View Larger Image	Vijay Bollapragada, Mohamed Khalid, Scott Wainner Cisco Press, Paperback, Published March 2005, 352 pages, ISBN 1587051117
	List Price: $55.00 Our Price: $42.50 You Save: $12.50 (23% Off)
	Availability: Out-Of-Stock

Write a Review and tell the world about this title!

People who purchase this book frequently purchase:

• The Complete Cisco VPN Configuration Guide; Richard Deal, $65.95, 22% Off!
• Definitive MPLS Network Designs; Jim Guichard, et al, $50.50, 22% Off!
• Cisco Router Firewall Security; Richard a. Deal, $50.50, 22% Off!
• Layer 2 VPN Architectures: Pseudo-Wire Emulation; Wei Luo, et al, $50.50, 22% Off!

• Networking/Communications : Virtual Private Networks
• Enterprise Computing : Security

• Cisco Press

• Understand how IPSec VPNs are designed, built, and administered
  
• Improve VPN performance through enabling of modern VPN services such as performance, scalability, QoS, packet processing, multicast, and security
  
• Integrate IPSec VPNs with MPLS, Frame Relay, and ATM technologies

As the number of remote branches and work-from-home employees grows throughout corporate America, VPNs are becoming essential to both enterprise networks and service providers. IPSec is one of the more popular technologies for deploying IP-based VPNs. IPSec VPN Design provides a solid understanding of the design and architectural issues of IPSec VPNs. Some books cover IPSec protocols, but they do not address overall design issues. This book fills that void.

IPSec VPN Design consists of three main sections. The first section provides a comprehensive introduction to the IPSec protocol, including IPSec Peer Models. This section also includes an introduction to site-to-site, network-based, and remote access VPNs. The second section is dedicated to an analysis of IPSec VPN architecture and proper design methodologies. Peer relationships and fault tolerance models and architectures are examined in detail. Part three addresses enabling VPN services, such as performance, scalability, packet processing, QoS, multicast, and security. This book also covers the integration of IPSec VPNs with other Layer 3 (MPLS VPN) and Layer 2 (Frame Relay, ATM) technologies; and discusses management, provisioning, and troubleshooting techniques. Case studies highlight design, implementation, and management advice to be applied in both service provider and enterprise environments.

About the Authors

Vijay Bollapragada, CCIE No. 1606, is a manager of the VPN Solutions group at Cisco Systems. Vijay also teaches Cisco engineers and customers several courses, including Cisco Router Architecture, IP Multicast, Internet Quality of Service, and Internet Routing Architectures. He is also an adjunct professor in Duke University's electrical engineering department.

Mohamed Khalid, CCIE No. 2435, is a technical leader working with IP VPN solutions at Cisco's RTP facilities. Mohamed has a Masters Degree in Electrical Engineering.

Scott Wainner is a distinguished systems engineer in the US Service Provider, InterExchange Carrier group at Cisco Systems. Scott received a BS in Electrical Engineering from the USAF Academy and subsequently received his Masters in Electronic and Computer Engineering from George Mason University, and he is currently a member of the IEEE.

Jun 20, 2005     Penny Jakes, CCNP from University of Montana
Definitive Design and Deployment Guide
IPSec VPN Design (ISBN 1587051117) focuses on the design and implementation of IPSec VPNs. The authors consider this the definitive design and deployment guide for secure virtual private networks. There are many theoretical publications covering the foundations of network security, but VPN security design is especially challenging. There are so many variables that even knowing the theoretical concepts, models, tradeoffs, and scalability, it can still be a daunting task. This book is for the advanced/expert in the network security field.

Because of the advanced topics presented in this guide, considerable network management and/or a network engineer level of experience is needed to use the wealth of information presented by authors Vijay Bollapragada (CCIE), Mohamed Khalid (CCIE), and Scott Wainner. It is expected that the reader will have a working knowledge of IP routing, architectures, WAN technologies, Cisco IOS, and network security. The introductory chapters briefly review knowledge that the authors expect users to have which results in getting everyone focused on the starting point of this technical guide.

The concept of network security is not the same in all environments as each VPN will have different connectivity and integration platforms. This guide to designing an IPSec type of VPN is Cisco based. The configuration examples and troubleshooting output are Cisco IOS. Many design principles efficient, reliable, cost effective, fault-tolerant, and scalable -- have commonality in several environments, but again, all illustrations and examples use Cisco technology. This book does design IPSec VPNs from many perspectives.

The organization of IPSec VPN Design is organized into three units: introduction and concepts; design and deployment; service enhancements. This organizes technical material as it moves from a brief review of technologies that use VPNs, to an overview of IPSec architecture, protocols, components, and concludes by examining advanced issues such as voice, multicast, and network-based VPNs.

As an introduction to this topic, an IPSec VPN is configured and packet processing is explained step-by-step using Cisco IOS. The illustrations and diagrams of the topology, end-to-end packet processing, and configuration command output (from show and debug commands) is very helpful to the reader. IPSec protocols and the differences between tunnel mode and transport mode are described.

After an introduction to authentication and security, the authors move into considerable detail and enhanced features of IPSec, scalability, and fault tolerance with dead peer detection or control plane keepalives. There are always unique challenges to implementing VPNs, and this book gives examples from the authors experience to handle situations for interaction with NAT (Network Address Translation) or PMTUD (Path Maximum Transmission Unit Detection). To end the introduction/concepts unit, authentication/authorization models for remote access users discusses XAUTH (Extended Authentication) and MODE-CFG (Mode-configuration). Ciscos EzVPN connection model and digital certification conclude this unit. The authors then move to applying these concepts to VPN design.

The design and deployment phase considers hub and spoke architecture, failover, fault tolerance, and alleviation of complexity in large-scale situations using TED (Tunnel End-Point Discovery) and DMVPN (Dynamic Multipoint VPN). Advanced enhancements include quality of service (QoS), interoperability with voice and video, and a new type of VPN service known as the network-based VPN.

Topics move from general introductory concepts (Chapters 1-4) to specific design and deployment (Chapters 5-7), and concludes with advanced/integrated service enhancements (Chapters 8-9). The authors have taken care to explain pros and cons of various designs and give alternatives. The notes sections illustrate advantages and disadvantages or add relevant comments from the authors experience. Illustrations are appropriate, easily read, and well-designed. There is an abundance of configuration examples, complete with resulting show and debug output, and all with highlighting to assist the learner. These types of real-world examples are easier to learn from than the traditional technical documentation. The index is complete; there is not a glossary which might have been helpful for some readers.

Throughout this guide, Bollapragada, Khalid, and Wainner have managed to write at a level that is appropriate for an advanced topic while using examples that are easily understood. Some network managers may not actually design an IPSec VPN, but still need to understand the principles of security, be able to communicate with technical support, and work with network engineers and service providers in maintaining/troubleshooting the VPN. Advanced understanding and good troubleshooting skills are contained in this guide.

IPSec VPN Design is a well-written, concise guide to designing VPNs in general and IPSec VPNs specifically. It would be helpful to individuals taking their networking skills to another level or those studying for CCIE or Security certifications. It targets network engineers and network designers working at the corporate level or working for the service provider. Bollapragada, Khalid, and Wainner each brought their expertise and considerable experience into the collaboration while authoring this book.

An excellent book published by Cisco Press, 2005, which deserves a rating of 5 on a 1-5 scale.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account