11-06, 15:45–17:15 (Europe/Vienna), Ballroom A+B+C
With this session we intend to demonstrate how Wireshark can be used to analyze IPSec VPNs in site to site and remote access contexts. We will also present some dysfunctioning cases where Wireshark can be of some help.
We will present the differents steps of an IPsec connexion (we'll base our presentation on IKEv2) with the help of Wireshark. We will use some profiles to highlight the most important elements and we'll detail the colors, columns, filters, buttons used in these profiles .
Our presentation will focus mainly on two site-to site situations : fhe first illustrating a VPN without NAT with a simple situation (one tunnel) and a more complex one (several tunnels), the second one involving some NAT between the two sites. In each of these labs we will present capture files with functional VPNS and others with some issues. When necessary and possible we'll useWireshark to decipher the IKE and ESP exchanges.
If some time remains we will present capture files for a VPN between a Windows PC and a central site
Jean-Paul has been working as a System and Network Engineer for more than 30 years. Since 2010, he has run his own company and is mainly focused on network training and consultancy. He is the author of several books for the French publisher ENI: VPN, IPv6, Cisco ASA, Postfix.
He regularly gives training sessions on Wireshark and other network-related topics. As a certified trainer, he also delivers training about VPNs and network security for WatchGuard resellers and clients.