3.1.b Describe hairpinning, split tunneling, and NAT traversal

3.1.b Describe hairpinning, split tunneling, always-on, NAT traversal

Hairpinning:

When we need access to the company and the internet. It uses Cisco anyconnect (Remote access VPN or Site to Site VPN)
It establish a VPN connection to the firewall and the firewall connects you to the internet.
To go to the internet, the firewall sends you back out the same way it came in.
This cause split horizon because: it is going in and out the same interface we learned the route.
Cisco firewall does not like it because of split horizon, but it can be implemented.

Split tunneling:

The VPN tunnel only connects you to the company resources using cisco anyconnect (Remote access VPN or Site to Site VPN)
The only data used for the tunnel is for the data intended for the DMZ or the Local infrastructure.
When we go to the internet, we use the router and not the VPN.
Some say that an attacker can gain access to the host, and then, use that host to gain access to the VPN and attack the company. (it is possible, but not likely)

Always-on:

Two firewalls connected at all times. It does not use Cisco anyconnect, because it needs a to be automatically formed and not manually formed.
If the devices are on, a VPN tunnel is created.
The VPN is always on for the devices.
It is a persistent VPN connection.
This is for really high securely. It is for companies that have multiple sites and all the sites needs to be sending and sharing data.
It is site-to-site VPN. We rely on that connection to be on at all times.

NAT traversal:

NAT changes the IP address when the data is going in our out of ther network. (Remote VPN or Site-to-Site VPN)
Therefore, NAT changes the AH header and it won’t match on the other side.
If it does not matches on the other side, it is going to be discarded.
Which is why NAT traversal was designed for. NAT Traversal takes the ESP Encrypted Packet and adds a fake NAT header to it. It does not changes the ESP packet or AH header.
When it arrives at the destination, the firewall will know that it is a fake NAT Header

Configure WLAN using WPA2 PSK and AAA using the GUI

WAP2 Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are three security and

CCNA 200-301 – Configure and Verify Data and Voice VLANs

What is a VLAN? VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are usually

3.1.b Describe hairpinning, split tunneling, and NAT traversal

Follow Me

Twitter

Facebook

Tiktok

Youtube

3.1.b Describe hairpinning, split tunneling, always-on, NAT traversal

Hairpinning:

Split tunneling:

Always-on:

NAT traversal:

Related Posts

Configure WLAN using WPA2 PSK and AAA using the GUI

CCNA 200-301 – Configure and Verify Data and Voice VLANs

Follow Me

Twitter

Facebook

Tiktok

Youtube

Categories

Help by Donating

Help Us By Donating

Paypal

Patreon