1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

VPN Concentrators in IPSec VPN Implementations

VPN Concentrators in IPSec?VPN?Implementations

The Cisco VPN Concentrator series of devices has two basic VPN implementations:

  • Remote access

  • LAN-to-LAN

A large VPN implementation might frequently have variations of both types. It wouldn’t be uncommon to have several LAN-to-LAN connections for branch office links combined with many remote access connections for traveling executives, sales professionals, and telecommuters.

Remote Access Networks

Remote access involves connecting individual users to a LAN to provide secure, encrypted network access for telecommuters, traveling employees, and one-person offices of consultants, contractors, brokers, vendors, and so forth.

Today, many companies provide their own VPN connections through the Internet, allowing access to remote users running VPN client software over dial-up technologies through their Internet service providers (ISPs). The rapid expansion of cable and DSL markets makes it possible for telecommuters and other fixed location users to replace slower modem and ISDN services with fast connections at a fraction of the cost of dedicated lines.

Fast Internet connections offered in many hotels and the new wireless access facilities in many public places, such as airports, convention centers, and even fast-food restaurants, means traveling employees can also use fast, secure, remote VPN connections. Figure 14-10 shows two common types of remote access VPN examples.

Click To expand
Figure 14-10: Remote access type VPN connections

Remote access VPN implementations with VPN Concentrators is covered in the upcoming section “Remote Access VPNs with Preshared Keys.” Chapter 15 covers the VPN 3002 client device, which allows a single appliance to provide remote access VPN connectivity and protection to small groups at a single location.

LAN-to-LAN Networks

LAN-to-LAN (site-to-site) VPNs are an alternative WAN infrastructure used to create secure connections between two end devices, such as routers, firewalls, or VPN Concentrators. The hosts on each LAN connect to those end devices and can access the other LAN via the secure connection based on the organization security policy and the placement of shared resources.

Common examples of site-to-site VPN implementation could include connecting branch offices, vendor sites, dealer sites, or customer offices to the corporate network. Figure 14-11 shows the types of connections that might be VPN candidates.

Click To expand
Figure 14-11: LAN-to-LAN VPN connection example

LAN-to-LAN VPN implementations with VPN Concentrators are covered in Chapter 16.




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
VPN Concentrator User Interfaces and Startup
VPN Concentrators in IPSec VPN Implementations
Remote Access VPNs with Preshared Keys
Digital Certificates
Configure Cisco VPN Client Support
VPN Client Autoinitiation Feature
Administer and Monitor Remote Access Networks
Chapter Review
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars