Download - Expl WAN Chapter 6 Teleworker
-
7/21/2019 Expl WAN Chapter 6 Teleworker
1/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
2/62
CCNA4-2 Chapter 6
Teleworker ServicesTeleworker Services
Business RequirementsBusiness Requirementsor Teleworkersor Teleworkers
-
7/21/2019 Expl WAN Chapter 6 Teleworker
3/62
CCNA4-! Chapter 6
Business Requirements or TeleworkersBusiness Requirements or Teleworkers
"r#ani$ational Beneits%"r#ani$ational Beneits%& Continuit' o operations(Continuit' o operations(
& )ncrease* responsiveness()ncrease* responsiveness(
& Secure+ relia,le an* mana#ea,le access to inormation(Secure+ relia,le an* mana#ea,le access to inormation(
& Cost-eective inte#ration o voice+ vi*eo an* *ata(Cost-eective inte#ration o voice+ vi*eo an* *ata(
& )ncrease* emplo'ee pro*uctivit'+ satisaction an* retention()ncrease* emplo'ee pro*uctivit'+ satisaction an* retention(
Social%Social%
& )ncrease* emplo'ment opportunities()ncrease* emplo'ment opportunities(
& ess travel an* commuter relate* stress(ess travel an* commuter relate* stress(
.nvironmental%.nvironmental%
& Smaller car,on ootprint(Smaller car,on ootprint(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
4/62
CCNA4-4 Chapter 6
The Teleworker SolutionThe Teleworker Solution
Tra*itional+ private /AN technolo#ies%Tra*itional+ private /AN technolo#ies%& 0rame Rela'+ AT+ ease* ines0rame Rela'+ AT+ ease* ines
-
7/21/2019 Expl WAN Chapter 6 Teleworker
5/62
CCNA4- Chapter 6
The Teleworker SolutionThe Teleworker Solution
)3sec irtual 3rivate Networks 53N%)3sec irtual 3rivate Networks 53N%& 0le7i,le+ scala,le connectivit'(0le7i,le+ scala,le connectivit'(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
6/62
CCNA4-6 Chapter 6
The Teleworker SolutionThe Teleworker Solution
)3sec irtual 3rivate Networks 53N%)3sec irtual 3rivate Networks 53N%& 0le7i,le+ scala,le connectivit'(0le7i,le+ scala,le connectivit'(
Site to site is secureSite to site is secureast an* relia,le(ast an* relia,le( ost common option(ost common option(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
7/62CCNA4-8 Chapter 6
The Teleworker SolutionThe Teleworker Solution
Broa*,an* Connections%Broa*,an* Connections%& 9S+ Ca,le+ /ireless+ Satellite(9S+ Ca,le+ /ireless+ Satellite(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
8/62CCNA4-: Chapter 6
The Teleworker SolutionThe Teleworker Solution
Broa*,an* Connections%Broa*,an* Connections%& 9S+ Ca,le+ /ireless+ Satellite(9S+ Ca,le+ /ireless+ Satellite(
& Broa*,an*Broa*,an*reers to a*vance* communicationsreers to a*vance* communications
s'stems capa,le o provi*in# hi#h-spee* transmissions'stems capa,le o provi*in# hi#h-spee* transmission
o services over the )nternet an* other networks(o services over the )nternet an* other networks(& Transmission spee*s t'picall' e7cee* 2;;+;;; ,its perTransmission spee*s t'picall' e7cee* 2;;+;;; ,its per
secon* in at least one *irection%secon* in at least one *irection%
& 9ownstream%9ownstream%
& 0rom the )nternet to the user
-
7/21/2019 Expl WAN Chapter 6 Teleworker
9/62CCNA4-> Chapter 6
The Teleworker SolutionThe Teleworker Solution
Broa*,an* vs( Base,an*%Broa*,an* vs( Base,an*%& Base,an*%Base,an*%
& "nl' one si#nal on the wire at once("nl' one si#nal on the wire at once(
& a' use Time 9ivision ultiple7in# 5T9a' use Time 9ivision ultiple7in# 5T9
& .thernet networks(.thernet networks(
& Broa*,an*%Broa*,an*%
& ultiple si#nals on the same line(ultiple si#nals on the same line(
& 0requenc' 9ivision ultiple7in#(0requenc' 9ivision ultiple7in#(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
10/62CCNA4-1; Chapter 6
The Teleworker SolutionThe Teleworker Solution
Components%Components%
3N Router or3N Router or
3N client(3N client(
Ca,le+ 9SCa,le+ 9S
Router nee*s ?oSRouter nee*s ?oS
3N capa,le routers3N capa,le routers
3N concentrators3N concentrators
Securit' appliances%Securit' appliances%
5TACACS+ Ra*ius5TACACS+ Ra*ius
-
7/21/2019 Expl WAN Chapter 6 Teleworker
11/62CCNA4-11 Chapter 6
The Teleworker SolutionThe Teleworker Solution
Components%Components%& The encr'pte*The encr'pte*
3N tunnel3N tunnel
is the heart ois the heart o
secure an*secure an*relia,le teleworker connections(relia,le teleworker connections(
& irtual 3rivate Network 53N%irtual 3rivate Network 53N%
& A private *ata network that uses the pu,licA private *ata network that uses the pu,lic
