Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

00:00:00

When CISCO split the CCNA program into 2 separate certifications; the CCENT and CCNA, they really freed themselves up to add a lot more information to what it would be to be a true CCNA. One of the things that they added when they did the split was VPN technology. And this is a, from their point of

00:00:24

view, I'm sure this was a tough decision, because VPN's are one of the things that are overtaking the world. It's a technology that is just becoming more and more popular everywhere you go. However, the complexity of it is enough to fill an entire course. I could, I could talk about VPN's in all their glory

00:00:44

from concepts through configuration and it would easily take me a series of 30 videos to make that happen. So what they've done when they decided to splice VPN's into the CCNA program is CISCO thought, how about we give just enough to be dangerous? Meaning, just enough of the technology, what it is, what it's used for, and how it works to allow you to know what's going on, know what VPN's are all about, know where you would use them, but then leave the configuration to elsewhere. Thankfully,

00:01:18

you know what the CISCO SDM is. A graphic interface. One of the major reasons CISCO released the SDM for their routers was because of VPN connections. To set them up from the command line it is so tedious and it can be, it can take so long and have so much troubleshooting, they just said, let's just make a wizard to do it and they did. So most of the individuals that set up

00:01:41

VPNs nowadays, on CISCO routers and PIX firewalls use graphic interfaces to do it. Even myself, I will throw myself right out there. When push comes to shove I will reach for that gui immediately because VPN's are a pain to configure. But I get too deep already.

00:01:59

This is what we're going to talk about as we work through this video. Let's talk about what are VPN's? First and foremost for you acronym junkies, VPN stands for virtual private network. It is a network that is virtually private, not really private, and therein lies the whole concept of the VPN.

00:02:21

Everybody has an internet connection. We have them from home, we have them at our offices, even if our office has private lines connecting them together like a private T1 line that ties your offices together, they probably have an internet connection too; so people can surf the internet from the office. You can

00:02:40

have web servers at your office that people are accessing from the internet and all of that. So the whole concept of a VPN is since we're all connected to this big network why not use this big network a.k.a. the internet to allow all of our offices to talk together? So let's say this router over here represents an office in Arizona with a 100 users connected to a LAN. This is an office in Florida. Now, if we were

00:03:07

to purchase a we'll say T1 line, a private leased line between those offices, we would have to go to a service provider in Arizona and that would have to be a service provider that is somehow linked to California, sorry, Florida over there and we would say okay we will, we need a private line between these offices and they would say "ooof, private line"; it's going to cost you 2,000 dollars a month. 2,000 dollars in a month! you say as you throw your pen down on the table and and stare at them angrily. Yes that is, you know, a typical price of what

00:03:43

it would cost if you're just going to get a private line between your offices. 2000 dollars. Now we have these links to the internet which are, you know, they're, they can be expensive but I would say overall they're a dime a dozen. In Arizona, you know, maybe for a 100 person office you might pay for a pretty decent internet speed, I mean a T1 is about 1.544 megabits per second. And in for Arizona for we'll say a 2 to 3 megabit per second connection speed, a business class connection, you might be paying in the range of we'll say 300 to 500 dollars a month. Now, that's a business class connection.

00:04:24

I know some of you home users are like a "Hey, I can get internet at home faster than that for, you know, 60 bucks a month." That's that's a home connection. So we'll say for business class, you know, 200 to 300 dollars there or sorry, 300 to 500 300 or 500 dollars here, you not only get access to the internet, which you would need anyway, right, but, you can also create a VPN connection through the internet, a virtual private network that links the Arizona and Florida offices and not pay a penny more. That's my number 1 benefit for VPN connections is that they are cheaper, They are also widely available. They're available anywhere the

00:05:09

internet is available. Now, I'm talking right there of one type of VPN that links offices together but there's another type where we could have our users tie in from home using a VPN connection. And they are you know, it's as if we bought a private line for that PC or that home to link into the Arizona office. It's available anywhere

00:05:32

the internet connection is available. So even that 60 dollar a month internet connection can be used to allow the users to perform anything from home that they could as if they were actually in the Arizona office. It's VPN technology that has really led to the rise of telecommuting. People that work

