Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Cisco Presentation Guide

Cisco Easy VPN Solutions
Applications and Implementation with
Cisco IOS Routers, PIX Firewalls, 3000
Series Concentrators & HW Clients &
Client
Session Number
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
1
VPN Deployment & Management Challenges
• Heterogeneous CPE devices and
clients
Central Site
• Remote sites without on-site support
• VPN tunnels over static and dynamic
WAN connections
VPN Repository
• Static & dynamic IP addresses
Mobile
Workers
Internet
Teleworkers
VPN Tunnels
• Pushing configuration changes once
deployed
• Coordinating custom configuration, IP
address and mixed WAN environment
(Cable/DSL, PPPoE/hostname)
Small Branch Office
Configuration
?
Configuration Configuration
?
Presentation_ID
?
© 2001, Cisco Systems, Inc. All rights reserved.
Configuration
?
IP
Address
??
2
Cisco Easy VPN Solutions Leverages
Cisco Unified Client Framework
Cisco Easy VPN Remote
Cisco Easy VPN Server
Eliminates complex remote-side
configuration simplifying VPN
deployments
Accepts VPN connection from
Cisco VPN clients and Cisco
Easy VPN Remote devices
Cisco VPN Clients
Home Office
CVPN 3002
Central Site VPN Gateways
with Cisco Easy VPN Server
- Cisco VPN30xx
- Cisco IOS® Routers with 12.2(8)T
- PIX® Firewalls with 6.0+
Dial-Up
Cable, DSL
Cisco PIX 501
Home Office
Internet
Cable, DSL
Cisco 800 /
uBR 900
T1
Cisco 1700
Small Branch Office
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
3
Cisco Easy VPN Family
CISCO Easy VPN Remotes
Routers:
Home Office
800 Series
uBR900 Series
1700 Series
Security Appliances:
PIX 501
CVPN 3002
Dial-Up
Cable, DSL
Cisco VPN Client
Home Office
Internet
Cable, DSL
CISCO Easy VPN Servers
T1
Routers:
Small Branch Office
1700 Series
2600 Series
3600 Series
7100/7200 Series
Security Appliances:
PIX Firewall Series
CVPN 3000 Series
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
4
Scalable Deployment & Management
VPN Solution
Cisco Easy VPN server on
Central Site
VPN gateway with securityHQ / ISP
policy repository (Cisco
CVPN 3000, Cisco IOS
Router, PIX Firewall)
Cisco Easy VPN Remote and Server
• Support for all Cisco VPN Clients
• Dynamic policy updates, pushed
to each CPE and clients
Policy Updates
Mobile
Workers
• Dynamic VPN tunnels over static
and dynamic WAN connections
Internet
• Dynamic & static IP addresses
Teleworkers
VPN Tunnels
Small Branch Office
Configuration
A
Configuration
A
Presentation_ID
Configuration
Configuration
A
© 2001, Cisco Systems, Inc. All rights reserved.
A
5
Cisco Easy VPN Benefits
1. Remote CPE contact central
site for authentication, &
provide information
Browser-based GUI on
Cisco 800, 900, Cisco PIX
501 FW & CVPN 3002
Central Site
Internet
2. Policy update delivered to
designated CPE & PC clients
Cisco 800, 900 Series
Router, Cisco PIX 501
FW, CVPN 3002
•
Support dynamic connections w/VPN
Availability
Lower cost connection for customers
More control by SP or Enterprise
•
Cisco 1700, 2600,
3600 Series
Router, Cisco PIX
Firewall, CVPN
3002
Cisco IOS Router, VPN
Concentrator, PIX Firewall
3. VPN established from remote
CPE/Client with new policy in
place
Enable small or large deployments without user intervention
Simplified configuration during deployment
Automated initiation
Pre-configuration for faster uptime
•
•
•
Enforce consistent VPN Policy on all remote devices
Interoperability across Cisco access and security devices
No head end changes when adding extra devices
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
6
Cisco Easy VPN Remote Initiation on Cisco
Routers & Security Appliances
Admin Configures
Cisco Easy VPN
Server
Crypto
Ipsec
1p A
Internet
1. Configure Basic Connection
• LAN Interface
• WAN Interface
• DNS Address
Optional user
initiation of Cisco
Easy VPN
Connection
• DHCP Address
• NAT / PAT Configuration (optional)
2. Configure Cisco Easy VPN Specifics
• Mode (client or network ext.)
• Peer address
• VPN tunnel interface
• Group name and password
• User name and password
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
Initiate Dynamic VPN
100% pre-configured and automated
initiation
Optional: admin final set up
with CLI, Telnet or console port
Optional: user final set up
(Cisco 800 & uBR900, CVPN 3002
and Cisco PIX 501 FW only)
• Group Name, Group
Password, Peer IP Address,
Host Name
•Optional: dynamic/ongoing device
authentication
7
Push VPN Policy with Cisco Easy VPN
Teleworker /
Small Branch
SBO
Office
VPN functions are assigned IKE Mode
Config Attributes; several parameters
may be pushed at once
Central
Site
HQ
Internet
Cisco
1700
Mobile
Workers
Attributes
• Internal IP Address
Cisco Easy VPN Server on
Central Site Gateways with
security policy repository
(Cisco CVPN 3000, Cisco IOS
Router, Cisco PIX Firewall)
• Internal NetMask
• Internal DNS Server
• Internal WINS Server
• Split tunnel allowed when VPN tunnel is up
(remote site traffic goes in the clear)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
8
Simple Set with GUI – Example Cisco
800 Series Router
Setting up Cisco Easy
VPN Remote
• Non-technical users
can enable Easy VPN
with simple login
information provided
by IT
• No pre-configuration
required, standard
router configuration
can be used
Cisco Easy VPN Remote GUI support on Cisco 800, 900, Cisco
PIX Firewalls, and CVPN 3002
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
9
Summary - Cisco Easy VPN Benefits
• Streamlines VPN deployments for remote
offices and teleworkers
• Simplifies on-going VPN management
• Ensures and applies up-to-date policies before
connections are established
• Removes complex remote-side administration
burden
• Provides a consistent policy, key management
and system management approach for all Cisco
VPN CPE devices – routers, security appliances
and software clients
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
10
F0_7082_c2
© 2000, Cisco Systems, Inc.
11
Cisco Easy VPN Roadmap
• Stateless failover via dead peer detection
• Cisco Easy VPN Split tunneling (with tunnel up)
and Cisco IOS Firewall enabled (available today
with static configuration)
• Easy VPN Split tunneling (with tunnel down) and
Cisco IOS Firewall enabled
• Support for multiple VPN tunnels
• User authentication for Cisco IOS routers
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
12
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
10_2_1_2 Worksheet - Answer Security Policy Questions
10_2_1_2 Worksheet - Answer Security Policy Questions
Peplink SpeedFusion
Peplink SpeedFusion
Download