telecommunication inrastructure( 3N securit'telecommunication inrastructure( 3N securit'maintains privac' usin# a tunnelin# protocol an*maintains privac' usin# a tunnelin# protocol an*
securit' proce*ures(securit' proce*ures(
& TheThe )3sec 5)3 Securit')3sec 5)3 Securit'tunnelin# protocol is the avore*tunnelin# protocol is the avore*
approach to ,uil*in# secure 3N tunnels(approach to ,uil*in# secure 3N tunnels(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
12/62CCNA4-12 Chapter 6
Teleworker ServicesTeleworker Services
Broa*,an* ServicesBroa*,an* Services
-
7/21/2019 Expl WAN Chapter 6 Teleworker
13/62CCNA4-1! Chapter 6
Connectin# Teleworkers to the /ANConnectin# Teleworkers to the /AN
9ialup Access%9ialup Access%& )ne7pensive usin# e7istin# telephone lines()ne7pensive usin# e7istin# telephone lines(
& The slowest option+ it is t'picall' use* ,' mo,ile workersThe slowest option+ it is t'picall' use* ,' mo,ile workers
in areas where hi#h spee* connection are not availa,le(in areas where hi#h spee* connection are not availa,le(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
14/62CCNA4-14 Chapter 6
Connectin# Teleworkers to the /ANConnectin# Teleworkers to the /AN
9S Access%9S Access%& 9S also uses telephone lines(9S also uses telephone lines(
& A 9S mo*em separates the 9S si#nal rom theA 9S mo*em separates the 9S si#nal rom the
telephone si#nal(telephone si#nal(
& 3rovi*es an .thernet connection to a host computer or3rovi*es an .thernet connection to a host computer orAN(AN(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
15/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
16/62
CCNA4-16 Chapter 6
Satellite Access%Satellite Access%& The computer connects to a satellite mo*em thatThe computer connects to a satellite mo*em that
transmits ra*io si#nals to the nearest point o presencetransmits ra*io si#nals to the nearest point o presence
within the satellite network(within the satellite network(
& 3rovi*es an .thernet connection to a host computer(3rovi*es an .thernet connection to a host computer(
Connectin# Teleworkers to the /ANConnectin# Teleworkers to the /AN
-
7/21/2019 Expl WAN Chapter 6 Teleworker
17/62
CCNA4-18 Chapter 6
The @ca,le in ca,le s'stem reers to the coa7ial ca,le thatThe @ca,le in ca,le s'stem reers to the coa7ial ca,le thatcarries ra*io requenc' 5R0 si#nals across the network(carries ra*io requenc' 5R0 si#nals across the network(
A t'pical ca,le operator now uses a satellite *ish orA t'pical ca,le operator now uses a satellite *ish or
microwave s'stem to #ather T si#nals(microwave s'stem to #ather T si#nals(
.arl' s'stems were.arl' s'stems were one-wa'one-wa'with casca*in# ampliierswith casca*in# ampliiersplace* in series alon# the network to compensate or si#nalplace* in series alon# the network to compensate or si#nal
loss(loss(
o*ern ca,le s'stems provi*eo*ern ca,le s'stems provi*e two-wa'two-wa'communicationcommunication
,etween su,scri,ers an* the ca,le operator(,etween su,scri,ers an* the ca,le operator(& Ca,le operators now oer customers hi#h-spee* )nternetCa,le operators now oer customers hi#h-spee* )nternet
access+ *i#ital ca,le television+ an* resi*ential telephoneaccess+ *i#ital ca,le television+ an* resi*ential telephone
service(service(
Ca,leCa,le
-
7/21/2019 Expl WAN Chapter 6 Teleworker
18/62
CCNA4-1: Chapter 6
Ca,leCa,le
ain receivin#ain receivin#
antennas an* *ishes(antennas an* *ishes(
/here si#nals/here si#nals
are processe*are processe*
an* *istri,ute*(an* *istri,ute*(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
19/62
CCNA4-1> Chapter 6
.lectroma#netic Spectrum%.lectroma#netic Spectrum%
& The ca,le T in*ustr' uses a portion o the R0The ca,le T in*ustr' uses a portion o the R0
electroma#netic spectrum(electroma#netic spectrum(
Si#nals are transmitte* simultaneousl' in either *irection(Si#nals are transmitte* simultaneousl' in either *irection(
9ivi*e* into two paths%9ivi*e* into two paths%
& 9ownstream%9ownstream% ea*en* to Su,scri,er 5:1; $(ea*en* to Su,scri,er 5:1; $(
& =pstream%=pstream% Su,scri,er to ea*en* 5!8 $(Su,scri,er to ea*en* 5!8 $(
Ca,leCa,le
-
7/21/2019 Expl WAN Chapter 6 Teleworker
20/62
CCNA4-2; Chapter 6
9"CS)S%9"CS)S%
& The 9ata-over-Ca,le Service )nterace SpeciicationThe 9ata-over-Ca,le Service )nterace Speciication
59"CS)S59"CS)Sis an international stan*ar* *evelope* ,'is an international stan*ar* *evelope* ,'
Ca,lea,Ca,lea,s(s(
& A non-proit research an* *evelopment consortium orA non-proit research an* *evelopment consortium orca,le-relate* technolo#ies(ca,le-relate* technolo#ies(
& Ca,lea,s tests an* certiies ca,le equipment ven*orCa,lea,s tests an* certiies ca,le equipment ven*or
*evices%*evices%
& Ca,le mo*ems(Ca,le mo*ems(
& Ca,le mo*em termination s'stems(Ca,le mo*em termination s'stems(
& rants 9"CS)S-certiie* or qualiie* status(rants 9"CS)S-certiie* or qualiie* status(
& .uro-9"CS)S%.uro-9"CS)S%A*apte* or use in .urope with *ierentA*apte* or use in .urope with *ierent
stan*ar*s(stan*ar*s(
Ca,leCa,le
-
7/21/2019 Expl WAN Chapter 6 Teleworker
21/62
CCNA4-21 Chapter 6
9"CS)S%9"CS)S%
& 9"CS)S speciies the "pen S'stems )nterconnection9"CS)S speciies the "pen S'stems )nterconnection
5"S) a'ers 1 an* 2 requirements(5"S) a'ers 1 an* 2 requirements(
Ca,leCa,le
Channel Bandwidths Mbits/s
Release =pstream 9ownstream
9"CS)S 1(; !: 1;
9"CS)S 2(; 4; !;
9"CS)S !(; 16; 12;
Access metho* re#ar*in#Access metho* re#ar*in#
the multiple7in# o si#nals(the multiple7in# o si#nals(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
22/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
23/62
CCNA4-2! Chapter 6
9eliverin# Services "ver Ca,le%9eliverin# Services "ver Ca,le%
Ca,leCa,le
Share* ,an*wi*th can ,e a*Duste* or con#estion(Share* ,an*wi*th can ,e a*Duste* or con#estion(
',ri* 0i,er-Coa7ial Network 50C',ri* 0i,er-Coa7ial Network 50C
-
7/21/2019 Expl WAN Chapter 6 Teleworker
24/62
CCNA4-24 Chapter 6
9S9S is a means o provi*in# hi#h-spee* connections overis a means o provi*in# hi#h-spee* connections overinstalle* copper wires(installe* copper wires(
& A t'pical phone line can han*le si#nals up to 1 $(A t'pical phone line can han*le si#nals up to 1 $(
& A t'pical phone conversation uses romA t'pical phone conversation uses rom
!;; $ to ! k$(!;; $ to ! k$(& The a**itional ,an*wi*th is use* or 9S(The a**itional ,an*wi*th is use* or 9S(
9i#ital Su,scri,er ine 59S9i#ital Su,scri,er ine 59S
-
7/21/2019 Expl WAN Chapter 6 Teleworker
25/62
CCNA4-2 Chapter 6
The two ,asic t'pes o 9SThe two ,asic t'pes o 9Stechnolo#ies are as'mmetrictechnolo#ies are as'mmetric
5A9S an* s'mmetric 5S9S(5A9S an* s'mmetric 5S9S(
& All orms o 9S serviceAll orms o 9S service
are cate#ori$e* as A9S or S9S+ an* there are severalare cate#ori$e* as A9S or S9S+ an* there are severalvarieties o each t'pe(varieties o each t'pe(
& A9SA9Sprovi*es hi#her *ownstream ,an*wi*th to the userprovi*es hi#her *ownstream ,an*wi*th to the user
than uploa* ,an*wi*th(than uploa* ,an*wi*th(
& S9SS9S provi*es the same capacit' in ,oth *irections(provi*es the same capacit' in ,oth *irections(
9i#ital Su,scri,er ine 59S9i#ital Su,scri,er ine 59S
-
7/21/2019 Expl WAN Chapter 6 Teleworker
26/62
CCNA4-26 Chapter 6
9i#ital Su,scri,er ine 59S - Connections9i#ital Su,scri,er ine 59S - Connections
9S is not a share* me*ium(9S is not a share* me*ium(
oice an* *ata over the same copper telephone line(oice an* *ata over the same copper telephone line(
9S mo*em+9S mo*em+
router(router(
9emarc%9emarc% NetworkNetwork
)nterace 9evice)nterace 9evice((
9S Access9S Access
ultiple7erultiple7er
-
7/21/2019 Expl WAN Chapter 6 Teleworker
27/62
CCNA4-28 Chapter 6
/ireless networkin#+ or/ireless networkin#+ or/i-0i+ has improve* the/i-0i+ has improve* the
connectivit' situation+ notconnectivit' situation+ not
onl' in the S""+ ,ut alsoonl' in the S""+ ,ut also
on enterprise campuses(on enterprise campuses(
=sin# :;2(11 networkin#=sin# :;2(11 networkin#
stan*ar*s+ *ata travelsstan*ar*s+ *ata travels
usin# the unlicense* ra*iousin# the unlicense* ra*io
spectrum(spectrum(
ost ra*io an* Tost ra*io an* T
transmissions aretransmissions are
#overnment re#ulate* an* require a license to use(#overnment re#ulate* an* require a license to use(
Broa*,an* /irelessBroa*,an* /ireless
-
7/21/2019 Expl WAN Chapter 6 Teleworker
28/62
CCNA4-2: Chapter 6
=ntil recentl'+ a si#niicant limitation o wireless access has=ntil recentl'+ a si#niicant limitation o wireless access has,een the nee* to ,e,een the nee* to ,e within the local transmission ran#ewithin the local transmission ran#e
5t'picall' less than 1;; eet o a wireless router or wireless5t'picall' less than 1;; eet o a wireless router or wireless
access point that has a wire* connection to the )nternet(access point that has a wire* connection to the )nternet(
"nce a worker let the oice or home+ wireless access was"nce a worker let the oice or home+ wireless access wasnot rea*il' availa,le(not rea*il' availa,le(
