-
Virtual Private Networks (VPNs) make it possible to interconnect company sites via public IP networks and enable mobile users to dial in into their corporate networks. To achieve this aim, there are several VPN concepts which are discussed in this course in detail. A further focus is on making VPNs secure. The course will enable the participants to assess the pros and cons of various types of IP-based VPNs and to perform the design and implementation by themselves.
-
Course Contents
-
- Site-to-Site VPNs with IPv4 and IPv6
- GRE and Further Layer 3 Tunnel Protocols
- MPLS VPNs
- Layer 2 Tunnel Protocols for Remote Access VPNs
- Authentication and Authorization
- Voluntary Tunneling and Compulsory Tunneling
- Security in IP VPNs
- Encryption and Data Integrity
- IPsec for Site-to-Site VPNs
- Encapsulating Security Payload (ESP) and Authentication Header (AH)
- IKEv2
- IPsec for Remote Access VPNs
- SSL for Remote Access VPNs
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course addresses network administrators and designers who are responsible for the planning and technical implementation of VPNs on the basis of different tunneling technologies in IPv4 and IPv6 networks. Attendance at this course can be credited for T.I.S.P. recertification.
-
Knowledge Prerequisites
-
Profound network know-how, particularly of the TCP/IP protocol stack and the corresponding addressing and routing concepts, is required. These contents are imparted in the TCP/IP - Protocols, Addressing, Routing course.
| 1 VPN technologies - an introduction |
| 1.1 Why VPNs? |
| 1.1.1 Site-to-site VPNs |
| 1.1.2 Remote access VPNs |
| 1.1.3 Provider solutions |
| 1.1.4 Customer-defined VPNs |
| 1.2 VPN technologies in modern networks |
| 1.2.1 IPv4 VPNs |
| 1.2.2 IPv6 VPNs |
| 1.3 VPNs and security |
| 1.3.1 Security of provider VPNs |
| 1.3.2 Security of customer VPNs |
| 1.4 Planning a VPN solution |
| 1.4.1 Separate VPN gateway |
| 1.4.2 Firewall as VPN gateway |
| 2 Site-to-site VPNs |
| 2.1 MPLS VPNs |
| 2.1.1 The customer connection |
| 2.1.2 Uniqueness of addresses |
| 2.1.3 Directed distribution of routing information |
| 2.1.4 LSP as a tunnel between provider edge routers |
| 2.1.5 Security against attacks |
| 2.1.6 IPv6 VPNs with MPLS |
| 2.2 VPLS - cross-site LANs and VLANs |
| 2.3 Layer 3 tunnels for networks |
| 2.3.1 Tunnel interfaces |
| 2.3.2 Routing in the tunnel |
| 2.3.3 Tunneling IPv4 over IPv4 |
| 2.3.4 Tunneling IPv6 over IPv6 |
| 2.3.5 IPv6 in IPv4 networks |
| 2.3.6 IPv4 in IPv6 networks |
| 2.3.7 Generic Routing Encapsulation (GRE) |
| 2.3.8 IPsec for security |
| 3 Security for VPNs |
| 3.1 IPsec, SSL and Co. - Levels of Security |
| 3.2 What does security mean? |
| 3.3 Symmetric encryption |
| 3.3.1 Lifetime of keys |
| 3.3.2 Distribution of keys |
| 3.4 Data integrity: hash values |
| 3.4.1 Typical properties |
| 3.4.2 Known methods |
| 3.5 Authentication and authenticity |
| 3.5.1 Pre-shared key |
| 3.5.2 Public key procedure |
| 3.6 Certificates |
| 3.6.1 Requesting certificates |
| 3.6.2 Issue certificates |
| 3.6.3 .validity period |
| 3.6.4 Authentication |
| 3.6.5 Authenticity check |
| 3.6.6 Certificate revocation list |
| 3.6.7 Infrastructure |
| 3.6.8 Public PKI |
| 4 IPSec for Site-to-Site VPNs |
| 4.1 The goals of IPSec |
| 4.2 .IPSec - The operating modes |
| 4.2.1 The Transport Mode |
| 4.2.2 The Tunnel Mode |
| 4.3 The basic structure of IPSec |
| 4.3.1 The Authentication Header (AH) |
| 4.3.2 Encapsulating Security Payload (ESP) |
| 4.4 ISAKMP a framework |
| 4.5 Internet Key Exchange |
| 4.5.1 The phases of IKE |
