EllisTalks logo - Link to Home Photo of Chris Ellis
EllisTalks homeProductsOrderTestimonialsAbout EllisTalksContact EllisTalksPreviews

Buy Now!

Video Series

Volume III - IPSec Based VPNs


After taking this course you will:

  • Better understand the different types of VPNs (Frame Relay, MPLS, L2TP and IPSec
  • Understand the main IPSec protocols: AH (Authentication Header), ESP (Encapsulating Security Payload), and IKE (Internet Key Exchange)
  • Understand tunnel- versus transport-mode for transmitting authenticated and encrypted traffic
  • See how basic encryption works
  • Understand the algorithms available for use
  • See how symmetrical versus asymmetrical keys work.
  • Understand how hashing algorithms and message digests work
  • Better understand how shared, secret-keys can be safely generated on the Internet, using the Diffie-Hellman key exchange.

Defining a VPN

  • Frame Relay
  • MPLS – a Carrier centric solution
  • IPSec – a CPE based solution

Other VPN Standards

  • PPTP and L2F
  • L2TP
  • General architecture
  • Voluntary vs compulsory L2TP
  • Major terms briefly defined
  • LACs & LNSs
  • Strengths and weaknesses
  • Inherent lack of encryption/security


  • IPSec from 5000 feet
  • IPSec's main features
  • Encryption
  • Authentication
  • Key Management
  • Security Associations
  • Tunnel Mode and Transport Mode

A Primer on Encryption

  • Breaking encrypted messages
  • IPSec encryption
  • Encryption based on XOR (the Exclusive-Or)
  • Symmetrical vs asymmetrical examples

IPSec Protocol Details

  • The AH protocol
  • Authentication Header's main functions
  • Hashing versus Message Digests (MDs)
  • MDs versus MACs and HMACs
  • Inside the AH header
  • Authentication protocols
  • SHA-1, MD5
  • The ESP protocol
  • Function and purpose of ESP
  • ESP header/trailer details
  • Transport Mode operation
  • Portions of IP datagram authenticated in Transport mode
  • Portions of IP datagram encrypted in Transport mode
  • Tunnel Mode operation
  • Portions of IP datagram authenticated in Tunnel mode
  • Portions of IP datagram encrypted in Tunnel mode
  • An overview to IKE (Internet Key Exchange)
  • The Diffie-Hellman method
  • The Diffie-Hellman algorithm explained
  • IKE Security Associations (SAs)
  • Why an IKE SA?
  • What are Split Tunnels
  • IKE Phase I: Main Mode
  • Establishing an IKE SA
  • IKE Phase II: Quick Mode
  • What is an IPSec SA
  • IKE Aggressive Mode
  • What are its advantages and disadvantages

For any questions or for more information, send an email to ppeetsinfo@ellistalks.com.