CCNA Security – Chapter 8 Case Study Objectives • Describe the purposes and types of VPNs and define where to use VPNs in a network. • Describe the fundamental concepts and technologies of VPNs, and terms that IPsec VPNs use. • Describe how to configure a site-to-site IPsec VPN. • Configure a site-to-site IPsec VPN with PSK authentication using CLI and Cisco SDM. • Describe the two common remote network access methods used in enterprise networks. • Describe how the Cisco VPN Client is used in an IPsec remote-access VPN. • Describe how Secure Socket Layer (SSL) is used in a remote-access VPN. • Configure a remote-access IPsec VPN using CLI and Cisco SDM. Scenario As part of the reorganization, Superior Health Care System Corporation will provide local and remote access to a corporate intranet for all employees. The organization will also have to implement an extranet to exchange information between our organization, insurance providers and other vendors. In addition, we will provide the ability for patients to connect to our website to make appointments, request prescription refills and make account payments. The CEO would like all of these networks and services designed using VPN technologies. In preparing for this transition, the team needs to configure and provide proof of concept for the following. Tasks 8.1 A site-to-site VPN will provide the extension of our WAN network. We will use a site-to-site VPN to connect business partners. In the past, a leased line or Frame Relay connection was required to connect to our partners. We want to save money and provide a more secure connection by replacing these dedicated WAN services with site-to-site VPNs. Your team has been asked to use a network simulation tool (Packet Tracer) to configure a model point-topoint IPsec VPN connection between Superior Health Care System Corporation’s network and a local business partner “In Your Hands Insurance Group”. Test the connection and provide proof of its security, confidentiality and integrity. Tasks 8.2 The CEO has made it his priority to make the new Superior Health Care System Corporation reflect the st 21 century workforce. He would like to see our employees have the ability to access critical information they need to perform their work available were ever they may be (at home, in a local physicians offices, or at a high tech diagnostics facilities). Remote-access VPNs are the only cost effective, secure solution. Remote-access VPNs can support the needs of our doctors, nursing staff and business office. Have your team design and demonstrate the operation of remote-access VPNs using existing Microsoft products to establish a PPTP solution using our Cisco Routers as the termination point back to our corporate offices. Tasks 8.3 Superior Health Care System Corporation’s business director needs to provide extensive patient services through the corporate website. These services include on-line appointment scheduling, prescription refills, and check account balances, payments and status. © 2009 Cisco Learning Institute CCNA Security – Chapter 8 Case Study The Chief Information Officer has determined that an SSL VPN will be used to provide remote-access connectivity from almost any Internet-enabled location using a web browser and its native SSL encryption. Your team has been asked to review course materials in order to design and demonstrate an SSL VPN solution based on Cisco Easy VPN Server. This is a Cisco IOS router or Cisco PIX / ASA Firewall acting as the VPN termination device in site-to-site or remote-access VPNs. Discuss and list requirements for setting up Cisco Easy VPN Server and options possible to better secure its use with clients. For example, the ability to lock clients into only is accessing the Internet through the VPN tunnel, or only outside the tunnel using their home Internet. © 2009 Cisco Learning Institute