Time
11 hours
Difficulty
Intermediate
CEU/CPE
15

Video Transcription

00:00
Hello. Welcome back. Since those certified that is lying associate just seven. License 7.2. I'm your instructor. Way.
00:08
In a previous video, we talked about the traditional one technologies. From this video we will begin to introduce Enterprise A V p m the *** as p VPN and I went back up the line.
00:22
Here's a pre assessment question A network architect of working for a large financial institution is designing BTS solution that must include encryption. Which option meets this requirement? A jury tunnel Be out to be Pierre.
00:39
See Al three v p. M. The Gara VPN again. Me, di Catolica None of the A B s. He has the capability to encrypted traffic.
00:51
Here's the topic of we'll discuss
00:56
enterprise of E T M E s a service provider. Be Kia. Well, you need to provide sexual remote access. Using the PS, you must consider several things. One key consideration is the use of the enterprise of pecans or service provider V peons. Alright, an impressive VPs typically required in house began his eye
01:15
implementation of support
01:18
on service provider VP and on the other hand, is a managing VPN service from the service provider
01:23
this table provides an overview. Although some technology options that are available when selecting the can's life hand side is on enterprise. The chance right hand side of the service provider a chance? What is that key? Sec?
01:41
AP SAG is a never uglier particle suite for encrypting AKI packets between two hosts and a dinner by creating a secure tunnel. I piece, like the connections are culminated. Configure the between firewalls. A VPN Appliances are rodders. They'd have happy sack of teachers enabled,
02:00
he said. You can scale from small, devour large networks.
02:05
This diagram shows the topology for I P SEC director encapsulation with Marco head and sites to provide the resiliency for the branch offices
02:17
generate grouting encapsulation. Jory was developed by Cisco to encapsulate a variety of the protocols. Inside Ikey Toto's thes approach comes this of, ah, minimal configuration for basic VPs, but lacks in both of security and a scale ability.
02:35
In fact, Jory Thanos did not use any encryption to secure the packets during transport
02:42
using I P site with the jury, Toto's provides for secure VPN tunnels by encrypting the jury tunnels. The M v p m A. The Cisco IIs a solution for building I p psych Paulus G r E v P s. In a dynamic and a scalable manner,
02:57
the M v P s relies on two key technologies called un h r p and
03:02
and you're right. The meeting was very popular before, but nowadays these you know more and more customers moving to ask, do you want right? For Cisco is Vic Tile
03:16
virtual Tono interphase, VT Eyes and I p Sac of the 10 Days I Option of a 1,000,000,000 Cisco IIs the stuff where
03:23
the T I has some A interesting advantages over previous ikey Second design options, including support for enemy, the rotting protocols on chemo DaCosta without a using jury or M jury Tappy Inner Feces. Also because of E. T. I. Tone O's are assigned a unique the interface
03:44
specific total level features and such as a Q s can be configured for each tunnel separated from other VT I tunnels.
03:52
The physical topology for BT idealize can be designed the same way. As I said, direct encapsulation using Marco had ends on the two tunnels for the remote sites. Want to each hide it?
04:06
Gadda Beta group of encrypted a transport of e t en cada btm a similar to key psycho VPs. However, a differs by preserving Lee original ikey addresses in the Outer Ikey header over the package.
04:21
Because of the original ikey source and destination addresses are preserved. No over laid rotting protocal control plane is needed, thereby allowing routing and monetize the Dirac natively with the underlying network.
04:35
Gatame. Ta is not technically used on the Internet because that does not work due to the original i p address ING Appraiser Vision. However, get a V cam is a good solution for private the interested networks
04:49
or where you have end and control over the private key address space.
04:56
Right? This table shows the comparison off Enterprise to BPM off shows,
05:01
service provider managing offerings
05:05
Metro Eatery serves. These can provide a Matt Moore being with the ability to operate the band way that needed on the higher levels off the redundancy through multiple re route processors. Because Metro etheric and supported a higher ban away the requirements, it is often
05:25
better suited to support. ConvergeNet resurfaces. For example, voice, video and data service is combine on the same link.
05:33
This table shows the benefits that you throw a hand off out of the customer. Madge, provide
05:42
service provider VPN
05:45
out to V S al Freon service provider VPs offering typically include out to our our freak activity Options layer to bps are more expensive day out free, but serve a couple of really important to use cases.
06:01
They're to be p s are useful for replication Recording me into that need a layer to a Jason sees because of sites
06:08
wood to the support customer Adieu Rodders that I need to exchange arouses directly there Three options, on the other hand, are lower costs on more scalable than their two. However, the customer rodders will need to exchange rows with pro rider and rodders at each site
06:28
Morning protocol label switching and sure, as is an example of our three VPN service
06:33
Virtual private A wire service is VP ws is a layer to begin to technology
06:42
commonly referring thio suit aware right. The PRS provides a point a point of wild link between two sides over and then tries provider back Born It is a seminarian concept id at least the lion surveys virtual private line service
06:59
expands on the P. W s device in the architect er, that enables either a natural serv ces
07:05
e m s over in an interest network, the operation all the GPRS allows for attacking arrow two domains over an I. P. M sure as if the network which emulates an IEEE Ethan I preach
07:21
This diagram depicts a VP arised apology in an interest network. The TRS is a type of a wiki and that I lost for the connection off, um, uncle site into a single out to the main over Amanda the Key and Tries Network,
07:38
The Pierre s presence and the threat interface which simplifies the land, meant when did mark
07:45
