PIX Firewall VPN Topologies

PIX Firewall to PIX Firewall VPN gateway

Internet

PIX Firewall to PIX Firewall VPN gateway

PIX Firewall to router VPN gateway

VPN Client to PIX Firewall VPN via dialup

Internet

PIX Firewall to router VPN gateway

VPN Client to PIX Firewall VPN via network

VPN Client to PIX Firewall VPN via dialup

Other vendors to PIX Firewall VPN

©2000, Cisco Systems,

VPN Client to PIX Firewall VPN via network

Internet

Other vendors to PIX Firewall VPN

©2000, Cisco Systems,

CSPFA 1.01-7-4

The PIX Firewall enables VPNs in several topologies, as illustrated in the figure:

■ PIX to PIX secure VPN gateway—Two or more PIX Firewalls can enable a VPN, which secures traffic from devices behind the PIX Firewalls. The secure VPN gateway topology prevents the user from having to implement VPN devices or software inside the network, making the secure gateway transparent to users.

■ PIX to Cisco IOS™ router secure VPN gateway—The PIX Firewall and Cisco router, running Cisco Secure VPN software, can interoperate to create a secure VPN gateway between networks.

■ Cisco Secure VPN Client to PIX via dialup—The PIX Firewall can become a VPN endpoint for the Cisco Secure VPN Client over a dialup network. The dialup network can consist of ISDN, Public Switched Telephone Network

(PSTN) (analog modem), or digital subscriber line (DSL) communication channels.

■ Cisco Secure VPN Client to PIX via network—The PIX Firewall can become a VPN endpoint for the Cisco Secure VPN Client over an IP network.

■ Other vendor products to PIX—Products from other vendors can connect to the PIX Firewall if they conform to open VPN standards.

A VPN itself can be constructed in a number of scenarios. The most common are as follows:

■ Internet VPN—A private communications channel over the public access Internet. This type of VPN can be divided into the following:

- Connecting remote offices across the Internet.

- Connecting remote dial users to their home gateway via an Internet Service Provider (ISP) (sometimes called a Virtual Private Dial Network or VPDN).

■ Intranet VPN—A private communication channel within an enterprise or organization that may or may not involve traffic traversing a WAN.

■ Extranet VPN—A private communication channel between two or more separate entities that may involve data traversing the Internet or some other WAN.

■ In all cases the VPN or tunnel consists of two endpoints that may be represented by PIX Firewalls, Cisco routers, individual client workstations running the Cisco Secure VPN Client, or other vendors' VPN products that conform to open standards.

0 0

Post a comment