| 4.5.2 The Main Mode |
| 4.5.3 The Quick Mode |
| 4.6 Internet Key Exchange v2 |
| 4.6.1 IKEv2 - The Header |
| 4.6.2 Tunnel structure |
| 4.7 Authentication options for IPsec |
| 4.7.1 Pre Shared Key |
| 4.7.2 Public key |
| 4.8 Connection of remote stations |
| 4.8.1 Problem of incompatibility |
| 4.8.2 Planning authentication |
| 4.8.3 Use of certificates |
| 5 Layer 2 VPNs |
| 5.1 Layer 2 tunnels for dial-in clients |
| 5.1.1 Historically - The dial-in process |
| 5.1.2 The role of PPP |
| 5.1.3 VPDN - Compulsory or Voluntary Tunneling |
| 5.2 Layer 2 tunnel protocols |
| 5.2.1 PPTP in Microsoft networks |
| 5.2.2 L2TP - The IETF Standard |
| 5.3 Security in Layer 2 VPNs |
| 5.3.1 Split tunneling |
| 5.3.2 Layer 2 IP VPNs and IPsec |
| 5.3.3 Secure Socket Tunneling Protocol (SSTP) |
| 6 IPsec RAS VPNs |
| 6.1 Extensions for IKEv1 |
| 6.1.1 The Aggressive Mode |
| 6.1.2 XAUTH - Extended Authentication |
| 6.1.3 Hybrid Authentication |
| 6.1.4 IPsec and dynamic IP address assignment |
| 6.2 IKEv2 in RAS VPNs |
| 6.2.1 Authentication with EAP |
| 6.2.2 Assignment of internal addresses |
| 6.3 Problems with NAT or PAT |
| 6.3.1 AH forbidden |
| 6.3.2 Problems with pseudoheader |
| 6.3.3 IP address as identifier |
| 6.3.4 PAT and key renewal |
| 6.3.5 Problems with applications |
| 6.3.6 NAT Traversal - NAT-T |
| 7 SSL/TLS VPN |
| 7.1 SSL/TLS - Security for TCP |
| 7.1.1 The TLS protocol stack |
| 7.1.2 TLS versions and SSL |
| 7.2 The TLS connection setup |
| 7.2.1 Phase 1 - Say Hello |
| 7.2.2 Phase 2 and 3 - Certificates |
| 7.2.3 Phase 4 - Completion of the handshake |
| 7.2.4 Secure data transmission |
| 7.3 The possibilities with TLS VPNs |
| 7.3.1 Clientless SSL VPN |
| 7.3.2 Plugins as extensions |
| 7.3.3 Tunneling applications |
| 7.3.4 Full tunnel solution |
| 7.4 Concepts for the use of SSL VPNs |
| 7.4.1 Connecting branch offices with TLS |
| 7.4.2 TLS for connecting teleworkers |
| 7.4.3 TLS for mobile users |
| 7.4.4 TLS from the Internet café |
| 7.5 Problems with SSL VPNs |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Virtual Private Networks (VPNs) make it possible to interconnect company sites via public IP networks and enable mobile users to dial in into their corporate networks. To achieve this aim, there are several VPN concepts which are discussed in this course in detail. A further focus is on making VPNs secure. The course will enable the participants to assess the pros and cons of various types of IP-based VPNs and to perform the design and implementation by themselves.
-
Course Contents
-
- Site-to-Site VPNs with IPv4 and IPv6
- GRE and Further Layer 3 Tunnel Protocols
- MPLS VPNs
- Layer 2 Tunnel Protocols for Remote Access VPNs
- Authentication and Authorization
- Voluntary Tunneling and Compulsory Tunneling
- Security in IP VPNs
- Encryption and Data Integrity
- IPsec for Site-to-Site VPNs
- Encapsulating Security Payload (ESP) and Authentication Header (AH)
- IKEv2
- IPsec for Remote Access VPNs
- SSL for Remote Access VPNs
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course addresses network administrators and designers who are responsible for the planning and technical implementation of VPNs on the basis of different tunneling technologies in IPv4 and IPv6 networks. Attendance at this course can be credited for T.I.S.P. recertification.
-
Knowledge Prerequisites
-
Profound network know-how, particularly of the TCP/IP protocol stack and the corresponding addressing and routing concepts, is required. These contents are imparted in the TCP/IP - Protocols, Addressing, Routing course.
