MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets
ฝัง
- เผยแพร่เมื่อ 12 ก.ย. 2012
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, CBT Nuggets trainer Keith Barker takes a look at the concepts behind how IPsec site-to-site VPNs work. Keith uses a protocol analyzer to show you the before and after picture of a packet that's been encrypted and transmitted.
Sending packets in the wild can be dangerous. The Big Bad Internet is just waiting for you to send sensitive or important information so it can be sniffed out and exploited. So any time you send a packet out there, it's a good idea to give it some protection. IPSec lets you do that
Imagine a company with two geographically separated offices. They want full data networking between the two sites. All the servers and resources of both should be shared fully between the two.
With high-speed connectivity at both sites, the impulse might be to just send it all over the internet. But that can pose a security risk.
An IPsec VPN site-to-site tunnel can provide a number of things. First, confidentiality thanks to encryption. Also, integrity - IPsec can confirm that no bits were manipulated in transit. It can even provide authentication and anti-replay support.
See the benefits of IPsec VPN tunnels and what the packets themselves look like before and after transmission.
0:25: When you might need a VPN tunnel
1:00: The risk of using the Internet
1:45: What are IPsec’s claims to fame?
2:40: How does it do it?
3:55: Two perspectives of what the VPN looks like
5:10: Side-by-side comparison of the encrypted packet
6:40: Overview
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/i297
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/on5i
Start learning with CBT Nuggets:
• Intro to Networking | courses.cbt.gg/tuv
• MPLS Fundamentals | courses.cbt.gg/u7u
![[LIVE] ย้อนวันวานกับนางเอกยุค 90's #คุยให้เด็กมันฟัง EP.42 (8/6/67)](http://i.ytimg.com/vi/MslQDdFwULE/mqdefault.jpg)
You have a remarkable gift for teaching in plain language; I have watched a few of your videos on YT and gained in understanding, even though I am not an IT novice - I sense you enjoy what you do: thanks for taking the time to assist others.
This stuff was pure gibberish before I started studying Cisco; now it's pure gold. Thank you very much CBT Nuggets.
Your enthusiasm made this much easier to understand
You teach amazingly well. I can see the hard work you put into first explain the theory and then back it up with a practical example.
This was incredible. Simple, clear, well-paced, sticks to the subject, practical use-case. Just very well done.
You are very welcome Samer!
Best wishes,
Keith
Hello Ashwin-
Yes, you've got it. The outside IP header will have the source IP of the VPN gateway sending the packet, with a destination IP header of the remote VPN gateway who will be receiving the packet over the internet. When the receiving router gets the packet, it will de-encapsulate and throw away the old outside header, decrypt the contents (which include the initial IP header addresses the client was using) and continue to route the packet.
Keith
Thank you for not having a monotone voice!
Simple. Easy to Understand. Straight to the point. Awesome!
Best of the best! Super simplified nugget, this is the best explanation of IPsec I have seen, very informative and useful. Thank you so much, Keith!
AH would've been good to mention as well. You do teach very well Keith!
Your style of explaining is second to none. 👍🙏🙏🙏
great job by keith barker and one of the best trainer on the internet
Thanks for the vid Mr. Barker...you take complicated topics and explain them so i can understand, keep up the great work!!
Hi Keith, thank you for taking the time and answering my question. Great video!
The way you explain it makes it seem so easy to the point where it becomes funny!!, thank you
This is one of the coolest explanations I've seen ..You've got talent.. Kudos
Man you're way of teaching is just awesome.. pls keep on doing what you're doing..
Amazing! I'm blown away. Thank you for the intelligent explanation.
Great description and even I got. :)
Very good voice to match the video tutorial. Thanks Keith!!
Awesome video, love your enthusiasm! :)
This was so well illustrated and explained. Thanks
This series is awesome.
You Deserved 5 star ⭐ believe me
Excellent, learned something new. thanks for showing packet tracer working in the background
Thanks so much, really simple and clear explanation.
Thanks. Been doing site to site VPN for years now. Still is reliable for small and medium sized businesses :)
I hadn't realised how old this vid is until I saw the Windows XP Start button! Still good, though, thanks.
Excellent. You did a great job. Simple to understand. Thanks!
Thank you sir...You know exactly how to teach things..wonderful video
Made it so clear and easy! Great job!
Brilliant video...simple and practical example ...loved it.
This is just so fun, thanks man!!
Subscribed thanks to this video. You sound so happy talking about this lol. Thanks for the vid!
Great tutorial man! Great work, Great examples!
شكرا للدكتور هيازع البارقي خبير امن نظم المعلومات
Great Explanation in Simple Language
Bro I loved this video. Thank you so much haha you have a gift at teaching simply
Thank you so much, so well explained
Brilliant.. Thanks a lot for simplifying it.
Excellent teacher!!! Thanks.
How can someone thumb down this video, fantastic explanation.
thanks for this detailed explanation with the actual ping request!
Great explanation! Thank you!!!
Thank you for such a great explanation.
Man! You mad helpful! So glad I found ya!
very professional video. thanks!
thanks. good one. well explained. short and to the point.
Good Job Keith!
This was great! :D
Keith that was amazing .. many thanks :)
Ahmed Abduljabar Thanks for the feedback! It is appreciated.
-Keith
Keith Barker
My best instructor
Dear Sir, you teach very very nice "super nice" than the other
Thank for this video!
