IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS (Paperback)

Create and manage highly-secure Ipsec VPNs with IKEv2 and Cisco FlexVPN

The IKEv2 protocol significantly improves VPN security, and Cisco’s FlexVPN offers a unified paradigm and command line interface for taking full advantage of it. Simple and modular, FlexVPN relies extensively on tunnel interfaces while maximizing compatibility with legacy VPNs. Now, two Cisco network security experts offer a complete, easy-tounderstand, and practical introduction to IKEv2, modern IPsec VPNs, and FlexVPN.

The authors explain each key concept, and then guide you through all facets of FlexVPN planning, deployment, migration, configuration, administration, troubleshooting, and optimization. You’ll discover how IKEv2 improves on IKEv1, master key IKEv2 features, and learn how to apply them with Cisco FlexVPN.

IKEv2 IPsec Virtual Private Networks offers practical design examples for many common scenarios, addressing IPv4 and IPv6, servers, clients, NAT, pre-shared keys, resiliency, overhead, and more. If you’re a network engineer, architect, security specialist, or VPN administrator, you’ll find all the knowledge you need to protect your organization with IKEv2 and FlexVPN.

• Understand IKEv2 improvements: anti-DDoS cookies, configuration payloads, acknowledged responses, and more
• Implement modern secure VPNs with Cisco IOS and IOS-XE
• Plan and deploy IKEv2 in diverse real-world environments
• Configure IKEv2 proposals, policies, profiles, keyrings, and authorization
• Use advanced IKEv2 features, including SGT transportation and IKEv2 fragmentation
• Understand FlexVPN, its tunnel interface types, and IOS AAA infrastructure
• Implement FlexVPN Server with EAP authentication, pre-shared keys, and digital signatures
• Deploy, configure, and customize FlexVPN clients
• Configure, manage, and troubleshoot the FlexVPN Load Balancer
• Improve FlexVPN resiliency with dynamic tunnel source, backup peers, and backup tunnels
• Monitor IPsec VPNs with AAA, SNMP, and Syslog
• Troubleshoot connectivity, tunnel creation, authentication, authorization, data encapsulation, data encryption, and overlay routing
• Calculate IPsec overhead and fragmentation
• Plan your IKEv2 migration: hardware, VPN technologies, routing, restrictions, capacity, PKI, authentication, availability, and more

使用IKEv2和Cisco FlexVPN創建和管理高度安全的Ipsec VPNs

IKEv2協議顯著提高了VPN的安全性，Cisco的FlexVPN提供了一個統一的範例和命令行界面，以充分利用它。簡單而模塊化，FlexVPN廣泛依賴隧道接口，同時最大限度地兼容傳統VPN。現在，兩位Cisco網絡安全專家為您提供了一個完整、易於理解和實用的介紹，介紹了IKEv2、現代IPsec VPN和FlexVPN。

作者解釋了每個關鍵概念，然後引導您通過FlexVPN的規劃、部署、遷移、配置、管理、故障排除和優化的所有方面。您將了解到IKEv2如何改進IKEv1，掌握關鍵的IKEv2功能，並學習如何在Cisco FlexVPN中應用它們。

《IKEv2 IPsec虛擬私人網絡》提供了許多常見場景的實用設計示例，涉及IPv4和IPv6、服務器、客戶端、NAT、預共享密鑰、韌性、開銷等等。如果您是網絡工程師、架構師、安全專家或VPN管理員，您將找到保護組織所需的所有知識，以IKEv2和FlexVPN保護組織。

- 瞭解IKEv2的改進：反DDoS cookie、配置載荷、確認響應等
- 使用Cisco IOS和IOS-XE實現現代安全VPN
- 在不同的現實環境中規劃和部署IKEv2
- 配置IKEv2提案、策略、配置文件、密鑰和授權
- 使用高級的IKEv2功能，包括SGT傳輸和IKEv2分段
- 瞭解FlexVPN、其隧道接口類型和IOS AAA基礎設施
- 使用EAP身份驗證、預共享密鑰和數字簽名實現FlexVPN服務器
- 部署、配置和自定義FlexVPN客戶端
- 配置、管理和故障排除FlexVPN負載均衡器
- 通過動態隧道源、備份對等和備份隧道提高FlexVPN的韌性
- 使用AAA、SNMP和Syslog監控IPsec VPN
- 故障排除連接性、隧道創建、身份驗證、授權、數據封裝、數據加密和覆蓋路由
- 計算IPsec的開銷和分段
- 規劃您的IKEv2遷移：硬件、VPN技術、路由、限制、容量、PKI、身份驗證、可用性等等