00:05:51

from home full time, and do not leave their home, but their home is also their office. Leads to happier employees because, men, you get to save the drive, the gas, the sitting in the office space that you don't really want to sit in, and, you know. It saves the company money

00:06:07

because they don't have to build a cubicle, they don't have to provide you know, more restrooms, and more break rooms and all those services they have to provide to the employees on site. So it's a win win situation for most people. Heavily encrypted and secured is the next thing. VPNs, the

00:06:23

reason it's called virtual private network is because it's private and that privacy comes from the massive amount of encryption and security that's thrown on there. Therein is the benefit of VPN is it's very very difficult to break into that. It's you know, I won't say anything's impossible but it is virtually impossible to break into a VPN connection from the internet. But there in that 3rd bullet point is its weaknesses as well. In that because it is so heavily secured

00:06:55

and encrypted it takes a lot more overhead on the routers than just connecting on a private line. On a private line you don't have to encrypt anything you can just let them talk as if they were directly connected because it's private. But on the internet there's a lot of overhead, a lot of slowdown in processor utilization has to take place there.

00:07:15

Last but not least, the big benefit is many to many connections. For instance, if I was in Arizona and Florida, to get a private line, it's 2000 bucks a month, we'll say, that the price can vary, but you can only connect from Arizona to Florida. If Florida

00:07:31

wanted to connect over here to California I would have to buy another private line. You know either Arizona would have to link to California or Florida would have to link California. And that's another 2000 bucks a month because, that's another private line. With VPN's all you do is buy an internet

00:07:47

connection in each location and that allows anybody to connect to anybody. Many to many connections. Remote users can then get into the California office. The site to site users, the Arizona to California they can all connect. So VPN is truly an any to any connectivity.

00:08:07

VPN connections come in 2 major styles: site to site or what you see here as L to L, land to land. Or remote access. Now, this picture right here is a site to site VPN connection. This router represents some office that is connected to the internet through some, some kind of connection. Now you could have inside of that office

00:08:29

any number of users, hundreds or even thousands of users. And whenever they access an IP address that is over at this site with however many users inside of it the router recognizes that needs to go across the VPN. So it will come in, clear text, you know, unprotected, unencrypted, as soon as realizes it's going across the VPN it will encrypt it and send it through the internet which is a public network. It's very unsecure anybody can get that data but

00:08:58

it's still heavily encrypted that nobody can get to it. It reaches the other end which un-encrypts the data and then sends it over here to the clients. That is the site to site VPN and that is a direct replacement for a private line. Something you're paying a lot of monthly

00:09:15

charges for. If the site to site or land to land VPN links are offices, remote access VPNs link our homes or our laptops depending on where we are in the world. A remote access client is usually not always, but usually installed on a PC. You'll for instance

00:09:34

go to the CISCO website and download the CISCO VPN client. Or Microsoft has a VPN client built in. You'll type all the information into that VPN client that's needed to authenticate or work for the central site. It's user name and password or there's many different ways that they can have this.

00:09:55

Some companies I don't know if you've seen these, have token cards, which means they, somebody to get on the VPN pulls a token out of their wallets, it it looks like a credit card but it has a little electronic screen. They push a button on there and it generates a password that will let them connect to the VPN for exactly one minute. If they don't type that password in

00:10:15

in one minute they have to hit the button again to get a new password because it's always changing based on time. That's pretty secure. So people don't actually have a password. They have a token card that generates a password for them for that time. They even have bio metric methods nowadays;

00:10:32

where people will have to, I don't know if you've seen them, I've seen them I want one, they're awesome. I don't know why I want one, but they're awesome. They are laptops that have thumb print scanners on them. To where to get on the VPN you actually have to stick your thumb on the laptop.

