Use VPNs with a Variety of Devices

Ctfcocam

Roijlsrto Router PC lo Route^toncflnlr^tor

One P oule r tn roäny PC to Firewall

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-6

One P oule r tn roäny PC to Firewall

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-6

Networked VPN tunnels can carry encrypted data in four topologies:

■ From router to router: This is the focus of the BCRAN labs.

■ From one router to many other routers: Each tunnel is a point-to-point connection.

■ From PC to router or VPN concentrator: This option enables the mobility of network transactions.

Router to firewall and PC to firewall: The firewall monitors traffic that crosses network perimeters and imposes restrictions according to security policy.

The proliferation of the networked economy supported by these and other network devices has spawned a fundamental change in how corporations conduct business. Corporate staff is no longer defined by where they do their jobs as much as how well they perform their job functions. Virtual Private Networking can be done from anywhere using routers, firewalls, or dedicated VPN concentrators.

Competitive pressures in many industries have spawned alliances and partnerships among enterprises, requiring separate corporations to act and function as one when facing customers.

Although such developments have increased productivity and profitability for many corporations, they have also created new demands on the corporate network. Connectivity that is focused solely on connecting fixed corporate sites—such as branch and regional offices connected to the headquarters campus—is no longer sufficient connectivity for many enterprises. In addition to these standard network connections, connectivity must focus on business-to-business and business-to-customer connections within an expanding ecosystem.

Cisco VPN Solution Ecosystem

© 2004 Cisco Systems, Inc. All rights

© 2004 Cisco Systems, Inc. All rights

VPNs help remote users, such as telecommuters and external business partners, to access enterprise computing resources. This access may use several service provider networks accessing and traversing the Internet.

There may be firewalls operating that help to separate the internal network of an enterprise from its extended external network and the Internet at large. The enterprise may offer a variety of web services and network applications, including those that use Domain Name System (DNS) and Simple Mail Transfer Protocol (SMTP).

The classic WAN must be extended to accommodate these new remote users. Consequently, many enterprises are using VPNs that help to complement their existing classic WAN infrastructure.

VPN solutions are organized into two main types:

■ Remote-access VPNs: Securely connect remote users, such as mobile users and telecommuters, to the enterprise

■ Site-to-Site VPNs: Securely connect remote and branch offices to the enterprise (intranet VPNs), and connect third parties, such as customers, suppliers, and business partners, to the enterprise (extranet VPNs).

VPN—Types

• Remote-access

Ci$£O.CQim 1

- Client-initiated

- Network access server

• Site-to-site

- Intranet

- Extranet

© 2004 Cisco Systems, Inc. All rights reserved.

BCRAN v2.1—5-8

There are two types of remote-access VPNs:

■ Client-initiated: Remote users use clients to establish a secure tunnel across an ISP shared network to the enterprise.

■ Network access server (NAS)-initiated: Remote users dial in to an Internet service provider (ISP). The NAS establishes a secure tunnel to the enterprise private network that might support multiple remote user-initiated sessions.

Site-to-site VPNs include two main types:

Intranet VPNs: Connect corporate headquarters, remote offices, and branch offices over a public infrastructure.

■ Extranet VPNs: Link customers, suppliers, partners, or communities of interest to a corporate intranet over a public infrastructure.

A more detailed description of the scenarios for these various VPN types will illustrate solutions and benefits.

Remote-Access VPN Solutions

OSGQ.oom

Remote Ac-cess clien/ta CentnI ÈrtH

Remote Ac-cess clien/ta CentnI ÈrtH

Canaumar n-tau a in hi

• VPN replacing toll and toll - free dial connectivity

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-9

Canaumar n-tau a in hi

• VPN replacing toll and toll - free dial connectivity

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-9

Remote-access VPN solutions are targeted to mobile users and home telecommuters. In the past, corporations supported remote users via dial-in networks, typically requiring a toll or tollfree call to access the corporation. Remote-access VPNs are an extension of dial networks.

With the advent of VPNs, mobile users can make a local call to their ISP to access the corporation via the Internet, regardless of their location.

Remote-access VPNs can terminate on headend devices such as Cisco routers, PIX Firewalls, or VPN concentrators. Remote-access clients can include Cisco routers and VPN clients.

0 0

Post a comment