Essential Guide!

If you have fixed sites that you want to be secure, you can link the sites with leased lines and lots of simple security that will work well. But that's an expensive approach.

Further, people in your organization probably travel around and need to access confidential data. How can you lift the firewall for that access and still keep intruders out? It's a harder task.

The presence of moving users means that most secure networks will have some component that's going over the Internet. The Internet is not as secure as leased lines, but it's a lot cheaper. So while you're there, how much else can you do with the Internet?

With IPSec VPN Design, any good network engineer will be in a position to make good choices about architecture, hardware and software.

One of the basic limitations is that encryption ties up a lot of hub space while two sites are connected. The tougher the encryption you use, the more hub space is tied up. You can terminate idle connections faster and free up more space that way. You can also employ simpler means of encryption.

One of the book's great strengths is that it assumes that you know about networks, but not about secure networks. So a neophyte in the area can use this helpful guide. I know, because I'm such a neophyte and the book made great sense to me.

Like all the wonderful Cisco guides, this one is filled with figures to show hardware structures, examples with router and message configurations, and helpful tables that show formats.

Chapter 1 is a brief introduction to VPNs.

Chapter 2 is an overview of IPSec explaining algorithms, digital signatures, security protocols ((transport and tunnel modes, encapsulating security headers and authentication headers), key management and security associations (Diffie-Hellman, IKE and IPSec packet processing).

Chapter 3 looks at more detailed features of IPSec such as IKE keepalives, dead peer detection, idle timeouts, IPSec and fragmentation, and IPSec and GRE).

Chapter 4 is an excellent look at authentication and authorization models.

Chapter 5 examines the pros and cons of different IPSec VPN architectures. I liked this chapter best. The choices are more subtle than you think because you can mix and match bits and pieces of architectures to solve specific problems.

Since so many secure public networks involve applications that can't be down, chapter 6 looks in depth at fault tolerance methods.

Chapter 7 offers some time-saving tips on how to use auto-configuration architectures for site-to-site applications.

Chapter 8 examines application interoperability. I found the sections on mixing voice and data to be especially interesting.

In chapter 9, the book concludes with looking at network-based VPNs.

This book will save anyone examining the feasibility of putting secure data over the Internet a lot of mistakes, time and money.

Get this book today!

Other Reviews

• Great for IPV4 - No mention of IPV6
• Falls short on key topics
• Essential Guide!
• A Definitive Design and Deployment Guide