VPN Concentrators in IPSec VPN Implementations

VPN Concentrators in IPSec?VPN?Implementations

The Cisco VPN Concentrator series of devices has two basic VPN implementations:

  • Remote access

  • LAN-to-LAN

A large VPN implementation might frequently have variations of both types. It wouldn’t be uncommon to have several LAN-to-LAN connections for branch office links combined with many remote access connections for traveling executives, sales professionals, and telecommuters.

Remote Access Networks

Remote access involves connecting individual users to a LAN to provide secure, encrypted network access for telecommuters, traveling employees, and one-person offices of consultants, contractors, brokers, vendors, and so forth.

Today, many companies provide their own VPN connections through the Internet, allowing access to remote users running VPN client software over dial-up technologies through their Internet service providers (ISPs). The rapid expansion of cable and DSL markets makes it possible for telecommuters and other fixed location users to replace slower modem and ISDN services with fast connections at a fraction of the cost of dedicated lines.

Fast Internet connections offered in many hotels and the new wireless access facilities in many public places, such as airports, convention centers, and even fast-food restaurants, means traveling employees can also use fast, secure, remote VPN connections. Figure 14-10 shows two common types of remote access VPN examples.

Click To expand
Figure 14-10: Remote access type VPN connections

Remote access VPN implementations with VPN Concentrators is covered in the upcoming section “Remote Access VPNs with Preshared Keys.” Chapter 15 covers the VPN 3002 client device, which allows a single appliance to provide remote access VPN connectivity and protection to small groups at a single location.

LAN-to-LAN Networks

LAN-to-LAN (site-to-site) VPNs are an alternative WAN infrastructure used to create secure connections between two end devices, such as routers, firewalls, or VPN Concentrators. The hosts on each LAN connect to those end devices and can access the other LAN via the secure connection based on the organization security policy and the placement of shared resources.

Common examples of site-to-site VPN implementation could include connecting branch offices, vendor sites, dealer sites, or customer offices to the corporate network. Figure 14-11 shows the types of connections that might be VPN candidates.

Click To expand
Figure 14-11: LAN-to-LAN VPN connection example

LAN-to-LAN VPN implementations with VPN Concentrators are covered in Chapter 16.

Part III: Virtual Private Networks (VPNs)