Superb! Got it exact
Thank you. Awesome work
viraj ayachit 🎒😈🍯👨👦👚👨👦👦♥️U.K.
You are amazing! I've never heard someone explain something so well! Brilliant!
Great video :) Thanks again!
Excelente !!!!!!!!!!! Congrats!!!!!!!!!!!
awesome video thank u so much !
Thanks for the video, what did you use to draw on the screen? Is that a pad you can hook up to a computer?
Awesome video, thank you so much!
so helpful thx !
Amazing! Thank you!
Our pleasure! Glad you were able to find value in this video! :)
Great facilitated! thanks
Glad it helped!
To check the data integrity of the packets as they are sent means they undergo tests like CRC (cyclic redundacy checking).
Hi Keith..What tool are you using in creating your topology? and also the tool you use to capture the packet
great and simplified vedio
Your channel enlighten some dark spots i had in networking, I'd like to thank you I have my network security exam at the end of this month.
Otherwise, would you tell me what software are you using for the facilitation of the course?
Muchas Gracias! implementar una VPN.
Danke Bre
awesome dude. thx
Great Stuff!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The VPN client installed in our home machines will do the ESP encapsulation at machine itself before it sends to our ISP ? Is that right ? In this example you said Router R1(ISP's router) is doing it.
thank you
IPSec or OpenVPN, which would you suggest in terms of security?
Very nice !
Hi Keith,
I have a short question. Why do we not use SSL universally/predominantly for VPNs but use IPSec? One good reason to use SSL as opposed to IPSec is the popularity of port on which it works (443). The positive is that it's open everywhere! Am I missing something?? Maybe one similar question should be - What prevents us from using SSL instead of IPSEC protocol suite in Site-to-site tunnels?
The the crypto ACL says any-any, there are 2 challenges. The two peers will need to agree on that to bring up a tunnel, and then secondly, all traffic leaving the VPN peers would be sent to the peer on the other side. There may be some corner cases where something similar to that would work, but for general site to site VPNs it would be a configuration/design error.
good job!
Hi Keith,
At around 3:05 you say the packet is going to be encapsulated. Does this mean that the Packet basically has 2 Destination and 2 Source IP adresses, from which only 1 Destination and 1 Source Address are visable when the packet is send over the Internet?
My pleasure! Glad you liked the video.
Keth
THANK YOU !!!!!!!!!!!!!!!!!!!!!!!
Nice explanation. What i'm missing is: Who to do this? How do i create R1 and R2?
After all, it's about. How to get this to work.
How were you able to capture the packets sent from machine to router? Then router to web?
Thanks
hi , thanks for your nice video but, software did you use??
You're awesome.
Hello CBT, This was quit a great one. Could you please share a simulated one with packet tracer or GNS3 what ever ... Please. it will be very helpfull begginers as me :D
Great video on VPN tunnels. I was trying to setup S2S VPN in AWS and what I did not understand is role of Inside IPv4 addresses (typically 169.254.0.0/16 range). It would be great if you could help me understand what these inside IPs are, why they are used, are these actual IPs?
This is a year late but that looks to be APIPA range. Just google that and I think you'll be good to go
That is awesome.
good god this was helpful
We're so glad to hear that, Ashleigh! Thank you for learning with us.
Hi Keith,
Can u help with something. I have this network that I'm working on packet tracer. I have two sites site A and B. Site A is ASN 10 and B is ASN 20. In the middle is an ISP router on the ASN 50. I use OSPF for the interior routing on my two sites and bgp has been configured successfully on all three routers and I managed to get IP connectivity from hosts on site A to B and vice versa. The thing is when I implemented the IPsec VPN tunnel, the hosts on site A can reach until the router that connects the destination hosts but never reached them. The thing is the pings from a host in A reaches all networks inside site B except the network of the destination host. Like if 192.168.1.0 / 24 is the source network in site A and 192.168.2.0 / 24 is the destination network on B, the hosts on A can reach all networks except the network on which my destination hosts live. Pls help me understand what could have gone wrong
Hi dear teacher. As always, an amazing teaching video, and thank you! Beginning VPN self-studying, why so many companies selling VPN connections? Can't we set up VPNs from both sites using just internet connections of two routers? Thank you!
Hi, I just wanna ask. What will happen if I use an access-list with permit ip any any in Ipsec VPN? Will the network be able to browse the internet?
What I never understood is why a VPN is necessary at all - why not send a regular IP packet with encrypted payload?
But I am getting the feeling that this is *exactly* what VPN (or rather IPsec) is doing. It always seemed to me that the encapsulation part, which was always presented as one of the two critical components of a VPN (the other being encryption), was a VPN-exclusive thing, but I guess when two PCs in their respective local networks talk to each other, encapsulation is *always* present - is that correct?
if I get the videos on your CBT Nuggets, would subtitles in my language?
So.. the routing table of R1 is supposed to contain the entire range of IPs of PCs under R2, or else how does it understand which of the requests are to be encrypted and sent to R2's IP ???? (and vice versa)
thanks
Does Ipsec add latency to voip calls because it has to encrypt the message? When would I turn on or off ipsec? Any help would be appreciated.
Thanks. But how do you connect two routers with each other? Do you use Public IP addres forwarding to each Router? For Example....How can i RDP from 172.16.0.2 to 192.168.0.20 ?