The Cisco VPN Concentrator series of devices has two basic VPN implementations:
A large VPN implementation might frequently have variations of both types. It wouldn’t be uncommon to have several LAN-to-LAN connections for branch office links combined with many remote access connections for traveling executives, sales professionals, and telecommuters.
Remote access involves connecting individual users to a LAN to provide secure, encrypted network access for telecommuters, traveling employees, and one-person offices of consultants, contractors, brokers, vendors, and so forth.
Today, many companies provide their own VPN connections through the Internet, allowing access to remote users running VPN client software over dial-up technologies through their Internet service providers (ISPs). The rapid expansion of cable and DSL markets makes it possible for telecommuters and other fixed location users to replace slower modem and ISDN services with fast connections at a fraction of the cost of dedicated lines.
Fast Internet connections offered in many hotels and the new wireless access facilities in many public places, such as airports, convention centers, and even fast-food restaurants, means traveling employees can also use fast, secure, remote VPN connections. Figure 14-10 shows two common types of remote access VPN examples.
Remote access VPN implementations with VPN Concentrators is covered in the upcoming section “Remote Access VPNs with Preshared Keys.” Chapter 15 covers the VPN 3002 client device, which allows a single appliance to provide remote access VPN connectivity and protection to small groups at a single location.
LAN-to-LAN (site-to-site) VPNs are an alternative WAN infrastructure used to create secure connections between two end devices, such as routers, firewalls, or VPN Concentrators. The hosts on each LAN connect to those end devices and can access the other LAN via the secure connection based on the organization security policy and the placement of shared resources.
Common examples of site-to-site VPN implementation could include connecting branch offices, vendor sites, dealer sites, or customer offices to the corporate network. Figure 14-11 shows the types of connections that might be VPN candidates.
LAN-to-LAN VPN implementations with VPN Concentrators are covered in Chapter 16.