The Cisco IOS implementation of the IPsec suite is an open-standards based framework that provides network engineers with a variety of options to deliver secure VPN communications.
This series of articles explains Cisco IOS IPsec VPN configuration and implementation concepts and discusses how
to deploy software and hardware-based VPN gateways in a detailed, step-by-step process.
- Read background on the IPsec
protocol and find details for implementing VPNs in this article. Read about the background on
the Internet Security Association and
Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) and learn how to prepare for
IPsec VPN connection
- This article explains the two basic forms of IPsec
VPN connection models: Site-to-site and client-to-site VPNs. Learn why most all IPsec VPNs are
implemented using one of these two basic forms and what you need to know about each.
IPsec VPN router
- Learn how to configure an IPSec
VPN router and how to implement ISAKMP policies using IKE to ensure secure VPN
More on IPsec VPN configuration and implementation Read this guide to IPsec VPNs
Explore product information on Cisco IOS IPsec on the Cisco Website
Get a list of IPsec clients that run on many systems
Find out more about IPsec security
IPsec VPN authentication
- This article explains the final step of IKE and ISAKMP configuration, IPsec
VPN authentication key configuration. Learn how to generate and exchange pre-shared keys during
this step of the process.
VPN gateway routers
Transform set definitions are part of configuring IPsec VPN gateways that will support Cisco software VPN client connections. Implementing IPsec VPN gateways on Cisco routers involves a number of different configuration elements. In addition to the ISAKMP and IKE configuration, transform set definitions are part of configuring gateways that will support Cisco software VPN client connections.
- In addition to transform set definitions, crypto
maps are part of configuring gateways that will support IOS VPN clients.
Cisco VPN gateway
- This article covers building a Cisco
IPsec VPN gateway for software client using a split-tunneling traffic model in which traffic to
secured networks is encrypted and all other traffic is forwarded unsecured.
- Learn how to build an IPsec VPN gateway for software client using a full-crypto
Cisco traffic model, in which all traffic is either encrypted or processed by an internal
- Learn how to configure Cisco VPN gateway and support network-to-network
IPsec VPN topologies using a router as the VPN gateway with Cisco EzVPN.
- This article explains the VPN
hardware client configuration that will support a full-crypto peering relationship for Cisco's
EzVPN IPsec gateway. Learn about the four configuration elements of a typical hardware client
device, including DHCP/DNS server configuration, the hardware client configuration, the interface
configuration and the IP routing configuration.
- Learn how to configure the VPN hardware client configuration that will support split
tunneling and traffic filtering for Cisco's EzVPN IPsec gateway.
Find out how to configure direct transport VPNs on Cisco routers to provide permanent IPsec network connections between private networks.
Michael J. Martin has been working in the information technology field as a network and Unix system admin for over 17 years. His early experiences designing, implementing, and supporting MIS infrastructures for research and ISPs give him a unique perspective on his current pursuits in large-scale internetworking and security architecture. As a network architect, he has designed high-speed/high-availability LAN/MAN networks for companies such as ANS/AOL, Philips, and the Edgix Corporation, and has provided network consulting for a number of businesses and regional ISPs. Michael also writes and provides training on networking and security related issues. Michael shares his wealth of knowledge in his monthly Router Expert series and in frequent Live Expert Webcasts.
This was first published in February 2010