cisco ppt vpn 2400

8/10/2019 cisco ppt vpn 2400

1/27

1 2000, Cisco Systems, Inc.

2400

1190_05_2000_c2 1

Course Number

1190_05_2000_c2 1999, Cisco Systems, Inc. 1 2000, Cisco Systems, Inc.

2400

1190_05_2000_c2


2400

1190_05_2000_c2

Introduction to VPNsIntroduction to VPNs

Extending the Classic WAN

Session 2400


Session 2400

8/10/2019 cisco ppt vpn 2400

2/27


2400

1190_05_2000_c2

AgendaAgenda

VPN ChoicesChoosing Whats Right For You

Understanding the Build ing Blocks of a VPN

Security

Platforms

Quality of Service

Network and Service Monitoring

Next Steps and Real World Deployments

Q&A


2400

1190_05_2000_c2

What Is a VPN?What Is a VPN?

MainOffice

HomeOffice

POP

MobileWorker

BusinessPartner

RemoteOffice

RegionalOffice

Connectivity Deployed on a SharedInfrastructure with the Same Policies and

Performance as a Private Network

Virtual Private

Network

8/10/2019 cisco ppt vpn 2400

3/27


2400

1190_05_2000_c2

The VPN TimelineThe VPN Timeline

1996 IETF IPSec Draft Standard

1997 IKE Reference Code

Diffie/Hellman Patent Buyout

1998 Simple Certificate Enrollment Protocol (SCEP)

Campus VPN

1999 Remote Access VPN

2000 IETF PKIX CMC

Accelerated VPN Services

2001 Secure Streaming Services

Audio/Video/Voice


2400

1190_05_2000_c2

MainOffice

MobileWorkers

RegionalOffice

HomeOffices

RemoteOffice

Private Line Network

Classic WANClassic WAN

8/10/2019 cisco ppt vpn 2400

4/27


2400

1190_05_2000_c2

MainOffice

MobileWorkers

BusinessPartners

??

HomeOffices

RegionalOffice

RemoteOffice

Very

RemoteOffice

??

??1000s of Remote

WorkersPrivate Line Network

Classic WANTodays New Challenges

Classic WANTodays New Challenges


2400

1190_05_2000_c2

MainOffice

MobileWorkers

BusinessPartners

?

HomeOffices

RegionalOffice

RemoteOffice

VeryRemote

Office

?

?1000s of RemoteWorkers

Internet/IPVPN

Private Line Network

VPNs Extend the Classic WANVPNs Extend the Classic WAN

8/10/2019 cisco ppt vpn 2400

5/27


2400

1190_05_2000_c2

Multiservice/Voice

Telecommuters

Partners

CustomersVery Remote Sites

Networked Applications

EnterpriseWAN

Connectivity

Enabling the Internet EconomyEnabling the Internet Economy


2400

1190_05_2000_c2

RemoteOffice

MainOffice

VPN

POP

HomeOffice

POP

MobileWorker

Remote Access VPNRemote Access VPN

Secure, scalable,Secure, scalable,encrypted tunnelsencrypted tunnelsacross a publicacross a publicnetwork, clientnetwork, clientsoftwaresoftware

Cost savings overCost savings overtoll-free numbertoll-free numberexpendituresexpenditures

BusinessPartner

Extranet VPNExtranet VPN

Extends WANsExtends WANsto businessto businesspartnerspartners

Safe L3 securitySafe L3 security

IntranetIntranet VPNVPN

Low cost , tunneledLow cost, tunneledconnections withconnections withrich VPN services,rich VPN services,like IPSeclike IPSecencryption and QoSencryption and QoSto ensure reliableto ensure reliablethroughputthroughput

Cost savings overCost savings overFrame Relay andFrame Relay andleased linesleased lines

