CCNA Security – Chapter 8 Case Study
Objectives
•
Describe the purposes and types of VPNs and define where to use VPNs in a network.
•
Describe the fundamental concepts and technologies of VPNs, and terms that IPsec VPNs use.
•
Describe how to configure a site-to-site IPsec VPN.
•
Configure a site-to-site IPsec VPN with PSK authentication using CLI and Cisco SDM.
•
Describe the two common remote network access methods used in enterprise networks.
•
Describe how the Cisco VPN Client is used in an IPsec remote-access VPN.
•
Describe how Secure Socket Layer (SSL) is used in a remote-access VPN.
•
Configure a remote-access IPsec VPN using CLI and Cisco SDM.
Scenario
As part of the reorganization, Superior Health Care System Corporation will provide local and remote
access to a corporate intranet for all employees. The organization will also have to implement an extranet
to exchange information between our organization, insurance providers and other vendors. In addition,
we will provide the ability for patients to connect to our website to make appointments, request
prescription refills and make account payments. The CEO would like all of these networks and services
designed using VPN technologies. In preparing for this transition, the team needs to configure and
provide proof of concept for the following.
Tasks 8.1
A site-to-site VPN will provide the extension of our WAN network. We will use a site-to-site VPN to
connect business partners. In the past, a leased line or Frame Relay connection was required to connect
to our partners. We want to save money and provide a more secure connection by replacing these
dedicated WAN services with site-to-site VPNs.
Your team has been asked to use a network simulation tool (Packet Tracer) to configure a model point-topoint IPsec VPN connection between Superior Health Care System Corporation’s network and a local
business partner “In Your Hands Insurance Group”. Test the connection and provide proof of its security,
confidentiality and integrity.
Tasks 8.2
The CEO has made it his priority to make the new Superior Health Care System Corporation reflect the
st
21 century workforce. He would like to see our employees have the ability to access critical information
they need to perform their work available were ever they may be (at home, in a local physicians offices, or
at a high tech diagnostics facilities). Remote-access VPNs are the only cost effective, secure solution.
Remote-access VPNs can support the needs of our doctors, nursing staff and business office.
Have your team design and demonstrate the operation of remote-access VPNs using existing Microsoft
products to establish a PPTP solution using our Cisco Routers as the termination point back to our
corporate offices.
Tasks 8.3
Superior Health Care System Corporation’s business director needs to provide extensive patient services
through the corporate website. These services include on-line appointment scheduling, prescription refills,
and check account balances, payments and status.
© 2009 Cisco Learning Institute
CCNA Security – Chapter 8 Case Study
The Chief Information Officer has determined that an SSL VPN will be used to provide remote-access
connectivity from almost any Internet-enabled location using a web browser and its native SSL
encryption.
Your team has been asked to review course materials in order to design and demonstrate an SSL VPN
solution based on Cisco Easy VPN Server. This is a Cisco IOS router or Cisco PIX / ASA Firewall acting
as the VPN termination device in site-to-site or remote-access VPNs. Discuss and list requirements for
setting up Cisco Easy VPN Server and options possible to better secure its use with clients. For example,
the ability to lock clients into only is accessing the Internet through the VPN tunnel, or only outside the
tunnel using their home Internet.
© 2009 Cisco Learning Institute