00:10:47

It scans to make sure that you are who you say you are. And I mean, I'm thinking, I don't know, you've see Mission Impossible where they're lopping people's thumbs off and using them on the doors. And it's coming. I'm telling you. They have retina scanners where they'll scan

00:11:00

your eyeball and weird and creepy stuff. So whatever method they have you'll authenticate, it goes across the internet to the router and that allows that PC to become one with the LAN. It's virtually as if that PC was connected to that network for however long their connected to the VPN. As soon as they sever that they're now off

00:11:22

on the internet again. Everything that they send is encrypted over the VPN. Now I would say the most advancement has been taking place in the remote access VPN arena in recent years. Site to site VPNs, they work, they're standard, they've been around for a long time. Remote access has really been evolving.

00:11:43

Before recently, we would always have to you know purchase or buy that CISCO VPN client and install it on here. Nowadays they are setting up people's homes with little routers that make the VPN for you. So, you don't actually have to install anything on the laptop. You have this little router at home that will almost

00:12:02

create a site to site style of VPN from your home to the corporate office. And that allows any device in your home to access the VPN for a time, or however long that's connected. The reason that's pretty cool is because now people can connect telephones, voice over IP phones, to the network in their home and they could actually have their work extension, we'll say extension 1003 sitting in their office that goes through the VPN and it's like having a telephone at the work site. But, it's at their home. People are dialing 1003 and going over VPN and making somebody's home phone ring and they never know that because it's through the VPN. It's

00:12:43

invisible. They also have a new technology in the remote access arena that is being called two names, either an SSL VPN or a Web VPN. These are two names for the same saying. Installing the clients on the PC is painful. Meaning, you as an administrator have to go to that person's laptop, get them set up, get them with the token card if you're using that. Or retina

00:13:11

scanner, you know, whatever you're using. Get them all tweaked out and then they'll be able to go and authenticate. It's fine when you've got one, two, five users, you know, kind of thing, but when you've got fifty or sixty users that need to access the VPN that's a lot of time. So what SSL and Web VPNs do is they'll

00:13:31

allow this router to generate a web page. Somebody will open their PC and it connects to the router and it will display this web page, and it will say, you know, type in your username and password. It'll have a field on there, or your token code for the minutes that it's valid. You type it in there and what will happen is the

00:13:53

router will install a mini. It's like a mini-me version of the VPN clients on your laptop for as long as you are connected to that VPN and that will establish a VPN connection without ever having to install a client on the laptop or the PC. It's pretty awesome. And as soon as you close that page, VPN

00:14:13

closes down and everything's eliminated. It actually tunnels all that information through that web page. So we will call that SSL tunneling. But that's where remote access connections are evolving to. That's the logical connections of how VPNs work. Now

00:14:32

let's get a little bit technical and into the protocols that give them the power to do what they do. Just about everything that deals with VPN technology is worked all around this protocol known as IPSEC. IPSEC is the protocol that makes VPNs possible. It is the security

00:14:50

protocol that does all the heavy encryption and so on. Now IPSEC works with TCP/IP, we know what TCP/IP is. It's the protocol of communication that lets you talk over the network. You've got things like TCP and UDP. IPSEC is just another one of those protocols. It actually works at

00:15:09

the transport layer, like TCP and UDP you have a choice. Your computer or your VPN can also choose to use IPSEC when communicating over TCP/IP network. And IPSEC is not just one protocol. Just like when you say TCP/IP, there's many protocols that make that work like UDP and ARP and all these different protocols. IPSEC is the same way. Inside

00:15:33

of it, it has all these different, what I call, chunks, the chunks that build the IPSEC. IPSEC is built of three major, or sorry, four major categories of protocols. The first, well I'll take them on of order; is an encryption protocol. You get to choose one of those, and you can see the three in the list, encryption protocols to secure your data.

00:15:58

And that is a list from strongest to weakest. The, or I'm sorry, it's from weakest to strongest. This is the weakest, DES, one of the first encryption protocols to come out. Triple DES is essentially triple the strength of DES and AES is the new U.S. Government standard

00:16:13

that is the most powerful encryption that we have currently and that excludes, you know, all of the under the cover men in black style encryption that, you know, nobody really knows about or is proprietary and things like that. The benefit, I guess, is the weaker your encryption the less processing it takes and the overall faster connection you have. The stronger

00:16:41

your encryption the more secure you are, the less chance you have of somebody breaking your VPN and getting into your organization but the more overhead you have and the longer it takes to do that encryption. So as an administrator when you set up your VPN you get to choose what kind of encryption to use.

00:16:59

Authentication is the second piece. Authentication does a lot of things but primarily is focused around making sure data does not change from one end to the other. For example, if you have a client that is connected to a VPN. Here's our internet and is connected to a router

00:17:20

that connects to the corporate network and there's a server. When somebody is trying to hack your network they may not understand all those packets that are going across because they're all encrypted. So they can't really see what they are but what they could do, let's say we've got a intruder here, remember the internet's a public network so anybody can get on. We have this intruder who may not understand what you're sending

00:17:43

by what they can do is spoof packets. Meaning, send fake packets that look like you that kind of pretend to be you, but aren't really you. This is known as a man in the middle, a MIM, a man in the middle attack where he's in the middle of the conversation kind of taking packets, and pretending to be you and trying to decrypt the packets as it goes. You know, trying to break into that connection and

00:18:09

what authentication does is prevent those kind of attacks. So authentication makes sure that the stuff that is being sent is from the original person sending it. And it detects if somebody changes your packets, like as it's going across maybe he grabs your packet and sends his own in place of it to try and, you know, pretend to be you and inject some stuff into the network that doesn't belong there.

00:18:34

Well that's what authentication stops. Now, protection, I'll talk about that one third; the third chunk is what allows you to do all of this over a public network. Here's a thought you may not have thought through yet. If this guy is encrypting then he has to have an encryption key, right? I'll draw it like this. An encryption formula that allows him to scramble

00:19:02

the data before he sends it. Now in order for this to work, this guy over here has to have the same encryption key. Meaning, he has to be able to unencrypt what you're sending him in order for it to be of any use at all. So when that PC connects to the VPN, somehow it

00:19:24

has to get the encryption key it's going to use over to the router. Or vice versa the router would have to send the encryption key that it's going to use to the PC. Therein lies the problem. How do you send an encryption key over the internet to this person so that they can have it without this, this, you know, XX guy over here, the man in the middle, grabbing that key; because the internet's a public place. You can grab just about

00:19:51

anything you want off of it. Without this guy grabbing that key and then having the encryption and decryption formula and breaking into the VPN that way. Well, that's what protection is all about. Diffy Hellman is what that DH stands for a to talk about the specifics of how this is possible next.

00:20:11

The fourth chunk of IPSEC is, I guess, what you could call the engine. The idea behind IPSEC is they never wanted it to become out-dated. Meaning, new stuff comes out all the time. New encryption formulas are released, I mean, DH, or sorry, DES you see it right there under the encryption. When this originally came out

00:20:35

it was back in probably the late seventies early eighties that was, that was like, oh, you are not breaking this. This is unbreakable. Nobody can mess with this and it's, this is the encryption formula that will end encryption formulas. We thought that was that

00:20:51

was it. And then a twelve year old girl in Sweden, I'm not making this up, broke that encryption formula. A twelve year old girl figured out how to break the encryption formula that DES uses in a day; I think it was like within twenty four hours or less using her formula you could break in and pretty much tear that thing to shreds. Twelve

00:21:15

year old girl. Unbelievable. She's now dead. The government got her. No, I don't know what happened to her. She's probably working for the CIA somewhere. But that's the idea, you know, encryption formulas change, you know, AES just came out, it's fairly new, and everybody's saying; oh, that thing's so powerful. But, you know, give it twenty years

00:21:33

well ten years at the rate things are going and then it'll be, you know, people will be like, oh, yeah some two year old in Massachusetts totally tore that thing apart. It's always going to change, is my point. So what this negotiation protocol is there to do is be kind of a changer I guess. That's a horrible way to describe it, but it's essentially

00:21:57

a piece of IPSEC that lets everything in IPSEC be changeable. Think about it this way. If IPSEC were a car this would be the engine of it. And you can actually change out the whole engine of IPSEC. If you had a four cylinder you could go on and swap it and put in an eight cylinder. That's what this a AH, ESP

00:22:20

and ESP plus AH is. AH was the original engine that came out with IPSEC. The problem is that AH or it's known as the authentication header, couldn't do encryption. That was back when IPSEC was just in its infancy. And so they came out with the ESP, think of that like the v6 engine for the IPDEC protocol. And that allowed it to do encryption and authentication and the protection, the chunks that you see on there. ESP plus AH came out

00:22:47

which allows you to double up on things. That's like the v8 engine. The, it's more powerful but sucks more gas you know, it's kind of a resource consuming chunk. And they can come out with new engines, you know, someday down the road they'll come out with jay five nine or something as a new engine of IPSEC that adds even more protection. That's the goal, is they don't

00:23:07

want it to change. When you, when you think about TCP/IP, we currently use version four, but the problem is, is they're having to replace it. TCP/IP version four reached its max. Ir got maxed out, if you will, the IP addresses ran out. So TCP/IP version six is coming to replace it. They never wanted

00:23:27

to have to do that with IPSEC. Alright, the last piece of VPN technology that we'll talk about here, is how does it all work? I mean, how is it possible to get true security over a public network when you have to send those encryption keys to each other, where anybody could grab them? Well here's the idea. The way VPN's work

00:23:49

is through a combination of security keys. First and foremost I need to identify a big difference in technology. There are really two types of encryption and decryption. First I'll talk about symmetric. Symmetric encryption is encryption that uses the same key to encrypt and decrypt. Meaning, if you've got that key, this

00:24:16

is known as a shared secret key you can, you can, take data you know, say somebody over here sends some data into the router you can take that and encrypt it and then when it gets over here to the internet and is received at the other side they can use the same exact key that you used to decrypt it.

00:24:34

The benefit of symmetric encryption is it's really fast and it's really easy on your processor. When we talked about DES and triple DES three DES excuse me, and AES those are all forms of symmetric encryption. Meaning, they use the same key to encrypt and decrypt. Now that's great and

00:24:55

it's it's very fast but the problem is when one of these routers is going to generate that key every single time somebody connects to the VPN and it has to send it over the internet to the other side so they've got that key to do the encryption and decryption. That's the problem I described before. So how

00:25:13

do you do that without somebody grabbing that key in the middle and then, you know, using that to tear apart all your VPN and they can decrypt anything that you send. That's where Diffy Hellman came in. Diffy Hellman is actually the name of two guys that created a system for doing this. Diffy and Hellman actually

00:25:33

worked together and here's the idea. Diffy Hellman security uses something known as asymmetric encryption. What that means is you have a two key system. A public and private. The public key, anything that it encrypts can be decrypted with the private key.

00:25:58

And anything the private key encrypts can be decrypted with the public key. They can do both but they're complete opposites of each other. Now they're called public and private key for a reason. When somebody connects to the VPN, let's say this is a site to site; I'll put S to S. Site to site VPN between these two routers. When somebody

00:26:22

brings up that VPN connection, the first thing that happens is the router that receives the connection sends a key. Let's say that the right router connected to the left router. The left router will send the right router its Diffy Hellman public key. Check out

00:26:41

that animation, pretty sophisticated. So now this right router has an encryption formula. Anything encrypted with this public key can only be decrypted with the private key. Now there's the secret. That private key is kept hidden behind this router, or in that router. It will never be given out to anybody that's

00:27:02

why they call it a private key. So the router on the right generates that shared secret key and encrypts it with this public key. Encrypted. So it sends this encrypted version of the shared secret key tracking across the internet here over here and that is completely scrambled and the only thing that can decrypt that is the private key.

