This was very helpful. I have been unsure about IPsec vs SSL security differences. I have setup a IPsec vpn connection for my office. As I read about the two, it seems SSL is more popular. It makes more sense now that it was broken down into the OSI layers and all. I think I'll stay with my IPsec vpn connections now.
Gary Frazier SSL works more reliably for remote users because when they travel they'll most likely be able to get out over TCP 443 vs UDP 4500 (NAT-T). We can't control the firewalls of remote airports, hotels, conference centers etc, so TCP443 is the way to go :)
You were going good until 12:35.. the flow broke and I had wo watch again and again, to catch u, 2nd thing I would never have understood what u were saying about tcp retransmissions related to vpn just few secs later if I had not watched TCP- meltdown video by computerphile.. good video btw, pratical examples make it better.. good.. make more. could u do one on ssh tunneling and similar ?
Als SSL-VPN (englische Schreibweise: SSL VPN ohne durchkoppelnden Bindestrich) bezeichnet man Systeme, die den Transport privater Daten über öffentliche Netzwerke ermöglichen (siehe VPN) und als Verschlüsselungsprotokoll TLS (alte Bezeichnung: SSL) verwenden. Prinzipiell ist SSL als Verschlüsselungsprotokoll für VPN sowohl für Site-to-Site- als auch End-to-Site-VPNs geeignet. In den 1990er-Jahren gab es Systeme, die SSL als Sicherungsschicht für Site-to-Site-VPNs einsetzten. Mit der Entwicklung von IPsec und der zunehmenden Vernetzung über Organisationsgrenzen hinaus hat das standardisierte, interoperable IPsec sich als Alternative etabliert. Der entscheidende Vorteil von SSL-VPN gegenüber IPsec ist die Bereitstellung des Netzwerk- und Applikationszugriffs für mobile Anwender, da die Konfiguration der Clients einfacher möglich ist als mit einer Lösung durch IPsec. de.wikipedia.org/wiki/SSL-VPN
Thanks Ryan for Simplicity and make an unobvious issue to be cleared. But still I have quesiton regards SSL / TLS . SSL is in application layer which use TCP 443 as Transport Layer . so thats mean TLS should in Application layer NOT Transport Layer ? am I right. please explain
SSL is in the presentation layer, layer 6, this is where the "work" takes place. As far as allowing SSL VPN traffic, it's Default TCP 443 and there is also a more efficient D-TLS (Datagram) which uses UDP. DTLS is efficient however it requires firewall admins to allow their guest networks to pass UDP 443.
Protocol numbers are different than port numbers. If you look at a picture of an IP header you'll see it has a PROTOCOL field, that field holds a number, like 17 , which would mean UDP. When an IP packet is being processed the computer uses the protocol field to know how to decode layer 4. This is really confusing at first, hope that helped.
hello ryan i have a good question please help me to figure out. in a sesión SSL is a fact that you have a public key within the digital certificate that the server send you. and the server has the private Key. is a fact that you (the user) encrypt with the public key and the only one who can DesEncrypt is the server. my doubt is somebody inside my swicht with wireshark capture a Packet from the server to the user (first) and me (the second user) with the public key that i got because is a public key can DesEncrypt that Packet ?? and see the data that the server is sending to the First User ??
Hey, can you please tell me if there is a piece of vpnssl hardware that I can buy that will not require me to subscribe to a monthly service? This is for safe internet browsing, not for corporate connectivity.Thanks.
+Ryan Lindfield Hello Ryan, thanks for your efforts, I think this video is continuation of another video. So, can you please provide a link for that video (if at all there is any). Thanks
Hola: Tengo el Corporativo y las sucursales unidos por VPN todos, uso escritorio remotos para el RP en todas las sucursales. quiero conectarme al server desde las sucursales usando el Nombre del Servidor y No la dirección ip. En el corporativo si me conecto al Server desde la misma LAN interna usando el nombre del SERVER, pero cuando quiero conectarme desde una sucursal usando el nombre del server no me resuelve, no lo encuentra el escritorio remoto a través de conexión VPN, solamente con la dirección IP funciona. Que se puede hacer para que el nombre del Server este publico a través de las VPN ?? Gracias
Sounds a bit like you're selling Cisco. OpenVPN works everywhere and is faster and much easier to set up. Managing and configuring ASAs is a nightmare.
your explanation is not that much clear. new engineer can not understand. only experienced engineer can understand. if some one experienced, then why does he need your video?
