In this chapter, you will learn to:
Recognize Virtual Private Networks
Apply tunneling protocols
Work with IPSec
Use Cisco IOS IPSec technologies
Learn about Cisco IOS Cryptosystem components
Understand security associations
Know the five steps for IPSec
Make use of IPSec support in Cisco Systems products
As businesses grow and create branch locations or encourage employees to work at least part-time from home, the need to maintain remote connectivity to the organization’s information systems becomes a bigger concern. At the same time, many businesses are incorporating “just in time” scheduling into many of their processes, which requires vendors, suppliers, and even customers to have immediate access to production or purchasing information.
At one time, network security could be managed quite well simply by not allowing any outside access to the company resources. If information was needed, employees either reported to their desk to retrieve the information or telephoned someone at the office to get the needed data. Both of these solutions would be considered unacceptably slow today for many firms.
Earliest remote connections were often made with dedicated (leased) lines that provided quite secure connections for a price. Typically, that price went up according to distance. A branch office across town might require only a few hundred dollars per month for connectivity, whereas the same size branch across the country could cost many times as much. The two factors that most directly impacted the cost were bandwidth required and distance covered.
WAN technologies like analog modem, ISDN, T1/E1, T3/E3, frame relay, and cell relay (ATM) all offer reliable, secure connectivity with varying degrees of performance. The problem is they can be expensive. Lack of universal access to some of these technologies in many parts of the country or world means companies often have to install and support multiple technologies. Even for companies that routinely use dedicated lines, the problem still exists of what to do with branch locations, vendors, suppliers, or traveling employees located halfway around the world.
The advent of the Internet naturally caught the imagination of many organizations—large and small—as a possible way to extend their networks for a relatively small cost. All they had to do was give up was security and often performance. The goal became to develop a way of providing a secure connection within an inherently non-secure environment, a virtual private network. Many attempts have been made to create these VPNs and many proprietary solutions are competing for this growing business. In Chapters 10 through 16, the focus is on Cisco’s implementation of IPSec, an industry standard for providing private connections over public networks. Figure 9-1 shows some of the many types of connections that an organization might try to incorporate into its VPN strategy.