This was very helpful. I have been unsure about IPsec vs SSL security differences. I have setup a IPsec vpn connection for my office. As I read about the two, it seems SSL is more popular. It makes more sense now that it was broken down into the OSI layers and all. I think I'll stay with my IPsec vpn connections now.
Gary Frazier SSL works more reliably for remote users because when they travel they'll most likely be able to get out over TCP 443 vs UDP 4500 (NAT-T). We can't control the firewalls of remote airports, hotels, conference centers etc, so TCP443 is the way to go :)
You were going good until 12:35.. the flow broke and I had wo watch again and again, to catch u, 2nd thing I would never have understood what u were saying about tcp retransmissions related to vpn just few secs later if I had not watched TCP- meltdown video by computerphile.. good video btw, pratical examples make it better.. good.. make more. could u do one on ssh tunneling and similar ?
Thanks Ryan for Simplicity and make an unobvious issue to be cleared. But still I have quesiton regards SSL / TLS . SSL is in application layer which use TCP 443 as Transport Layer . so thats mean TLS should in Application layer NOT Transport Layer ? am I right. please explain
SSL is in the presentation layer, layer 6, this is where the "work" takes place. As far as allowing SSL VPN traffic, it's Default TCP 443 and there is also a more efficient D-TLS (Datagram) which uses UDP. DTLS is efficient however it requires firewall admins to allow their guest networks to pass UDP 443.
Hey, can you please tell me if there is a piece of vpnssl hardware that I can buy that will not require me to subscribe to a monthly service? This is for safe internet browsing, not for corporate connectivity.Thanks.
hello ryan i have a good question please help me to figure out. in a sesión SSL is a fact that you have a public key within the digital certificate that the server send you. and the server has the private Key. is a fact that you (the user) encrypt with the public key and the only one who can DesEncrypt is the server. my doubt is somebody inside my swicht with wireshark capture a Packet from the server to the user (first) and me (the second user) with the public key that i got because is a public key can DesEncrypt that Packet ?? and see the data that the server is sending to the First User ??
Als SSL-VPN (englische Schreibweise: SSL VPN ohne durchkoppelnden Bindestrich) bezeichnet man Systeme, die den Transport privater Daten über öffentliche Netzwerke ermöglichen (siehe VPN) und als Verschlüsselungsprotokoll TLS (alte Bezeichnung: SSL) verwenden. Prinzipiell ist SSL als Verschlüsselungsprotokoll für VPN sowohl für Site-to-Site- als auch End-to-Site-VPNs geeignet. In den 1990er-Jahren gab es Systeme, die SSL als Sicherungsschicht für Site-to-Site-VPNs einsetzten. Mit der Entwicklung von IPsec und der zunehmenden Vernetzung über Organisationsgrenzen hinaus hat das standardisierte, interoperable IPsec sich als Alternative etabliert. Der entscheidende Vorteil von SSL-VPN gegenüber IPsec ist die Bereitstellung des Netzwerk- und Applikationszugriffs für mobile Anwender, da die Konfiguration der Clients einfacher möglich ist als mit einer Lösung durch IPsec. de.wikipedia.org/wiki/SSL-VPN
Protocol numbers are different than port numbers. If you look at a picture of an IP header you'll see it has a PROTOCOL field, that field holds a number, like 17 , which would mean UDP. When an IP packet is being processed the computer uses the protocol field to know how to decode layer 4. This is really confusing at first, hope that helped.
+Ryan Lindfield Hello Ryan, thanks for your efforts, I think this video is continuation of another video. So, can you please provide a link for that video (if at all there is any). Thanks
Sounds a bit like you're selling Cisco. OpenVPN works everywhere and is faster and much easier to set up. Managing and configuring ASAs is a nightmare.
Hola: Tengo el Corporativo y las sucursales unidos por VPN todos, uso escritorio remotos para el RP en todas las sucursales. quiero conectarme al server desde las sucursales usando el Nombre del Servidor y No la dirección ip. En el corporativo si me conecto al Server desde la misma LAN interna usando el nombre del SERVER, pero cuando quiero conectarme desde una sucursal usando el nombre del server no me resuelve, no lo encuentra el escritorio remoto a través de conexión VPN, solamente con la dirección IP funciona. Que se puede hacer para que el nombre del Server este publico a través de las VPN ?? Gracias
your explanation is not that much clear. new engineer can not understand. only experienced engineer can understand. if some one experienced, then why does he need your video?
A company wants to implement a large number of WAPs throughout its building and allow users to be able to move around the building without dropping their connections Which of the following pieces of equipment would be able to handle this requirement? (A). A VPN concentrator (B). A load balancer (C). A wireless controller (D). A RADIUS server
Beautiful beautiful video!!!!
This is what I call real treasure. Pure knowledge.
Thank you Sir!!
Please keep on posting.
+Prashant Sharma Thanks for your kind words, happy it was helpful.
Hi Ryan, Great job articulating key difference between SSL and IPSec VPN protocols. Thanks
My pleasure!
This is very CLear! Thank you for this Video
Man you don't know how much you've helped me with this, thank you very much for your knowledge !!
Perfectttttttt. I read alot of blogs and thought I knew the answers and you surprised me.
Not only do you know your stuff; you are very good at transferring knowledge; great video. I learned a lot from your videos.
Outstanding discussion. Learned a lot. Thank you
Many thanks Ryan ! brillant explanations !
Needed a quick refresher, very well explained, thanks Ryan!
This is amazing.
Beautifully explained.
Thank you very much for this video, always helps me revise for situations on demand.
Very detailed good explanation, but I would always prefer a IPSec IKEv2 connection over a SSL one ;-)
Ludwig Hertel
Excellent explanation. Thanks Ryan
This was very helpful. I have been unsure about IPsec vs SSL security differences. I have setup a IPsec vpn connection for my office. As I read about the two, it seems SSL is more popular. It makes more sense now that it was broken down into the OSI layers and all. I think I'll stay with my IPsec vpn connections now.
Gary Frazier SSL works more reliably for remote users because when they travel they'll most likely be able to get out over TCP 443 vs UDP 4500 (NAT-T). We can't control the firewalls of remote airports, hotels, conference centers etc, so TCP443 is the way to go :)
A very beneficial video Must thank you for your knowledge sharing
Best explanation ever got!!Thank you so much sir...
Awesome! Very informative and to the point!
You rock mate.... simply the best.
+Jagdeep Gambhir Thanks for watching glad it helped :)
Excellent! Extremely helpful overview.
vorpalmusic Thanks man!
Thanks a lot for such a session.. very useful indeed
Gold content right here
Thanks for video upload..clear and simple to understand
Crystal clear. Thank you sir.
awesome explanation
This is a great video! Thank you.
Very good explanation.. keep it up
Thanks Rhyan for awesome knowledge transfer, do you have more videos on either security or RS/DC ?
Excellent stuff.
perfect explaination!! many thanks
Awesome video, thanks Ryan. Also...I just gave this video a thumbs up and it was thumbs up number 443...get it?
You were going good until 12:35.. the flow broke and I had wo watch again and again, to catch u, 2nd thing I would never have understood what u were saying about tcp retransmissions related to vpn just few secs later if I had not watched TCP- meltdown video by computerphile.. good video btw, pratical examples make it better.. good.. make more. could u do one on ssh tunneling and similar ?
Geniuss.. thanks man
Very informative...
wow, thank you so much!
Thanks Ryan for Simplicity and make an unobvious issue to be cleared. But still I have quesiton regards SSL / TLS . SSL is in application layer which use TCP 443 as Transport Layer . so thats mean TLS should in Application layer NOT Transport Layer ? am I right. please explain
SSL is in the presentation layer, layer 6, this is where the "work" takes place. As far as allowing SSL VPN traffic, it's Default TCP 443 and there is also a more efficient D-TLS (Datagram) which uses UDP.
DTLS is efficient however it requires firewall admins to allow their guest networks to pass UDP 443.