New *evelopments in ,roa*,an* wireless technolo#' areNew *evelopments in ,roa*,an* wireless technolo#' are
increasin# wireless availa,ilit'(increasin# wireless availa,ilit'(
& unicipal /i-0iunicipal /i-0i& /iAE/iAE
& Satellite )nternetSatellite )nternet
Broa*,an* /irelessBroa*,an* /ireless
-
7/21/2019 Expl WAN Chapter 6 Teleworker
29/62
CCNA4-2> Chapter 6
unicipal /i-0i%unicipal /i-0i%
& ost municipal wireless networks use aost municipal wireless networks use a mesh topolo#'mesh topolo#'
rather than a hu,-an*-spoke mo*el(rather than a hu,-an*-spoke mo*el(
& The mesh ,lanketsThe mesh ,lankets
its area with ra*ioits area with ra*iosi#nals(si#nals(
& Si#nals travel romSi#nals travel rom
access point toaccess point to
access point throu#haccess point throu#h
this clou*(this clou*(
& )nstallation easier()nstallation easier(
& 0aster *eplo'ment(0aster *eplo'ment(
& ore relia,le(ore relia,le(
Broa*,an* /irelessBroa*,an* /ireless
-
7/21/2019 Expl WAN Chapter 6 Teleworker
30/62
CCNA4-!; Chapter 6
/iAE%/iAE%
& /iAE/iAE 5/orl*wi*e )nteropera,ilit' or icrowave5/orl*wi*e )nteropera,ilit' or icrowave
AccessAccessis telecommunications technolo#' aime* atis telecommunications technolo#' aime* at
provi*in# wireless *ata over lon# *istances in a variet' oprovi*in# wireless *ata over lon# *istances in a variet' o
wa's(wa's(& /iAE operates at/iAE operates at hi#her spee*s+ over #reaterhi#her spee*s+ over #reater
*istances*istances+ an* or a+ an* or a #reater num,er o users#reater num,er o usersthan /i-0i(than /i-0i(
& Because o its hi#her spee* 5,an*wi*th an* allin#Because o its hi#her spee* 5,an*wi*th an* allin#
component prices+ the /iAE will soon supplantcomponent prices+ the /iAE will soon supplantmunicipal mesh networks or wireless *eplo'ments(municipal mesh networks or wireless *eplo'ments(
Broa*,an* /irelessBroa*,an* /ireless
-
7/21/2019 Expl WAN Chapter 6 Teleworker
31/62
CCNA4-!1 Chapter 6
/iAE%/iAE%
Broa*,an* /irelessBroa*,an* /ireless
Two mainTwo main
componentscomponents
!+;;; sq( miles!+;;; sq( miles
8+;; sq( km8+;; sq( km
Connects *irectl'Connects *irectl'to the )S3(to the )S3(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
32/62
CCNA4-!2 Chapter 6
Satellite )nternet%Satellite )nternet%
& Satellite )nternet services are use* in locations where lan*-Satellite )nternet services are use* in locations where lan*-
,ase* )nternet access is not availa,le+ or or temporar',ase* )nternet access is not availa,le+ or or temporar'
installations that are continuall' on the move(installations that are continuall' on the move(
& There are ! wa's to connect to )nternet usin# satellites%There are ! wa's to connect to )nternet usin# satellites%& "ne-wa' multicast"ne-wa' multicast are use* or )3 multicast-,ase* *ata+are use* or )3 multicast-,ase* *ata+
au*io+ an* vi*eo *istri,ution(au*io+ an* vi*eo *istri,ution(
& "ne-wa' terrestrial return"ne-wa' terrestrial returnuse tra*itional *ialup accessuse tra*itional *ialup access
to sen* out,oun* *ata throu#h a mo*em an* receiveto sen* out,oun* *ata throu#h a mo*em an* receive*ownloa*s rom the satellite(*ownloa*s rom the satellite(
& Two-wa' satelliteTwo-wa' satellitesen*s *ata rom remote sites viasen*s *ata rom remote sites via
satellite to a hu,( The hu, then sen*s the *ata to thesatellite to a hu,( The hu, then sen*s the *ata to the
)nternet()nternet(
Broa*,an* /irelessBroa*,an* /ireless
-
7/21/2019 Expl WAN Chapter 6 Teleworker
33/62
CCNA4-!! Chapter 6
Two-wa' Satellite )nternet%Two-wa' Satellite )nternet%
Broa*,an* /irelessBroa*,an* /ireless
The ke' installation requirement is or theThe ke' installation requirement is or the
antenna to have a clear view towar* the equator(antenna to have a clear view towar* the equator(
Two-wa' satellite )nternet uses )3 multicastin# technolo#'(Two-wa' satellite )nternet uses )3 multicastin# technolo#'(
Allows one satellite to serve up to +;;; channels(Allows one satellite to serve up to +;;; channels(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
34/62
CCNA4-!4 Chapter 6
Teleworker ServicesTeleworker Services
irtual 3rivate Network 53Nirtual 3rivate Network 53NTechnolo#'Technolo#'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
35/62
CCNA4-! Chapter 6
/hat is a 3NF/hat is a 3NF
& A VPN creates a private network over a public networkA VPN creates a private network over a public network
infrastructure while maintaining confidentiality andinfrastructure while maintaining confidentiality and
security.security.
& 3Ns use3Ns use cr'pto#raphic tunnelin# protocolscr'pto#raphic tunnelin# protocolsto provi*eto provi*eprotection a#ainst packet sniin#+ sen*er authentication+protection a#ainst packet sniin#+ sen*er authentication+
an* messa#e inte#rit'(an* messa#e inte#rit'(
& "r#ani$ations use 3Ns"r#ani$ations use 3Ns
to provi*eto provi*e a virtual /ANa virtual /ANthat connects ,ranch orthat connects ,ranch or
home oices+ ,usinesshome oices+ ,usiness
partner sites+ an* remotepartner sites+ an* remote
telecommuters(telecommuters(
3Ns an* Their Beneits3Ns an* Their Beneits
-
7/21/2019 Expl WAN Chapter 6 Teleworker
36/62
CCNA4-!6 Chapter 6
Beneits%Beneits%& Cost Savin#s%Cost Savin#s%
& "r#ani$ations can use"r#ani$ations can use cost-eective+ thir*-part' )nternetcost-eective+ thir*-part' )nternet
transporttransportto connect remote oices an* users to the mainto connect remote oices an* users to the main
corporate site( This eliminates e7pensive *e*icate* /ANcorporate site( This eliminates e7pensive *e*icate* /ANlinks an* mo*em ,anks(links an* mo*em ,anks(
& Securit'%Securit'%
& A*vance*A*vance* encr'ption an* authentication protocolsencr'ption an* authentication protocolsprotectprotect
*ata rom unauthori$e* access(*ata rom unauthori$e* access(
& Scala,ilit'%Scala,ilit'%
& "r#ani$ations+ ,i# an* small+ are"r#ani$ations+ ,i# an* small+ are a,le to a** lar#ea,le to a** lar#e
amounts o capacit'amounts o capacit' without a**in# si#niicantwithout a**in# si#niicant
inrastructure(inrastructure(
3Ns an* Their Beneits3Ns an* Their Beneits
-
7/21/2019 Expl WAN Chapter 6 Teleworker
37/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
38/62
CCNA4-!: Chapter 6
Site-to-site 3N%Site-to-site 3N%
& )n a site-to-site 3N+ hosts sen* an* receive TC3G)3)n a site-to-site 3N+ hosts sen* an* receive TC3G)3
traictraic throu#h a 3N #atewa'throu#h a 3N #atewa'((
& The 3N #atewa'The 3N #atewa' encapsulates an* encr'ptsencapsulates an* encr'ptsout,oun*out,oun*
traic an* sen*s it throu#h a 3N tunnel(traic an* sen*s it throu#h a 3N tunnel(& "n receipt+ the"n receipt+ the
peer 3Npeer 3N
#atewa'#atewa' stripsstrips
the hea*ers+the hea*ers+*ecr'pts*ecr'ptsthethe
content an*content an*
rela's therela's the
packet(packet(
T'pes o 3NsT'pes o 3Ns
-
7/21/2019 Expl WAN Chapter 6 Teleworker
39/62
CCNA4-!> Chapter 6
Remote Access 3N%Remote Access 3N%
& Support the nee*s o telecommuters+ mo,ile users+ asSupport the nee*s o telecommuters+ mo,ile users+ as
well as e7tranet consumer-to-,usiness(well as e7tranet consumer-to-,usiness(
T'pes o 3NsT'pes o 3Ns
3N Concentrator+3N Concentrator+0irewall or router(0irewall or router(
-
7/21/2019 Expl WAN Chapter 6 Teleworker
40/62
CCNA4-4; Chapter 6
Remote Access 3N%Remote Access 3N%& Support the nee*s o telecommuters+ mo,ile users+ asSupport the nee*s o telecommuters+ mo,ile users+ as
well as e7tranet consumer-to-,usiness(well as e7tranet consumer-to-,usiness(
& .ach host t'picall' has 3N client sotware(.ach host t'picall' has 3N client sotware(
& The sotware encapsulates an* encr'pts that traic ,eoreThe sotware encapsulates an* encr'pts that traic ,eoresen*in# it over the )nternet(sen*in# it over the )nternet(
& "n receipt+ the"n receipt+ the
3N #atewa'3N #atewa'
han*les the *atahan*les the *atain the same wa'in the same wa'
as it woul*as it woul*
han*le *ata romhan*le *ata rom
a site-to-site 3N(a site-to-site 3N(
T'pes o 3NsT'pes o 3Ns
-
7/21/2019 Expl WAN Chapter 6 Teleworker
41/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
42/62
CCNA4-42 Chapter 6
The key to VPN effectiveness isThe key to VPN effectiveness is security.security.