00:27:29

Likewise if we were to connect the other way, you know, the right router would send its public key over here and then its private key would be used to decrypt anything that the left router encrypted. But we're only using one set for now, so let me move these out of here so we're not confusing. Once this router on the left hand side

00:27:51

has the shared secret key right here, it's able to decrypt it with private and then they now have, they both have the same symmetric encryption and decryption key that they can use for that session. Now once that VPN connection is done and over with. Meaning, okay we're ready to tear it down, that shared secret

00:28:11

is thrown away. Off it goes. And the next time the connection happens a new shared secret key is going to be generated. So the point is, is that the encryption keys that are being used to encrypt all the data over the VPN are constantly changing. They're always being regenerated and renewed. Even if this is

00:28:31

a site to site VPN connection that's always connected, it's always up always-on, after a certain amount of time it will say okay we've used these keys long enough let's scrap them and regenerate them again and then use these Diffy Hellman keys to secure the exchange of that shared secret.

00:28:48

Now, you might be thinking. Couple, couple of thoughts I had when I first got into cryptography and how all this works. Maybe you're thinking, well first off if you've got this encryption formula right here, Diffy Hellman public and you're sending that all over the place, meaning, that's being sent in clear text across the internet, can't somebody get that key and you know, kind of reverse the formula to figure out the private. I mean,

00:29:16

the way, the way I was thinking about it, I thought, you know, why took algebra, I even took calculus, you know, if the Diffy Hellman public key is X plus one equals, you know, two; I can do the math subtract it out and be like, oh well then X really equals one, now I've got the secret. Well the, this, you can tell

00:29:38

the brilliance of my mathematics. I'm like, that's difficult right there. But the public keys and the formulas that they use in those Diffy Hellman public keys are so sophisticated and so advanced it is theoretically impossible to figure out what the reverse encryption of that is or what the reverse of it is. If you just

00:30:01

have one side of the key. Meaning, inside of there they use logarithmic functions and things they just cannot be reversed. There's, there's a billion possible answers to what the reverse of that could be so, you know, you'll just have to trust me; that doesn't all make sense. It is impossible to create or reverse

00:30:22

engineer a private key if you just have the public key. Second thought I had when I first was learning about this. If the public key and private key system is so super-duper secure, why do you even need this shared secret thing? I mean, why can't you just, you know, get the shared secrets out of here and, you know, reduce some of the complexity right? And just, just say okay we'll just use the public and I'll send you my public and you'll send me your your public and then I'll use this to encrypt everything and you can decrypt it with your private. And you can, you know, you can use; let

00:31:01

me put these keys in the right place. You can encrypt anything you need to send me with your public and I'll decrypt it with my private, you know, then kind of swap it that way. Well honestly that would work in that it would, it would secure but these formulas; it kind of goes along with the last answer I gave you. These formulas

00:31:19

are so massive and so super complex that they cause a ton of overhead. Asymmetric is like a hundred times more processing than what a symmetric key would be. It really burdens down your router and that's why the routers only use them for an instant. They just use that encryption formula and that system to get the symmetric key across and then it says okay I'm done with you because you, max out my processor. Otherwise that would be

00:31:47

the perfect encryption solution. That's the idea behind VPN connections. At least at the CCNA level. I encourage you, if you want to know more about VPNs, CISCO has now added it to the CCNP track. It's actually in the CCNP now under the ISCW exam. So if you want

00:32:09

to check out CBTNuggets, they offer that video. And also if you want the full scoop, the ICW gives you a much more than what I just gave you, it's about eight videos on it. But if you want the full scoop on what VPNs are, how to set them up, how to work with them, all that, that's what the CCSP track is all about.

00:32:26

The security track for, did I say CCSP? I think I did. CCSP. The security track for CISCO that's where they talk fully about them. In here we talk about why use VPN connections. And to review, we use VPN connections because they're cheaper. They allow more flexibility, you can connect to more places and you can just use your existing internet connection to make that happen.

00:32:48

They're very flexible. We looked at the different styles of VPN connections, which was really divided into site to site and remote access VPNs. Where remote access is seeing the most evolution right now as we move in to technologies like web VPNs. Finally

00:33:03

we looked at a high level overview of VPN connectivity. Talked about the IPSEC protocol suite that allows VPNs to happen. And how IPSEC and how VPNs can securely communicate over a public network. I hope this has been informative for you and I'd like to thank you for viewing.

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003