for service providers. These enables rapid and the flags both surges of provisioning because of the service, being with is not tied it to the physical interface. All the PR as the service ese
07:58
appeared to be on the same VT villa gardens of physical locations. You know what the tiaras uses it? EJ rodders. There were now two domains, bridges them and replicates the through the wiki, eh,
08:13
with the key mantra is the cloud is a collection of a full marriage connections
08:18
providing any tow any connective de between sites. The tiara has supported many off the new applications and a service is that needed to be on the same L to network to function properly. Some service is it lacked a network layer addressing or are transparent to the upper layer particles.
08:37
The air s out to begin considerations
08:41
because the PRS provides in their own to sway to the second between your sights, you can choose control out to three routing between the sites, not a provider. That means that you can use rotting particles of such as each at your key. Oh, SPF and A B g p. However, you can write into scalability problems
09:01
with I d. T routing protocols. You try to connect the handlers of rodders to same out to segment with the PRS
09:09
providing the connectivity. BDP is the only routing protocol that you should be using a larger
09:16
round two domains Now a day you can D'oh, you're gonna go with e t T M. Service is right if you have time to you know, digging to e v. P. M. Things will overcome this layer to domain show. You can extend your I d p over to model
09:35
data centers
09:37
or even to the cloud right by using a VPN service is Ethernet over. Deacon service is okay. Let's move on. To ensure s I'm sure is is a technology for the delivery off service is using a efficient encapsulation magnetism,
09:54
I'm sure, as uses labels arpanet it to the I P packet or our two frames
10:00
followed. Transport of data off the LeBeau's can be used as the sign it'd decided. Er thio identify prefixes A T, M, V C's and can be used the air in keeping with
10:13
interesting well on many lt technologies, including a T m from really PPP package Overs on it
10:20
passed on the three pure, as is the name economical solution that can't be feeling too created over any existing infrastructure. Offering flexibility because and tries is independent of access technologies,
10:35
as peas can offer intelligent and there were service is to their customers over a single infrastructure.
10:41
Each of the ESPYs customers can have one or more eks within the overall and first network, called a virtual rotting in a forwarding. The are a few instances the major benefits of using GPS or flexibility, cost and scalability.
10:58
One backup the like. Redundancy is a critical competent of one designed for the remote site because off the unreliable nature off one links one compared to the last that they connect. Most enterprise adieu solutions require high availability between the primary and a remote site
11:16
because one links have lower reliability in the lack danwei,
11:20
they are good. The candidates there for most of one backup. The lice branch offices that should have some type of a bank of a strategy in the event of a criminal and a filter that govern links that can't be either permanent one or Internet based. The connections. What bank of auctions are as follows?
11:41
Right Secondary one link.
11:41
I think a secondary one. Lincoln makes the narrative more fault. Tolerant. This solution offers to key advantages. Back up Link provides a for network connectivity of the primary link. Fails dynamic. Are static around technologies Can be
11:58
I used to provide a rounding consistency during back of an event.
12:03
Obligation availability can also being created because over the additional backup drink additional beer with
12:11
load sharing allows both links to be used at the same time. Increasingly available peon with low buzzing can be achieved over the preferable rinks using the automatic routing protocol techniques. I p sec itano across the injury on hacky sack of AP and backup Ringo Can we?
12:30
Director Travelgate to the corporate headquarters for the network of theater has been detected
12:35
one back out over the Internet, another out of native for one backup visit to use the Internet as the connectivity transport between sites. However, keeping in mind that this type of a connection does not, so far being away at the guarantees the enterprise also needs to set up in the Thanos on October ties
12:54
the company's networks internally. So data remote offices that have a reachable destinations
13:01
Security is, ah, credo importance when you rely on the Internet for a network of connectivity. So a secure TANO using I P second needs to be deployed to protect the data during the transport.
13:13
Right under this, start grabbing the streets connectivity between the head and or central site on a remote site using
13:22
traditional interest. All three of you can connections for the perimeter. One link the eyepiece second tunnel, as you has a back of a tunnel that provides a redundancy for the site. Gave it a primary one. Ink fails
13:37
question number one a secure Want this line requires it then any routing and I ke moti costs
13:43
what two between protocols Meet these requirements. Shoes to a static I p sac B p to p Jury over ikey sec c d M v p and the any connect e m p p t p f Easy the e l T e s s l T E r s.
14:01
It'll be a B and A c
14:05
All right.
14:07
Question number. Do our remote worker for sales. The company most disobedient daily updates via company email system they employees that would not have a company issued the laptop. So which v P M method is used for connectivity to the you know, company email server A d m v p m
14:26
B s s l v p s
14:28
c i P sec A VPN The gabbeh cannot be S S L V P M Web browser based that there was no head on that device for encryption. Right to be.
14:37
In today's brief lecture, we discussed the enterprise of the TMG. As a service provider, we can and end of our enterprise will want back up with his eye.
14:48
Any questions? Few pre the contacted me. Otherwise I will see you in the next video by Fernet

Up Next

CCDA (Cisco Certified Design Associate)

In this CCDA training you will learn the knowledge and skills involved in attaining your Cisco Certified Design Associate (CCDA) certification.

Instructed By

Instructor Profile Image
Wayne Xing
Network Solutions Architect
Instructor