresses |
| 6.3 Problems with NAT or PAT |
| 6.3.1 AH forbidden |
| 6.3.2 Problems with pseudoheader |
| 6.3.3 IP address as identifier |
| 6.3.4 PAT and key renewal |
| 6.3.5 Problems with applications |
| 6.3.6 NAT Traversal - NAT-T |
| 7 SSL/TLS VPN |
| 7.1 SSL/TLS - Security for TCP |
| 7.1.1 The TLS protocol stack |
| 7.1.2 TLS versions and SSL |
| 7.2 The TLS connection setup |
| 7.2.1 Phase 1 - Say Hello |
| 7.2.2 Phase 2 and 3 - Certificates |
| 7.2.3 Phase 4 - Completion of the handshake |
| 7.2.4 Secure data transmission |
| 7.3 The possibilities with TLS VPNs |
| 7.3.1 Clientless SSL VPN |
| 7.3.2 Plugins as extensions |
| 7.3.3 Tunneling applications |
| 7.3.4 Full tunnel solution |
| 7.4 Concepts for the use of SSL VPNs |
| 7.4.1 Connecting branch offices with TLS |
| 7.4.2 TLS for connecting teleworkers |
| 7.4.3 TLS for mobile users |
| 7.4.4 TLS from the Internet café |
| 7.5 Problems with SSL VPNs |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Virtual private networks (VPNs) offer the possibility of connecting company locations via public IP networks and allow mobile users to dial into their company network. There are various VPN concepts for this purpose, which are examined in detail in this course. Another focus is on securing VPNs. After attending the course, participants will be able to weigh up the advantages and disadvantages of different types of IP-based VPNs and plan and implement them independently.
-
Course Contents
-
- Site-to-Site VPNs with IPv4 and IPv6
- GRE and Further Layer 3 Tunnel Protocols
- MPLS VPNs
- Layer 2 Tunnel Protocols for Remote Access VPNs
- Authentication and Authorization
- Voluntary Tunneling and Compulsory Tunneling
- Security in IP VPNs
- Encryption and Data Integrity
- IPsec for Site-to-Site VPNs
- Encapsulating Security Payload (ESP) and Authentication Header (AH)
- IKEv2
- IPsec for Remote Access VPNs
- SSL for Remote Access VPNs
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 175,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at network administrators and planners who deal with the conception and technical implementation of VPNs based on different tunneling technologies in IPv4 and IPv6 networks.
-
Knowledge Prerequisites
-
Network know-how, especially in the field of the TCP/IP protocol family and the associated addressing and routing concepts, is required. A good preparation is the course TCP/IP - Protocols, Addressing, Routing.
| 1 VPN technologies - an introduction |
| 1.1 Why VPNs? |
| 1.1.1 Site-to-site VPNs |
| 1.1.2 Remote access VPNs |
| 1.1.3 Provider solutions |
| 1.1.4 Customer-defined VPNs |
| 1.2 VPN technologies in modern networks |
| 1.2.1 IPv4 VPNs |
| 1.2.2 IPv6 VPNs |
| 1.3 VPNs and security |
| 1.3.1 Security of provider VPNs |
| 1.3.2 Security of customer VPNs |
| 1.4 Planning a VPN solution |
| 1.4.1 Separate VPN gateway |
| 1.4.2 Firewall as VPN gateway |
| 2 Site-to-site VPNs |
| 2.1 MPLS VPNs |
| 2.1.1 The customer connection |
| 2.1.2 Uniqueness of addresses |
| 2.1.3 Directed distribution of routing information |
| 2.1.4 LSP as a tunnel between provider edge routers |
| 2.1.5 Security against attacks |
| 2.1.6 IPv6 VPNs with MPLS |
| 2.2 VPLS - cross-site LANs and VLANs |
| 2.3 Layer 3 tunnels for networks |
| 2.3.1 Tunnel interfaces |
| 2.3.2 Routing in the tunnel |
