Speak to our team now +44 (0)1737 821590

Total IPsec for engineers

A 3 day
HANDS ON
training course

IPsec training course description

This hands on course focuses on IPsec VPNs. The course is vendor neutral with hands on with both Cisco and Microsoft implementations.

Key outcomes from this course

By the end of the course delegates will be able to:
  • Explain how IPsec works.
  • Configure IPsec.
  • Troubleshoot IPsec.

IPsec training course details

Who will benefit:
Technical staff working with IPsec.
Prerequisites:
IP VPNs.
Duration:
3 days

Training approach

This structured training course seeks to build upon workbook learning through the use of group exercises, dynamic discussion and individual tasks in order to deliver an engaging and interactive module that will ensure all candidates are able to transfer their new skills into the workplace.

Overall ratings for this course:

Course review


"Hard concepts were explained very simply."
J. S., Framestore CFC
"Excellent presentation - very good course structure."
B. M., London Internet Exchange

IPsec training course contents

What is IPsec?
VPN review, IP review, fragmentation, authentication, encryption, What is IPsec? AH, ESP. IPSec with IPv4, IPsec with IPv6.
Hands on: Simple analysis of "normal" IP packets.

IPsec architecture
The IPsec protocols, transport mode, tunnel mode, implementations: Host tack, Bump in the Stack, Bump in the Wire.
Hands on: Configuring IPsec.

AH
What AH does, the stack, security associations, Security Parameters Index, The AH header, AH in transport mode, AH in tunnel mode.
Hands on: AH packet analysis.

ESP
What ESP does, the ESP header, ESP in transport mode, ESP in tunnel mode, ESP and SA, ESP and SPI.
>Hands on: ESP packet analysis.

Algorithms
Authentication algorithms: MD5, keyed SHA-1, HMAC-MD5, HMAC-SHA-1, HMAC-RIPEMD, other authentication algorithms. Encryption algorithms: DES, 3DES, Blowfish, AES, other encryption algorithms.
Hands on: Algorithm configuration.

IKE
Internet Key Exchange, the two phase negotiation, ISAKMP, ISAKMP header, pre shared keys, digital signatures, public key encryption, Diffie Hellman, proposals, counter proposals, nonces, identities, phase 1 negotiation: main mode, aggressive mode, base mode. Phase 2 negotiation: quick mode, new group mode.
Hands on: IKE packet analysis.

More IKE
PFS, IKE and dynamic addresses, XAUTH, hybrid authentication, CRACK, ULA, PIC. User level authentication. IKE renegotiation, heartbeats.
Hands on: Troubleshooting IPsec.

Security policies
PF_KEY, policy setting and enforcement, policy configuration, policy servers, policy exchange.
Hands on: Policy configuration.

PKI
What is PKI?, CA, RA, VA, certificates, CA hierarchy, CRLs, certificate formats.
Hands on: installing and configuring certificate servers.

Summary
IPsec strengths and weaknesses. Where to get further information.

Why Choose Us

SNT trainers score an average of over 90% on the three main areas of:
  • Ability to teach
  • Technical knowledge
  • Answering questions
“Excellently presented by a very knowledgeable and enthusiastic trainer.” P.D. General Dynamics

We limit our maximum class size to 8 delegates; often we have less than this. This ensures optimal interactivity between delegates and instructor.
"Excellent course. The small class size was a great benefit…" M.B. IBM

We write our own courses; courseware does not just consist of slides and our slides are diagrams not bullet point text. A typical chapter provides clearly defined objectives with a chapter overview, slides with text underneath, a quiz at the end to check the learning of the students. Hands on exercises are at the end and are used to reinforce the theory.

See Dates & Prices for this course

To enquire about this course

To reserve this course online