Scribd Logo
Importer

Bienvenue sur Scribd !

  • Cisco Easy VPN Solutions

    Transféré par

    Satya Vasu
    19 vues12 pages
    vpn

    Titre original

    VPN cisco

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    vpn

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    19 vues12 pages

    Cisco Easy VPN Solutions

    Transféré par

    Satya Vasu
    vpn

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 12

    Cisco Easy VPN Solutions

    Applications and Implementation with


    Cisco IOS Routers, PIX Firewalls, 3000
    Series Concentrators & HW Clients &
    Client

    Session Number
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 1
    VPN Deployment & Management Challenges
    • Heterogeneous CPE devices and
    clients
    Central Site
    • Remote sites without on-site support
    VPN Repository • VPN tunnels over static and dynamic
    WAN connections

    Mobile
    • Static & dynamic IP addresses
    Workers • Pushing configuration changes once
    Internet deployed
    • Coordinating custom configuration, IP
    address and mixed WAN environment
    Teleworkers (Cable/DSL, PPPoE/hostname)
    VPN Tunnels
    Small Branch Office

    Configuration
    IP
    ? Address
    Configuration Configuration Configuration
    ? ?
    ??
    ?
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 2
    Cisco Easy VPN Solutions Leverages
    Cisco Unified Client Framework
    Cisco Easy VPN Remote Cisco Easy VPN Server
    Eliminates complex remote-side Accepts VPN connection from
    configuration simplifying VPN Cisco VPN clients and Cisco
    deployments Easy VPN Remote devices
    Central Site VPN Gateways
    Home Office Cisco VPN Clients with Cisco Easy VPN Server
    - Cisco VPN30xx
    - Cisco IOS® Routers with 12.2(8)T
    CVPN 3002 - PIX® Firewalls with 6.0+
    Dial-Up
    Cable, DSL

    Cisco PIX 501 Internet

    Home Office Cable, DSL

    Cisco 800 / T1
    uBR 900
    Cisco 1700

    Small Branch Office

    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 3


    Cisco Easy VPN Family

    CISCO Easy VPN Remotes


    Routers: Home Office
    800 Series
    uBR900 Series
    1700 Series
    Security Appliances: Dial-Up
    PIX 501 Cable, DSL
    CVPN 3002
    Cisco VPN Client Internet

    Home Office Cable, DSL


    CISCO Easy VPN Servers
    T1
    Routers:
    1700 Series
    2600 Series
    3600 Series
    7100/7200 Series
    Small Branch Office
    Security Appliances:
    PIX Firewall Series
    CVPN 3000 Series
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 4
    Scalable Deployment & Management
    VPN Solution
    Cisco Easy VPN server on
    Central Site
    VPN gateway with securityHQ / ISP Cisco Easy VPN Remote and Server
    policy repository (Cisco
    CVPN 3000, Cisco IOS • Support for all Cisco VPN Clients
    Router, PIX Firewall) • Dynamic policy updates, pushed
    to each CPE and clients
    Mobile Policy Updates
    Workers
    • Dynamic VPN tunnels over static
    Internet
    and dynamic WAN connections
    • Dynamic & static IP addresses

    Teleworkers
    VPN Tunnels
    Small Branch Office

    Configuration
    A Configuration Configuration
    A Configuration A

    A
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 5
    Cisco Easy VPN Benefits
    1. Remote CPE contact central
    Central Site
    site for authentication, &
    provide information
    Browser-based GUI on
    Cisco 800, 900, Cisco PIX Internet
    501 FW & CVPN 3002
    Cisco IOS Router, VPN
    2. Policy update delivered to Concentrator, PIX Firewall
    designated CPE & PC clients
    Cisco 800, 900 Series
    Router, Cisco PIX 501
    FW, CVPN 3002 3. VPN established from remote
    Cisco 1700, 2600, CPE/Client with new policy in
    3600 Series
    • Support dynamic connections w/VPN place
    Router, Cisco PIX
    Availability Firewall, CVPN
    Lower cost connection for customers 3002
    More control by SP or Enterprise
    • Enable small or large deployments without user intervention
    Simplified configuration during deployment
    Automated initiation
    Pre-configuration for faster uptime
    • Enforce consistent VPN Policy on all remote devices
    • Interoperability across Cisco access and security devices
    • No head end changes when adding extra devices
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 6
    Cisco Easy VPN Remote Initiation on Cisco
    Routers & Security Appliances
    Crypto
    Admin Configures Ipsec
    Cisco Easy VPN 1p A

    Server Internet

    1. Configure Basic Connection


    • LAN Interface
    Optional user
    • WAN Interface initiation of Cisco Initiate Dynamic VPN
    Easy VPN
    • DNS Address Connection 100% pre-configured and automated
    initiation
    • DHCP Address
    Optional: admin final set up
    • NAT / PAT Configuration (optional)
    with CLI, Telnet or console port
    2. Configure Cisco Easy VPN Specifics Optional: user final set up
    (Cisco 800 & uBR900, CVPN 3002
    • Mode (client or network ext.)
    and Cisco PIX 501 FW only)
    • Peer address
    • Group Name, Group
    • VPN tunnel interface Password, Peer IP Address,
    Host Name
    • Group name and password
    •Optional: dynamic/ongoing device
    • User name and password
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved.
    authentication 7
    Push VPN Policy with Cisco Easy VPN
    VPN functions are assigned IKE Mode Central
    Teleworker / HQ
    Site
    Small Branch Config Attributes; several parameters
    SBO
    Office may be pushed at once

    Internet
    Cisco Cisco Easy VPN Server on
    1700
    Mobile Central Site Gateways with
    Workers security policy repository
    Attributes (Cisco CVPN 3000, Cisco IOS
    Router, Cisco PIX Firewall)
    • Internal IP Address
    • Internal NetMask
    • Internal DNS Server
    • Internal WINS Server
    • Split tunnel allowed when VPN tunnel is up
    (remote site traffic goes in the clear)
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 8
    Simple Set with GUI – Example Cisco
    800 Series Router

    Setting up Cisco Easy


    VPN Remote
    • Non-technical users
    can enable Easy VPN
    with simple login
    information provided
    by IT
    • No pre-configuration
    required, standard
    router configuration
    can be used

    Cisco Easy VPN Remote GUI support on Cisco 800, 900, Cisco
    PIX Firewalls, and CVPN 3002
    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 9
    Summary - Cisco Easy VPN Benefits

    • Streamlines VPN deployments for remote


    offices and teleworkers
    • Simplifies on-going VPN management
    • Ensures and applies up-to-date policies before
    connections are established
    • Removes complex remote-side administration
    burden
    • Provides a consistent policy, key management
    and system management approach for all Cisco
    VPN CPE devices – routers, security appliances
    and software clients

    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 10


    F0_7082_c2 © 2000, Cisco Systems, Inc. 11
    Cisco Easy VPN Roadmap

    • Stateless failover via dead peer detection


    • Cisco Easy VPN Split tunneling (with tunnel up)
    and Cisco IOS Firewall enabled (available today
    with static configuration)
    • Easy VPN Split tunneling (with tunnel down) and
    Cisco IOS Firewall enabled
    • Support for multiple VPN tunnels
    • User authentication for Cisco IOS routers

    Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 12

    Vous aimerez peut-être aussi