Home > Articles > Cisco Network Technology > General Networking > VPNs and VPN Technologies

VPNs and VPN Technologies

Chapter Description

This sample chapter defines virtual private networks (VPNs) and explores fundamental Internet Protocol Security (IPSec) technologies. This chapter also covers IPSec crypto components, an overview of IKE, IPSec security, and a certificate authority (CA) support overview.

Overview of VPNs and VPN Technologies

Cisco products support the latest in VPN technology. A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet.

Figure 1-1 shows various VPNs between a main site and branch offices and small office, home office (SOHO) workers.

VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network. There are three main types of VPNs.

  • Access VPNs—Provide remote access to an enterprise customer's intranet or extranet over a shared infrastructure. Access VPNs use analog, dial, ISDN, digital subscriber line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, and branch offices.

  • Intranet VPNs—Link enterprise customer headquarters, remote offices, and branch offices to an internal network over a shared infrastructure using dedicated connections. Intranet VPNs differ from extranet VPNs in that they allow access only to the enterprise customer's employees.

  • Extranet VPNs—Link outside customers, suppliers, partners, or communities of interest to an enterprise customer's network over a shared infrastructure using dedicated connections. Extranet VPNs differ from intranet VPNs in that they allow access to users outside the enterprise.

Figure 1-1 Examples of VPNs

The following main components make up Cisco's VPN offerings:

  • Cisco VPN routers—Use Cisco IOS software IPSec support to enable a secure VPN. VPN-optimized routers leverage existing Cisco investment, perfect for the hybrid WAN.

  • Cisco Secure PIX Firewall—Offers a VPN gateway alternative when the security group "owns" the VPN.

  • Cisco VPN Concentrator series—Offers powerful remote access and site-to-site VPN capability, easy-to-use management interface, and a VPN client.

  • Cisco Secure VPN Client—Enables secure remote access to Cisco router and PIX Firewalls and runs on the Windows operating system.

  • Cisco Secure Intrusion Detection System (CSIDS) and Cisco Secure Scanner—Can be used to monitor and audit the security of the VPN.

  • Cisco Secure Policy Manager and Cisco Works 2000—Provide VPN-wide system management.

These components can all be seen in Figure 1-2.

Figure 1-2 Cisco Secure VPN Components

The main Cisco VPN product offerings are discussed in more detail in Chapter 2, "Cisco VPN Family of Products."

2. Internet Protocol Security (IPSec) | Next Section