Thank you so much
Your videos are A+ quality.
Thanks a lot !
Thank you Sr.
Awesome video
Excellent!!!
Nice video
Excellent
Hey, can you please tell me if there is a piece of vpnssl hardware that I can buy that will not require me to subscribe to a monthly service? This is for safe internet browsing, not for corporate connectivity.Thanks.
hello ryan i have a good question please help me to figure out. in a sesión SSL is a fact that you have a public key within the digital certificate that the server send you. and the server has the private Key. is a fact that you (the user) encrypt with the public key and the only one who can DesEncrypt is the server. my doubt is somebody inside my swicht with wireshark capture a Packet from the server to the user (first) and me (the second user) with the public key that i got because is a public key can DesEncrypt that Packet ?? and see the data that the server is sending to the First User ??
Als SSL-VPN (englische Schreibweise: SSL VPN ohne durchkoppelnden Bindestrich) bezeichnet man Systeme, die den Transport privater Daten über öffentliche Netzwerke ermöglichen (siehe VPN) und als Verschlüsselungsprotokoll TLS (alte Bezeichnung: SSL) verwenden. Prinzipiell ist SSL als Verschlüsselungsprotokoll für VPN sowohl für Site-to-Site- als auch End-to-Site-VPNs geeignet. In den 1990er-Jahren gab es Systeme, die SSL als Sicherungsschicht für Site-to-Site-VPNs einsetzten. Mit der Entwicklung von IPsec und der zunehmenden Vernetzung über Organisationsgrenzen hinaus hat das standardisierte, interoperable IPsec sich als Alternative etabliert.
Der entscheidende Vorteil von SSL-VPN gegenüber IPsec ist die Bereitstellung des Netzwerk- und Applikationszugriffs für mobile Anwender, da die Konfiguration der Clients einfacher möglich ist als mit einer Lösung durch IPsec.
de.wikipedia.org/wiki/SSL-VPN
Hi sir..m confused..doesn't esp have a port number, 50.. wat was the need of a udp overhead..plz help
Protocol numbers are different than port numbers.
If you look at a picture of an IP header you'll see it has a PROTOCOL field, that field holds a number, like 17 , which would mean UDP.
When an IP packet is being processed the computer uses the protocol field to know how to decode layer 4.
This is really confusing at first, hope that helped.
@@RyanLindfield Ty Sir.. I will read more on it and then get back to you if I need any further clarification
GURU ... GOD BLESS "_)
+Ryan Lindfield
Hello Ryan, thanks for your efforts, I think this video is continuation of another video. So, can you please provide a link for that video (if at all there is any). Thanks
Great!!!!!!!!!!!!!
its pretty informative....😉
Why the esp port number disappeared?
Sounds a bit like you're selling Cisco. OpenVPN works everywhere and is faster and much easier to set up. Managing and configuring ASAs is a nightmare.
Instructor speaking style is so much similar to Khawar Butt....
Hola: Tengo el Corporativo y las sucursales unidos por VPN todos, uso escritorio remotos para el RP en todas las sucursales. quiero conectarme al server desde las sucursales usando el Nombre del Servidor y No la dirección ip. En el corporativo si me conecto al Server desde la misma LAN interna usando el nombre del SERVER, pero cuando quiero conectarme desde una sucursal usando el nombre del server no me resuelve, no lo encuentra el escritorio remoto a través de conexión VPN, solamente con la dirección IP funciona. Que se puede hacer para que el nombre del Server este publico a través de las VPN ?? Gracias
fue resuelto
why it is not possible to configure site to site vpn using ssl ?
that's a quiet class
your explanation is not that much clear. new engineer can not understand. only experienced engineer can understand. if some one experienced, then why does he need your video?
Learn to spell, dude.
A company wants to implement a large number of WAPs throughout its building and allow
users to be able to move around the building without dropping their connections Which of the
following pieces of equipment would be able to handle this requirement?
(A). A VPN concentrator
(B). A load balancer
(C). A wireless controller
(D). A RADIUS server
A?