Académique Documents
Professionnel Documents
Culture Documents
Session Number
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 1
VPN Deployment & Management Challenges
• Heterogeneous CPE devices and
clients
Central Site
• Remote sites without on-site support
VPN Repository • VPN tunnels over static and dynamic
WAN connections
Mobile
• Static & dynamic IP addresses
Workers • Pushing configuration changes once
Internet deployed
• Coordinating custom configuration, IP
address and mixed WAN environment
Teleworkers (Cable/DSL, PPPoE/hostname)
VPN Tunnels
Small Branch Office
Configuration
IP
? Address
Configuration Configuration Configuration
? ?
??
?
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 2
Cisco Easy VPN Solutions Leverages
Cisco Unified Client Framework
Cisco Easy VPN Remote Cisco Easy VPN Server
Eliminates complex remote-side Accepts VPN connection from
configuration simplifying VPN Cisco VPN clients and Cisco
deployments Easy VPN Remote devices
Central Site VPN Gateways
Home Office Cisco VPN Clients with Cisco Easy VPN Server
- Cisco VPN30xx
- Cisco IOS® Routers with 12.2(8)T
CVPN 3002 - PIX® Firewalls with 6.0+
Dial-Up
Cable, DSL
Cisco 800 / T1
uBR 900
Cisco 1700
Teleworkers
VPN Tunnels
Small Branch Office
Configuration
A Configuration Configuration
A Configuration A
A
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 5
Cisco Easy VPN Benefits
1. Remote CPE contact central
Central Site
site for authentication, &
provide information
Browser-based GUI on
Cisco 800, 900, Cisco PIX Internet
501 FW & CVPN 3002
Cisco IOS Router, VPN
2. Policy update delivered to Concentrator, PIX Firewall
designated CPE & PC clients
Cisco 800, 900 Series
Router, Cisco PIX 501
FW, CVPN 3002 3. VPN established from remote
Cisco 1700, 2600, CPE/Client with new policy in
3600 Series
• Support dynamic connections w/VPN place
Router, Cisco PIX
Availability Firewall, CVPN
Lower cost connection for customers 3002
More control by SP or Enterprise
• Enable small or large deployments without user intervention
Simplified configuration during deployment
Automated initiation
Pre-configuration for faster uptime
• Enforce consistent VPN Policy on all remote devices
• Interoperability across Cisco access and security devices
• No head end changes when adding extra devices
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 6
Cisco Easy VPN Remote Initiation on Cisco
Routers & Security Appliances
Crypto
Admin Configures Ipsec
Cisco Easy VPN 1p A
Server Internet
Internet
Cisco Cisco Easy VPN Server on
1700
Mobile Central Site Gateways with
Workers security policy repository
Attributes (Cisco CVPN 3000, Cisco IOS
Router, Cisco PIX Firewall)
• Internal IP Address
• Internal NetMask
• Internal DNS Server
• Internal WINS Server
• Split tunnel allowed when VPN tunnel is up
(remote site traffic goes in the clear)
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 8
Simple Set with GUI – Example Cisco
800 Series Router
Cisco Easy VPN Remote GUI support on Cisco 800, 900, Cisco
PIX Firewalls, and CVPN 3002
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 9
Summary - Cisco Easy VPN Benefits