VPNs and VPN Technologies
- Overview of VPNs and VPN Technologies
- Internet Protocol Security (IPSec)
- IPSec Crypto Components
- IKE Overview
- How IPSec Works
- IPSec Security Associations (SAs)
- CA Support Overview
- Summary
- Review Questions
Overview of VPNs and VPN Technologies
Cisco products support the latest in VPN technology. A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet.
Figure 1-1 shows various VPNs between a main site and branch offices and small office, home office (SOHO) workers.
VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network. There are three main types of VPNs.
Access VPNsProvide remote access to an enterprise customer's intranet or extranet over a shared infrastructure. Access VPNs use analog, dial, ISDN, digital subscriber line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, and branch offices.
Intranet VPNsLink enterprise customer headquarters, remote offices, and branch offices to an internal network over a shared infrastructure using dedicated connections. Intranet VPNs differ from extranet VPNs in that they allow access only to the enterprise customer's employees.
Extranet VPNsLink outside customers, suppliers, partners, or communities of interest to an enterprise customer's network over a shared infrastructure using dedicated connections. Extranet VPNs differ from intranet VPNs in that they allow access to users outside the enterprise.
Figure 1-1 Examples of VPNs
The following main components make up Cisco's VPN offerings:
Cisco VPN routersUse Cisco IOS software IPSec support to enable a secure VPN. VPN-optimized routers leverage existing Cisco investment, perfect for the hybrid WAN.
Cisco Secure PIX FirewallOffers a VPN gateway alternative when the security group "owns" the VPN.
Cisco VPN Concentrator seriesOffers powerful remote access and site-to-site VPN capability, easy-to-use management interface, and a VPN client.
Cisco Secure VPN ClientEnables secure remote access to Cisco router and PIX Firewalls and runs on the Windows operating system.
Cisco Secure Intrusion Detection System (CSIDS) and Cisco Secure ScannerCan be used to monitor and audit the security of the VPN.
Cisco Secure Policy Manager and Cisco Works 2000Provide VPN-wide system management.
These components can all be seen in Figure 1-2.
Figure 1-2 Cisco Secure VPN Components
The main Cisco VPN product offerings are discussed in more detail in Chapter 2, "Cisco VPN Family of Products."