A company wants to implement a large number of WAPs throughout its building and allow users to be able to move around the building without dropping their connections Which of the following pieces of equipment would be able to handle this requirement? (A). A VPN concentrator (B). A load balancer (C). A wireless controller (D). A RADIUS server
Beautiful beautiful video!!!!
This is what I call real treasure. Pure knowledge.
Thank you Sir!!
Please keep on posting.
+Prashant Sharma Thanks for your kind words, happy it was helpful.
Hi Ryan, Great job articulating key difference between SSL and IPSec VPN protocols. Thanks
My pleasure!
This is very CLear! Thank you for this Video
Man you don't know how much you've helped me with this, thank you very much for your knowledge !!
Not only do you know your stuff; you are very good at transferring knowledge; great video. I learned a lot from your videos.
Perfectttttttt. I read alot of blogs and thought I knew the answers and you surprised me.
Outstanding discussion. Learned a lot. Thank you
Many thanks Ryan ! brillant explanations !
Needed a quick refresher, very well explained, thanks Ryan!
This is amazing.
Beautifully explained.
Excellent explanation. Thanks Ryan
Thank you very much for this video, always helps me revise for situations on demand.
Gold content right here
Awesome! Very informative and to the point!
Excellent! Extremely helpful overview.
vorpalmusic Thanks man!
A very beneficial video Must thank you for your knowledge sharing
Very good explanation.. keep it up
You rock mate.... simply the best.
+Jagdeep Gambhir Thanks for watching glad it helped :)
Thanks a lot for such a session.. very useful indeed
awesome explanation
This was very helpful. I have been unsure about IPsec vs SSL security differences. I have setup a IPsec vpn connection for my office. As I read about the two, it seems SSL is more popular. It makes more sense now that it was broken down into the OSI layers and all. I think I'll stay with my IPsec vpn connections now.
Gary Frazier SSL works more reliably for remote users because when they travel they'll most likely be able to get out over TCP 443 vs UDP 4500 (NAT-T). We can't control the firewalls of remote airports, hotels, conference centers etc, so TCP443 is the way to go :)
Excellent stuff.
Why the esp port number disappeared?
Best explanation ever got!!Thank you so much sir...
You were going good until 12:35.. the flow broke and I had wo watch again and again, to catch u, 2nd thing I would never have understood what u were saying about tcp retransmissions related to vpn just few secs later if I had not watched TCP- meltdown video by computerphile.. good video btw, pratical examples make it better.. good.. make more. could u do one on ssh tunneling and similar ?
Als SSL-VPN (englische Schreibweise: SSL VPN ohne durchkoppelnden Bindestrich) bezeichnet man Systeme, die den Transport privater Daten über öffentliche Netzwerke ermöglichen (siehe VPN) und als Verschlüsselungsprotokoll TLS (alte Bezeichnung: SSL) verwenden. Prinzipiell ist SSL als Verschlüsselungsprotokoll für VPN sowohl für Site-to-Site- als auch End-to-Site-VPNs geeignet. In den 1990er-Jahren gab es Systeme, die SSL als Sicherungsschicht für Site-to-Site-VPNs einsetzten. Mit der Entwicklung von IPsec und der zunehmenden Vernetzung über Organisationsgrenzen hinaus hat das standardisierte, interoperable IPsec sich als Alternative etabliert.
