Ccna routing and Switching Complete Study Guide

Each computer encrypts the data before sending info across the network, with this 

same key being used to both encrypt and decrypt the data. Examples of symmetric key 

encryption are Data Encryption Standard (DES), Triple DES (3DES), and Advanced 

Encryption Standard (AES).

Asymmetric encryption    Devices that use asymmetric encryption use different keys for 

encryption than they do for decryption. These keys are called private and public keys.

Private keys encrypt a hash from the message to create a digital signature, which is then 

verified via decryption using the public key. Public keys encrypt a symmetric key for secure 

distribution to the receiving host, which then decrypts that symmetric key using its exclu-

sively held private key. It’s not possible to encrypt and decrypt using the same key. This is a 

variant of public key encryption that uses a combination of both a public and private keys. 

An example of an asymmetric encryption is Rivest, Shamir, and Adleman (RSA).

As you can see from the amount of information I’ve thrown at you so far, establishing a 

VPN connection between two sites takes study, time, and practice. And I am just scratching 

the surface here! I know it can be difficult at times, and it can take quite a bit of patience. 

Cisco does have some GUI interfaces to help with this process, and they can be very helpful 

for configuring VPNs with IPsec. Though highly useful and very interesting, they are just 

beyond the scope of this book, so I’m not going to delve further into this topic here.

GRE Tunnels

Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate many 

protocols inside IP tunnels. Some examples would be routing protocols such as EIGRP 

and OSPF and the routed protocol IPv6. Figure 21.23 shows the different pieces of a GRE 

header.

920

 

Chapter 21 

■

  Wide Area Networks

f i g u r e   21. 2 3     Generic Routing Encapsulation (GRE) tunnel structure

IP Network

(transportation protocol)

GRE tunnel

(carrier protocol)

IP VPN

site

(passenger protocol)

IP VPN

site

(passenger protocol)

Transport

IP header

GRE

header

Passenger (IP) packet

A GRE tunnel interface supports a header for each of the following:

 

■

A passenger protocol or encapsulated protocols like IP or IPv6, which is the protocol 

being encapsulated by GRE

 

■

GRE encapsulation protocol

 

■

A transport delivery protocol, typically IP

GRE tunnels have the following characteristics:

 

■

GRE uses a protocol-type field in the GRE header so any layer 3 protocol can be used 

through the tunnel.

 

■

GRE is stateless and has no flow control.

 

■

GRE offers no security.

 

■

GRE creates additional overhead for tunneled packets—at least 24 bytes.

Download 28,65 Mb.

Do'stlaringiz bilan baham: