The choice of Cisco VPN technology depends on the type of VPN being developed, remote-access or site-to-site, plus the current and projected size of the resulting network. The Cisco components required to build the VPN might include any or all of the following options:
Client VPN software, such as Easy VPN Remote, provides secure remote access to central Cisco routers, PIX Firewalls, and VPN Concentrators. The VPN client runs on the Windows OS.
VPN hardware clients, such as Cisco VPN 3002, provide hardware-based encryption services for each remote user or small branch.
Cisco VPN 3000 Series Concentrators provide powerful remote access and site-to-site VPN capabilities for the network with many VPN connections. The series supports an easy-to-use management interface.
Cisco Secure PIX Firewall provides a highly secure VPN gateway alternative to the router or concentrator devices.
IOS-based VPN-optimized routers for branch and remote user connections. Routers supporting this include the Cisco 800, UBr900 cable access router/modem, 1400 DSL router/modem, the 1700, 2600, 3600, 7100, 7200, and 7500 series routers. The Cisco 7100 Series VPN Router is an integrated VPN router that provides solutions for VPN-centric environments.
Cisco Secure Intrusion Detection System (CSIDS) and Cisco Secure Scanner can be used to monitor and audit the security of the VPN.
Cisco Secure Policy Manager and Cisco Works 2000, two Cisco network management software applications, provide VPN-wide system management.
Because VPN technology is so new and no single standard evolved quickly, many companies developed turnkey solutions, which could be implemented and administered easily by the client or consultant services. Cisco developed several VPN solutions built around each of the three following technologies. You learn about each technology in the next eight chapters.
VPN 3000 Series Concentrator Most models use a hardware-based VPN solution with advanced encryption and authentication. VPN concentrators are designed and built specifically to provide high availability, high performance, and scalability. The modular design of the 3015 to 3080 models includes Scalable Encryption Processing (SEP) modules that allow the organization to increase capacity and throughput. This scalability supports small businesses, with up to 100 remote-access users, to large organizations, with up to 10,000 simultaneous remote connections.
Cisco Secure PIX Firewall The PIX Firewall is a hardware security device that combines features like NAT, proxy server, packet and stateful filtering, and VPN features into a single device. The PIX unit uses a proprietary OS that trades the capability to handle a large variety of protocols and services for extreme robustness and performance by focusing on IP security.
VPN-Optimized Router Cisco routers running an IOS with the VPN feature set provide routing, security, scalability, and QoS for businesses from small office/home office (SOHO) access to central-site VPN aggregation for the large-scale enterprise.