Der entscheidende Vorteil von SSL-VPN gegenüber IPsec ist die Bereitstellung des Netzwerk- und Applikationszugriffs für mobile Anwender, da die Konfiguration der Clients einfacher möglich ist als mit einer Lösung durch IPsec.
de.wikipedia.org/wiki/SSL-VPN
Thanks Ryan for Simplicity and make an unobvious issue to be cleared. But still I have quesiton regards SSL / TLS . SSL is in application layer which use TCP 443 as Transport Layer . so thats mean TLS should in Application layer NOT Transport Layer ? am I right. please explain
SSL is in the presentation layer, layer 6, this is where the "work" takes place. As far as allowing SSL VPN traffic, it's Default TCP 443 and there is also a more efficient D-TLS (Datagram) which uses UDP.
DTLS is efficient however it requires firewall admins to allow their guest networks to pass UDP 443.
Very detailed good explanation, but I would always prefer a IPSec IKEv2 connection over a SSL one ;-)
Ludwig Hertel
Crystal clear. Thank you sir.
Thanks Rhyan for awesome knowledge transfer, do you have more videos on either security or RS/DC ?
Thanks for video upload..clear and simple to understand
Hi sir..m confused..doesn't esp have a port number, 50.. wat was the need of a udp overhead..plz help
Protocol numbers are different than port numbers.
If you look at a picture of an IP header you'll see it has a PROTOCOL field, that field holds a number, like 17 , which would mean UDP.
When an IP packet is being processed the computer uses the protocol field to know how to decode layer 4.
This is really confusing at first, hope that helped.
@@RyanLindfield Ty Sir.. I will read more on it and then get back to you if I need any further clarification
hello ryan i have a good question please help me to figure out. in a sesión SSL is a fact that you have a public key within the digital certificate that the server send you. and the server has the private Key. is a fact that you (the user) encrypt with the public key and the only one who can DesEncrypt is the server. my doubt is somebody inside my swicht with wireshark capture a Packet from the server to the user (first) and me (the second user) with the public key that i got because is a public key can DesEncrypt that Packet ?? and see the data that the server is sending to the First User ??
This is a great video! Thank you.
Hey, can you please tell me if there is a piece of vpnssl hardware that I can buy that will not require me to subscribe to a monthly service? This is for safe internet browsing, not for corporate connectivity.Thanks.
why it is not possible to configure site to site vpn using ssl ?
Very informative...
+Ryan Lindfield
Hello Ryan, thanks for your efforts, I think this video is continuation of another video. So, can you please provide a link for that video (if at all there is any). Thanks
Nice video
perfect explaination!! many thanks
Awesome video
Geniuss.. thanks man
Hola: Tengo el Corporativo y las sucursales unidos por VPN todos, uso escritorio remotos para el RP en todas las sucursales. quiero conectarme al server desde las sucursales usando el Nombre del Servidor y No la dirección ip. En el corporativo si me conecto al Server desde la misma LAN interna usando el nombre del SERVER, pero cuando quiero conectarme desde una sucursal usando el nombre del server no me resuelve, no lo encuentra el escritorio remoto a través de conexión VPN, solamente con la dirección IP funciona. Que se puede hacer para que el nombre del Server este publico a través de las VPN ?? Gracias
fue resuelto
Thank you so much
Excellent!!!
wow, thank you so much!
Thank you Sr.
Excellent
Awesome video, thanks Ryan. Also...I just gave this video a thumbs up and it was thumbs up number 443...get it?
Instructor speaking style is so much similar to Khawar Butt....
Your videos are A+ quality.
Thanks a lot !
Great!!!!!!!!!!!!!
its pretty informative....😉
GURU ... GOD BLESS "_)
that's a quiet class
Sounds a bit like you're selling Cisco. OpenVPN works everywhere and is faster and much easier to set up. Managing and configuring ASAs is a nightmare.
your explanation is not that much clear. new engineer can not understand. only experienced engineer can understand. if some one experienced, then why does he need your video?
Learn to spell, dude.
A company wants to implement a large number of WAPs throughout its building and allow
users to be able to move around the building without dropping their connections Which of the
following pieces of equipment would be able to handle this requirement?
(A). A VPN concentrator
(B). A load balancer
(C). A wireless controller
(D). A RADIUS server
A?