& 3Ns secure *ata ,' encapsulatin# an* encr'ptin# the3Ns secure *ata ,' encapsulatin# an* encr'ptin# the
*ata(*ata(
& .ncapsulation is reerre* to as tunnelin#.ncapsulation is reerre* to as tunnelin#+ ,ecause+ ,ecause
encapsulation transmits *ata transparentl' rom networkencapsulation transmits *ata transparentl' rom networkto network throu#h a share* inrastructure(to network throu#h a share* inrastructure(
& As i an in*ivi*ual tunnel e7iste* ,etween theAs i an in*ivi*ual tunnel e7iste* ,etween the
en*points(en*points(
& .ncr'ption.ncr'ptionco*es *ata into a *ierent ormat usin# a ke'(co*es *ata into a *ierent ormat usin# a ke'(& 9ecr'ption9ecr'ption*eco*es encr'pte* *ata into the ori#inal*eco*es encr'pte* *ata into the ori#inal
unencr'pte* ormat(unencr'pte* ormat(
3N Components3N Components
-
7/21/2019 Expl WAN Chapter 6 Teleworker
43/62
-
7/21/2019 Expl WAN Chapter 6 Teleworker
44/62
CCNA4-44 Chapter 6
Tunnelin# allows the use o pu,lic networks like the )nternetTunnelin# allows the use o pu,lic networks like the )nternetto carr' *ata or users as thou#h the users ha* access to ato carr' *ata or users as thou#h the users ha* access to a
private network(private network(
& Tunnelin#Tunnelin# encapsulates an entire packet within anotherencapsulates an entire packet within another
packetpacketan* sen*s the new+ composite packet over aan* sen*s the new+ composite packet over anetwork(network(
3N Tunnelin#3N Tunnelin#
-
7/21/2019 Expl WAN Chapter 6 Teleworker
45/62
CCNA4-4 Chapter 6
0or e7ample+ an e-mail messa#e travelin# throu#h the0or e7ample+ an e-mail messa#e travelin# throu#h the)nternet over a 3N()nternet over a 3N(
3N Tunnelin#3N Tunnelin#
eneric Routin# .ncapsulationeneric Routin# .ncapsulation
3N T li
-
7/21/2019 Expl WAN Chapter 6 Teleworker
46/62
CCNA4-46 Chapter 6
)n the e7ample+ 333 carries the messa#e to the 3N *evice+)n the e7ample+ 333 carries the messa#e to the 3N *evice+where the messa#e is encapsulate* within a eneric Routewhere the messa#e is encapsulate* within a eneric Route
.ncapsulation 5R. packet(.ncapsulation 5R. packet(
& R. is a tunnelin# protocol *evelope* ,' Cisco(R. is a tunnelin# protocol *evelope* ,' Cisco(
& TheThe outer packet source an* *estination a**ressin#outer packet source an* *estination a**ressin#5)nternet )3 A**resses is assi#ne* to5)nternet )3 A**resses is assi#ne* to HtunnelHtunnel
interacesHinteracesHan* is ma*e routa,le across the network(an* is ma*e routa,le across the network(
& "nce a composite packet reaches the *estination"nce a composite packet reaches the *estination
tunnel interace+ the insi*e packet is e7tracte*(tunnel interace+ the insi*e packet is e7tracte*(
3N Tunnelin#3N Tunnelin#
-
7/21/2019 Expl WAN Chapter 6 Teleworker
47/62
3N 9 C i* i li * ) i3N 9 t C i* ti lit * ) t it
-
7/21/2019 Expl WAN Chapter 6 Teleworker
48/62
CCNA4-4: Chapter 6
0or encr'ption to work+0or encr'ption to work+,oth the sen*er an* the receiver,oth the sen*er an* the receivermust know the rules use* to transorm the ori#inal messa#emust know the rules use* to transorm the ori#inal messa#e
into its co*e* orm(into its co*e* orm(
3N encr'ption rules inclu*e3N encr'ption rules inclu*e
anan al#orithm an* a ke'al#orithm an* a ke'(( An al#orithm is aAn al#orithm is a
mathematical unction thatmathematical unction that
com,ines a messa#e+ te7t+com,ines a messa#e+ te7t+
*i#its or all three with a ke'(*i#its or all three with a ke'(
The output is an unrea*a,le cipher strin#(The output is an unrea*a,le cipher strin#(
& 9ecr'ption is e7tremel' *iicult without the correct ke'(9ecr'ption is e7tremel' *iicult without the correct ke'(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9 t C i* ti lit * ) t it3N 9 t C i* ti lit * ) t it
-
7/21/2019 Expl WAN Chapter 6 Teleworker
49/62
CCNA4-4> Chapter 6
The *e#ree o securit' provi*e* ,' an' encr'ption al#orithmThe *e#ree o securit' provi*e* ,' an' encr'ption al#orithm*epen*s on the len#th o the ke'*epen*s on the len#th o the ke'((
& The shorter the ke'+ the easier it is to ,reak+The shorter the ke'+ the easier it is to ,reak+
& owever+ the shorter the ke'+ the easier it is to pass theowever+ the shorter the ke'+ the easier it is to pass the
messa#e(messa#e(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9 t C i* ti lit * ) t it3N 9 t C i* ti lit * ) t it
-
7/21/2019 Expl WAN Chapter 6 Teleworker
50/62
CCNA4-; Chapter 6
ore common encr'ption al#orithms an* ke' len#ths%ore common encr'ption al#orithms an* ke' len#ths%& 9ata .ncr'ption Stan*ar* 59.S%9ata .ncr'ption Stan*ar* 59.S%
& 9evelope* ,' )B(9evelope* ,' )B(
& i#h perormance(i#h perormance(
& 6 ,it(6 ,it(
& Triple 9.S 5!9.S%Triple 9.S 5!9.S%
& A variant o 9.S that encr'pts with one ke'+ *ecr'ptsA variant o 9.S that encr'pts with one ke'+ *ecr'pts
with another *ierent ke'+ an* then encr'pts one inalwith another *ierent ke'+ an* then encr'pts one inal
time with another ke'(time with another ke'(
& 1>2 ,it(1>2 ,it(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9 t C i* ti lit * ) t it3N 9 t C i* ti lit * ) t it
-
7/21/2019 Expl WAN Chapter 6 Teleworker
51/62
CCNA4-1 Chapter 6
ore common encr'ption al#orithms an* ke' len#ths%ore common encr'ption al#orithms an* ke' len#ths%& A*vance* .ncr'ption Stan*ar* 5A.S%A*vance* .ncr'ption Stan*ar* 5A.S%
& Replace* 9.S encr'ption(Replace* 9.S encr'ption(
& ore secure(ore secure(
& Computationall' more eicient(Computationall' more eicient(
& 12:+ 1>2+ an* 26 ,it(12:+ 1>2+ an* 26 ,it(
& Rivest+ Shamir+ an* A*leman 5RSA%Rivest+ Shamir+ an* A*leman 5RSA%
& 12+ 86:+ 1;24 ,it an* lar#er(12+ 86:+ 1;24 ,it an* lar#er(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
52/62
3N 9 t C i* ti lit * ) t it3N 9 t C i* ti lit * ) t it
-
7/21/2019 Expl WAN Chapter 6 Teleworker
53/62
CCNA4-! Chapter 6
S'mmetric .ncr'ption 5Secret Ie'%S'mmetric .ncr'ption 5Secret Ie'%& .ncr'ption an* *ecr'ption ke's are.ncr'ption an* *ecr'ption ke's arethe samethe same((
& ow *o the encr'ptin# an* *ecr'ptin# *evices ,othow *o the encr'ptin# an* *ecr'ptin# *evices ,oth
have the share* secret ke'Fhave the share* secret ke'F
& Jou coul* use e-mail+ courier+ or overni#ht e7pressJou coul* use e-mail+ courier+ or overni#ht e7pressto sen* the share* secret ke's to the a*ministratorto sen* the share* secret ke's to the a*ministrator
o the *evice(o the *evice(
& A more secure metho* is as'mmetric encr'ption(A more secure metho* is as'mmetric encr'ption(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit an* )nte#rit
-
7/21/2019 Expl WAN Chapter 6 Teleworker
54/62
CCNA4-4 Chapter 6
As'mmetric .ncr'ption 53u,lic Ie'%As'mmetric .ncr'ption 53u,lic Ie'%& .ncr'ption an* *ecr'ption ke's are.ncr'ption an* *ecr'ption ke's are*ierent*ierent((
& "ne ke' encr'pts the messa#e+ while a secon* ke'"ne ke' encr'pts the messa#e+ while a secon* ke'
*ecr'pts the messa#e(*ecr'pts the messa#e(
& .ach user has two *ierent ke's that act as a ke' pair.ach user has two *ierent ke's that act as a ke' pair- pu,lic an* private- pu,lic an* private((
& 3u,lic ke's3u,lic ke'sare e7chan#e* with other users(are e7chan#e* with other users(
& essa#esessa#es sent are encr'pte*sent are encr'pte*with thewith the sen*erKssen*erKs
private ke'private ke'an* thean* the recipientKs pu,lic ke'recipientKs pu,lic ke'((& essa#esessa#es receive* are *ecr'pte*receive* are *ecr'pte*with thewith the sen*erKssen*erKs
pu,lic ke'pu,lic ke'an* thean* the recipientKs private ke'recipientKs private ke'((
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit' an* )nte#rit'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
55/62
CCNA4- Chapter 6
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
S'mmetric .ncr'ptionS'mmetric .ncr'ption As'mmetric .ncr'ptionAs'mmetric .ncr'ption
Secret Ie' cr'pto#raph' 3u,lic Ie' cr'pto#raph'
.ncr'pt an* *ecr'pt with thesame ke'
.ncr'pt an* *ecr'pt with a*ierent ke'
T'picall' use* or messa#econtent
T'picall' use* or *i#italcertiicates an* ke' mana#ement
9.S+ !9.S+ A9.S RSA
3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit' an* )nte#rit'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
56/62
CCNA4-6 Chapter 6
3N 9ata )nte#rit'%3N 9ata )nte#rit'%& ashesashescontri,ute to *ata inte#rit' an* authentication ,'contri,ute to *ata inte#rit' an* authentication ,'
ensurin# that unauthori$e* persons *o not tamper withensurin# that unauthori$e* persons *o not tamper with
