Documente Academic
Documente Profesional
Documente Cultură
www.cisco.com
1999, Cisco Systems, Inc.
Agenda
What Are VPNs? VPN Technologies Access, Intranet, and Extranet VPNs VPN Examples
www.cisco.com
12-2
Hong Kong
Extends private network through public Internet Lower cost than private WAN Relies on tunneling and encryption
CSE: Networking FundamentalsVPNs
www.cisco.com
12-4
Example of a VPN
Private networking service over a public network infrastructure
Munich Main Office Paris Office
Internet
Milan Office
www.cisco.com
1999, Cisco Systems, Inc. 12-9
VPN Technologies
www.cisco.com
VPN Technologies
Business Partner with Cisco Router
Main Site
VPN
Remote Office with Cisco Router POP Cisco PIX Firewall
Perimeter Router
VPN Concentrator
Regional Office with Cisco PIX Firewall SOHO with Cisco ISDN/DSL Router
CSE: Networking FundamentalsVPNs
Corporate Mobile Worker with Cisco Secure VPN Client on Laptop Computer PIX = Private Internet Exchange
1999, Cisco Systems, Inc. 12-11
www.cisco.com
Tunneling: L2F/L2TP
1. User identification
Mobile users Telecommuters Small remote offices
PoP LAC
Security Server
3. User authentication
12-15
Enterprise A
www.cisco.com
1999, Cisco Systems, Inc. 12-17
What Is IPSec?
Network-layer encryption and authentication Open standards for ensuring secure private communications over any IP network, including the Internet Data protected with network encryption, digital certification, and device authentication Scales from small to very large networks
CSE: Networking FundamentalsVPNs
www.cisco.com
12-18
www.cisco.com
12-19
Public Network
Home Network
Dial Access to Corporate Network Exchange X.509 or One-Time Password IKE Negotiation
Authentication Approved
www.cisco.com
12-20
www.cisco.com
Application
Mobile users Remote connectivity
Alternative To
Dedicated dial
ISDN
Benefits
Ubiquitous access, lower cost
VPN
Site-to-site
Intranet VPN
Internal connectivity
Leased line
Business-to-business
Extranet VPN
External connectivity
Facilitates e-commerce
www.cisco.com
12-28
Access VPNs
Potential Operations and Infrastructure Cost Savings
Enterprise
AAA CA
DMZ
Service Provider A
Web Servers DNS Server STMP Mail Relay Mobile User or Corporate Telecommuter
1999, Cisco Systems, Inc. 12-30
Small DNS = Domain Name System STMP = Simple Mail Transfer Protocol Office DMZ = Demilitarized Zone (PCs directly connected online)
www.cisco.com
POP NAS
Security Server
3. User authentication
www.cisco.com
12-31
Enterprise
AAA CA
Remote Office
Service Provider A
DMZ
Enterprise
AAA CA
DMZ
Service Provider A
Intranet/Extranet VPN
Intranet VPN Intranet WAN Router Intranet VPN Router
Company B
www.cisco.com
12-44
VPN Examples
www.cisco.com
Public Network
Remote Center
Primary Hospital Private Network
Remote Centers
CSE: Networking FundamentalsVPNs
www.cisco.com
12-46
Public Network
IPSec encrypts traffic from remote sites to the enterprise using any application IPSec may be combined with other tunnel protocols, e.g., GRE Telecommuters can gain secure, transparent access to the corporate network
CSE: Networking FundamentalsVPNs
www.cisco.com
12-47
Presentation_ID
www.cisco.com
48