| 1 VPN technologies - an introduction |
| 1.1 Why VPNs? |
| 1.1.1 Site-to-site VPNs |
| 1.1.2 Remote access VPNs |
| 1.1.3 Provider solutions |
| 1.1.4 Customer-defined VPNs |
| 1.2 VPN technologies in modern networks |
| 1.2.1 IPv4 VPNs |
| 1.2.2 IPv6 VPNs |
| 1.3 VPNs and security |
| 1.3.1 Security of provider VPNs |
| 1.3.2 Security of customer VPNs |
| 1.4 Planning a VPN solution |
| 1.4.1 Separate VPN gateway |
| 1.4.2 Firewall as VPN gateway |
| 2 Site-to-site VPNs |
| 2.1 MPLS VPNs |
| 2.1.1 The customer connection |
| 2.1.2 Uniqueness of addresses |
| 2.1.3 Directed distribution of routing information |
| 2.1.4 LSP as a tunnel between provider edge routers |
| 2.1.5 Security against attacks |
| 2.1.6 IPv6 VPNs with MPLS |
| 2.2 VPLS - cross-site LANs and VLANs |
| 2.3 Layer 3 tunnels for networks |
| 2.3.1 Tunnel interfaces |
| 2.3.2 Routing in the tunnel |
| 2.3.3 Tunneling IPv4 over IPv4 |
| 2.3.4 Tunneling IPv6 over IPv6 |
| 2.3.5 IPv6 in IPv4 networks |
| 2.3.6 IPv4 in IPv6 networks |
| 2.3.7 Generic Routing Encapsulation (GRE) |
| 2.3.8 IPsec for security |
| 3 Security for VPNs |
| 3.1 IPsec, SSL and Co. - Levels of Security |
| 3.2 What does security mean? |
| 3.3 Symmetric encryption |
| 3.3.1 Lifetime of keys |
| 3.3.2 Distribution of keys |
| 3.4 Data integrity: hash values |
| 3.4.1 Typical properties |
| 3.4.2 Known methods |
| 3.5 Authentication and authenticity |
| 3.5.1 Pre-shared key |
| 3.5.2 Public key procedure |
| 3.6 Certificates |
| 3.6.1 Requesting certificates |
| 3.6.2 Issue certificates |
| 3.6.3 .validity period |
| 3.6.4 Authentication |
| 3.6.5 Authenticity check |
| 3.6.6 Certificate revocation list |
| 3.6.7 Infrastructure |
| 3.6.8 Public PKI |
| 4 IPSec for Site-to-Site VPNs |
| 4.1 The goals of IPSec |
| 4.2 .IPSec - The operating modes |
| 4.2.1 The Transport Mode |
| 4.2.2 The Tunnel Mode |
| 4.3 The basic structure of IPSec |
| 4.3.1 The Authentication Header (AH) |
| 4.3.2 Encapsulating Security Payload (ESP) |
| 4.4 ISAKMP a framework |
| 4.5 Internet Key Exchange |
| 4.5.1 The phases of IKE |
| 4.5.2 The Main Mode |
| 4.5.3 The Quick Mode |
| 4.6 Internet Key Exchange v2 |
| 4.6.1 IKEv2 - The Header |
| 4.6.2 Tunnel structure |
| 4.7 Authentication options for IPsec |
| 4.7.1 Pre Shared Key |
| 4.7.2 Public key |
| 4.8 Connection of remote stations |
| 4.8.1 Problem of incompatibility |
| 4.8.2 Planning authentication |
| 4.8.3 Use of certificates |
| 5 Layer 2 VPNs |
| 5.1 Layer 2 tunnels for dial-in clients |
| 5.1.1 Historically - The dial-in process |
| 5.1.2 The role of PPP |
| 5.1.3 VPDN - Compulsory or Voluntary Tunneling |
| 5.2 Layer 2 tunnel protocols |
| 5.2.1 PPTP in Microsoft networks |
| 5.2.2 L2TP - The IETF Standard |
| 5.3 Security in Layer 2 VPNs |
| 5.3.1 Split tunneling |
| 5.3.2 Layer 2 IP VPNs and IPsec |
| 5.3.3 Secure Socket Tunneling Protocol (SSTP) |
| 6 IPsec RAS VPNs |
| 6.1 Extensions for IKEv1 |
| 6.1.1 The Aggressive Mode |
| 6.1.2 XAUTH - Extended Authentication |
| 6.1.3 Hybrid Authentication |
| 6.1.4 IPsec and dynamic IP address assignment |
| 6.2 IKEv2 in RAS VPNs |
| 6.2.1 Authentication with EAP |
| 6.2.2 Assignment of internal addresses |
| 6.3 Problems with NAT or PAT |
| 6.3.1 AH forbidden |
| 6.3.2 Problems with pseudoheader |
| 6.3.3 IP address as identifier |
| 6.3.4 PAT and key renewal |
| 6.3.5 Problems with applications |
| 6.3.6 NAT Traversal - NAT-T |
| 7 SSL/TLS VPN |
| 7.1 SSL/TLS - Security for TCP |
| 7.1.1 The TLS protocol stack |
| 7.1.2 TLS versions and SSL |
| 7.2 The TLS connection setup |
| 7.2.1 Phase 1 - Say Hello |
| 7.2.2 Phase 2 and 3 - Certificates |
| 7.2.3 Phase 4 - Completion of the handshake |
| 7.2.4 Secure data transmission |
| 7.3 The possibilities with TLS VPNs |
| 7.3.1 Clientless SSL VPN |
| 7.3.2 Plugins as extensions |
| 7.3.3 Tunneling applications |
| 7.3.4 Full tunnel solution |
| 7.4 Concepts for the use of SSL VPNs |
| 7.4.1 Connecting branch offices with TLS |
| 7.4.2 TLS for connecting teleworkers |
| 7.4.3 TLS for mobile users |
| 7.4.4 TLS from the Internet café |
| 7.5 Problems with SSL VPNs |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed with the next booking
Hybrid Training
Trainer language German