transmitte* messa#es(transmitte* messa#es(
& AA hashhash+ also calle* a+ also calle* a messa#e *i#estmessa#e *i#est+ is a value+ is a value5authentication co*e5authentication co*e #enerate* rom a strin# o te7t(#enerate* rom a strin# o te7t(
& )t is #enerate* usin# a ormula an* a share* ke' an*)t is #enerate* usin# a ormula an* a share* ke' an*
inclu*e* as part o the encr'pte* messa#e(inclu*e* as part o the encr'pte* messa#e(
& The recipient uses theThe recipient uses thesame ormula an* ke'same ormula an* ke'toto#enerate the authentication co*e(#enerate the authentication co*e(
& ) the values match) the values match+ the recipient can ,e sure that the+ the recipient can ,e sure that the
messa#e has not ,een chan#e* in transit(messa#e has not ,een chan#e* in transit(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
57/62
CCNA4-8 Chapter 6
3N 9ata )nte#rit'%3N 9ata )nte#rit'%& essa#e 9i#est 59%essa#e 9i#est 59% 12: ,it ke'(12: ,it ke'(
& Secure ash Al#orithm 1 5SA-1%Secure ash Al#orithm 1 5SA-1%16;-,it ke'(16;-,it ke'(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
Somethin# was chan#e*LSomethin# was chan#e*L
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
-
7/21/2019 Expl WAN Chapter 6 Teleworker
58/62
CCNA4-: Chapter 6
3N Authentication%3N Authentication%& The *evice on theThe *evice on the
other en* o the 3Nother en* o the 3N
tunnel must ,e authenticate* ,eore the communicationtunnel must ,e authenticate* ,eore the communication
path is consi*ere* secure(path is consi*ere* secure(
& There are two peer authentication metho*s%There are two peer authentication metho*s%
& 3re-share* ke' 53SI%3re-share* ke' 53SI%
& A secret ke' that is share* ,etween the two partiesA secret ke' that is share* ,etween the two parties
usin# a secure channel ,eore it nee*s to ,e use*(usin# a secure channel ,eore it nee*s to ,e use*(
& RSA si#nature%RSA si#nature%
& =ses the e7chan#e o *i#ital certiicates to=ses the e7chan#e o *i#ital certiicates to
authenticate the peers(authenticate the peers(
3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
-
7/21/2019 Expl WAN Chapter 6 Teleworker
59/62
CCNA4-> Chapter 6
)3sec)3secis a protocol suite or securin# )3 communications withis a protocol suite or securin# )3 communications withencr'ption+ inte#rit'+ an* authentication(encr'ption+ inte#rit'+ an* authentication(
& There are two main )3sec ramework protocols%There are two main )3sec ramework protocols%
& Authentication ea*er 5A%Authentication ea*er 5A%
& =se when coni*entialit' is not require* or=se when coni*entialit' is not require* orpermitte*(permitte*(
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
-
7/21/2019 Expl WAN Chapter 6 Teleworker
60/62
CCNA4-6; Chapter 6
)3sec)3secis a protocol suite or securin# )3 communications withis a protocol suite or securin# )3 communications withencr'ption+ inte#rit'+ an* authentication(encr'ption+ inte#rit'+ an* authentication(
& There are two main )3sec ramework protocols%There are two main )3sec ramework protocols%
& .ncapsulatin# Securit' 3a'loa* 5.S3%.ncapsulatin# Securit' 3a'loa* 5.S3%
& 3rovi*es coni*entialit' an* authentication ,'3rovi*es coni*entialit' an* authentication ,'encr'ptin# the packet(encr'ptin# the packet(
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
-
7/21/2019 Expl WAN Chapter 6 Teleworker
61/62
CCNA4-61 Chapter 6
)3sec relies on e7istin# al#orithms to implement encr'ption+)3sec relies on e7istin# al#orithms to implement encr'ption+authentication+ an* ke' e7chan#e(authentication+ an* ke' e7chan#e(
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
9ie-ellman%9ie-ellman%Allows two parties toAllows two parties to
esta,lish a share*esta,lish a share*
secret ke' use* ,'secret ke' use* ,'
encr'ption an* hashencr'ption an* hash
al#orithms over anal#orithms over an
unsecure line(unsecure line(
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
-
7/21/2019 Expl WAN Chapter 6 Teleworker
62/62
/hen coni#urin# )psec+ there are/hen coni#urin# )psec+ there are our choiceour choices to ,e ma*e%s to ,e ma*e%
)3sec Securit' 3rotocols)3sec Securit' 3rotocols
/hich )3sec 3rotocolF/hich )3sec 3rotocolF
ow to share ke's(ow to share ke's(