| 2.3.3 Tunneling IPv4 over IPv4 |
| 2.3.4 Tunneling IPv6 over IPv6 |
| 2.3.5 IPv6 in IPv4 networks |
| 2.3.6 IPv4 in IPv6 networks |
| 2.3.7 Generic Routing Encapsulation (GRE) |
| 2.3.8 IPsec for security |
| 3 Security for VPNs |
| 3.1 IPsec, SSL and Co. - Levels of Security |
| 3.2 What does security mean? |
| 3.3 Symmetric encryption |
| 3.3.1 Lifetime of keys |
| 3.3.2 Distribution of keys |
| 3.4 Data integrity: hash values |
| 3.4.1 Typical properties |
| 3.4.2 Known methods |
| 3.5 Authentication and authenticity |
| 3.5.1 Pre-shared key |
| 3.5.2 Public key procedure |
| 3.6 Certificates |
| 3.6.1 Requesting certificates |
| 3.6.2 Issue certificates |
| 3.6.3 .validity period |
| 3.6.4 Authentication |
| 3.6.5 Authenticity check |
| 3.6.6 Certificate revocation list |
| 3.6.7 Infrastructure |
| 3.6.8 Public PKI |
| 4 IPSec for Site-to-Site VPNs |
| 4.1 The goals of IPSec |
| 4.2 .IPSec - The operating modes |
| 4.2.1 The Transport Mode |
| 4.2.2 The Tunnel Mode |
| 4.3 The basic structure of IPSec |
| 4.3.1 The Authentication Header (AH) |
| 4.3.2 Encapsulating Security Payload (ESP) |
| 4.4 ISAKMP a framework |
| 4.5 Internet Key Exchange |
| 4.5.1 The phases of IKE |
| 4.5.2 The Main Mode |
| 4.5.3 The Quick Mode |
| 4.6 Internet Key Exchange v2 |
| 4.6.1 IKEv2 - The Header |
| 4.6.2 Tunnel structure |
| 4.7 Authentication options for IPsec |
| 4.7.1 Pre Shared Key |
| 4.7.2 Public key |
| 4.8 Connection of remote stations |
| 4.8.1 Problem of incompatibility |
| 4.8.2 Planning authentication |
| 4.8.3 Use of certificates |
| 5 Layer 2 VPNs |
| 5.1 Layer 2 tunnels for dial-in clients |
| 5.1.1 Historically - The dial-in process |
| 5.1.2 The role of PPP |
| 5.1.3 VPDN - Compulsory or Voluntary Tunneling |
| 5.2 Layer 2 tunnel protocols |
| 5.2.1 PPTP in Microsoft networks |
| 5.2.2 L2TP - The IETF Standard |
| 5.3 Security in Layer 2 VPNs |
| 5.3.1 Split tunneling |
| 5.3.2 Layer 2 IP VPNs and IPsec |
| 5.3.3 Secure Socket Tunneling Protocol (SSTP) |
| 6 IPsec RAS VPNs |
| 6.1 Extensions for IKEv1 |
| 6.1.1 The Aggressive Mode |
| 6.1.2 XAUTH - Extended Authentication |
| 6.1.3 Hybrid Authentication |
| 6.1.4 IPsec and dynamic IP address assignment |
| 6.2 IKEv2 in RAS VPNs |
| 6.2.1 Authentication with EAP |
| 6.2.2 Assignment of internal addresses |
| 6.3 Problems with NAT or PAT |
| 6.3.1 AH forbidden |
| 6.3.2 Problems with pseudoheader |
| 6.3.3 IP address as identifier |
| 6.3.4 PAT and key renewal |
| 6.3.5 Problems with applications |
| 6.3.6 NAT Traversal - NAT-T |
| 7 SSL/TLS VPN |
| 7.1 SSL/TLS - Security for TCP |
| 7.1.1 The TLS protocol stack |
| 7.1.2 TLS versions and SSL |
| 7.2 The TLS connection setup |
| 7.2.1 Phase 1 - Say Hello |
| 7.2.2 Phase 2 and 3 - Certificates |
| 7.2.3 Phase 4 - Completion of the handshake |
| 7.2.4 Secure data transmission |
| 7.3 The possibilities with TLS VPNs |
| 7.3.1 Clientless SSL VPN |
| 7.3.2 Plugins as extensions |
| 7.3.3 Tunneling applications |
| 7.3.4 Full tunnel solution |
| 7.4 Concepts for the use of SSL VPNs |
| 7.4.1 Connecting branch offices with TLS |
| 7.4.2 TLS for connecting teleworkers |
| 7.4.3 TLS for mobile users |
| 7.4.4 TLS from the Internet café |
| 7.5 Problems with SSL VPNs |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed with the next booking
Hybrid Training
Trainer language German