Types of Virtual Private NetworksTypes of Virtual Private Networks

8/10/2019 cisco ppt vpn 2400

6/27


2400

1190_05_2000_c2

VPN

Central Site

Intranet

ExtranetBusiness-to-Business

Site-to-Site:Intranet and Extranet

Extension of classic WAN

VPN services and scalable

performance

POPDSL

Cable

Remote Access

Remote Access

Extension of dial

User manageability anddeployment scalability

The Challenge andOpportunityof Broadband Access

VPN Applications andRequirements

VPN Applications andRequirements


2400

1190_05_2000_c2

Internet

CorporateNetwork

Encrypted IPEncrypted IP

Access VPN: Client InitiatedAccess VPN: Client Initiated

Encrypted tunnel from the remote clientto the corporate network

Independent of broadband access technology

Standards compliantIPSec encapsulated tunnel

IKE key management

Fully interoperableCisco IOSand other IPSec-compliant systems

8/10/2019 cisco ppt vpn 2400

7/27


2400

1190_05_2000_c2

MainOffice

RemoteOffice

RemoteOffice

Service Prov ider

POP

POP

POPInternet/IP VPNs

VPN Types: Intranet VPNVPN Types: Intranet VPN

Extends the connectionlessIP model across a shared WAN

Reduces application development time

Reduces support costs

Reduces line costs


2400

1190_05_2000_c2

Service Provider

BusinessPartner

SupplierCustomer

Main

Office

POPPOP

POPPOP

POPPOP

RemoteOffice

RemoteOffice

VPN Types: Extranet VPNVPN Types: Extranet VPN

Extend connectivity to suppliers, customers, and business partners

Over a shared infrastructu re

Using dedicated connections

While ensuring proper level of authorized access

Internet/IP VPNs

8/10/2019 cisco ppt vpn 2400

8/27


2400

1190_05_2000_c2

POP

Internet

Remote Router or Firewall Initiated

POP

IPSecEncrypted

Tunnel

For Site-to-Site ConnectivityIntranets and Extranets

Router/Firewall-Init iated VPNRouter/Firewall-Initiated VPN


2400

1190_05_2000_c2

Layer 3Layer 2

Internet VPN IP VPN

Intranet VPNExtranet VPNIntranet VPNExtranet VPN

FR ATM

VPNs Come in Many FlavorsVPNs Come in Many Flavors

8/10/2019 cisco ppt vpn 2400

9/27


2400

1190_05_2000_c2

VPNsWho Does WhatVPNsWho Does What

Enterprise ManagedEnterprise Managed

InternetVPN

Service Provider ManagedService Provider Managed

IPVPN

Service Provider providesbasic VPN connectivity

Enterprise manages QoS,

security, SLA, andconfiguration of VPNfunctions

Service Provider providesturnkey VPN

Enterprise outsources design,

provis ioning and management Enterprise controls security


2400

1190_05_2000_c2

VPN Equipment OptionsVPN Equipment Options

Multiple devices

Separatemanagement

ServiceProvider

Firewa

ll

Encrypt

SLA Probe

Integrated services

Scalable performance

Simplified provisioning

B/wM

gr.

ServiceProvider

8/10/2019 cisco ppt vpn 2400

10/27


2400

1190_05_2000_c2 19 2000, Cisco Systems, Inc.

2400

1190_05_2000_c2

VPN SecurityVPN Security


2400

1190_05_2000_c2

Security Office

TraditionalLocks

Guard

SecurityCamera

Card KeyCard Key

Security: A Physical AnalogySecurity: A Physical Analogy

8/10/2019 cisco ppt vpn 2400

11/27


2400

1190_05_2000_c2

PolicyPolicy

Elements of Network SecurityElements of Network Security

Corporate security policy

Secure

Identification

Provide authentication servicesPerimeter contro l

Restrict and manage access to networkresources

Protect against denial-of-service attacks, etc.

Data privacyVPN

Ensure data confidentiality

Security monitoring

Detect and react to int ruders

Test

Recognize network vu lnerabilities

Policy Management

Centralized control of security services


2400

1190_05_2000_c2

Why VPN Security?Why VPN Security?

VPNs are shared IPnetworks (untrusted)

VPNs need robustsecurity like classic WANs

Authentication

Integrity and confidentiality

VPNs needauditing/monitoring:How do you know yourVPN is secure?

8/10/2019 cisco ppt vpn 2400

12/27


2400

1190_05_2000_c2

IPSec Technology ReviewIPSec Technology Review

IETF standard enables encrypted communication between users and devices

Implemented transparently into the network infrastructure

Scales from small to very large networks

Open standard enables multivendor in teroperability

Included in Cisco IOS 11.3 and later

Router to Router

PC to ServerRouter to Firewall

PC to Router


2400

1190_05_2000_c2

IP HDRIP HDR

Encrypted

IP HDRIP HDR DATADATA

IPSec HDRIPSec HDR DATADATA

Tunnel ModeTunnel Mode

Transport ModeTransport Mode

IP HDRIP HDR DATADATA

IPSec HDRIPSec HDR IP HDRIP HDRNew IP HDRNew IP HDR

Encrypted

DATADATA

IPSec ModesIPSec Modes

Tunnel mode:appliedto an IP tunnel

Outer IP header specifiesIPSec processing

destination

Inner IP header specifiesultimate packet destination

Transport mode:between two hosts

Header after IP header,before TCP/UDP header

8/10/2019 cisco ppt vpn 2400

13/27


2400

1190_05_2000_c2

CACA?Internet

B A N K

CACA

Public Key InfrastructurePublic Key Infrastructure

Digital certification identity mechanism for users and devices(electronic ID card)

Certificate Authori ty (CA) verifies identity and signs digitalcertificate, and deals with certif icate creation, storage,distribution, revocation, recovery

Certificate Authorities help provide scalability Cisco IOS interoperates with:

Verisign Onsite for IPSec, Entrust VPN Connector, Baltimore Technolog ies,Microsoft


2400

1190_05_2000_c2

IPSec Linking SitesIPSec Linking Sites

Device authentication

Crypto devices obtain digitalcertificates f rom CAs

Authorization

Packet selection via ACLs

Security Association (SA)established via IKE

Privacy and integrity

IPSec-based encryptionand digital signature

Security Associationsare a scarce resource

CertificateAuthority

D

igita

lCertific

ate

DigitalC

ertific

ate

SA

AuthenticatedEncryptedTunnel

Encrypted

Clear TextInternal Network

Internal Network

Digital CertificateDigital Certificate

ISAK

MPSe

ssion

8/10/2019 cisco ppt vpn 2400

14/27


2400

1190_05_2000_c2

Corporate Network

CertificateAuthor ity

Internet

ServiceProvider

Remote Office

Intrusion Detection

RouterPIX

DMZ

Mobile User

Security Scanner

Security Manager

Policy Server

Manufacturing

IOS Firewall

CiscoSecure

VPN Client

Business Partner

Message

Message

DigitalCertificate

DigitalCertificate

Secure VPN: IdentitySecure VPN: Identity


2400

1190_05_2000_c2

Corporate Network


Internet

ServiceProvider

Remote Office

Intrusion Detection

RouterPIX

DMZ

Mobile User

Security Scanner

Security ManagerPolicy Server

Manufacturing

IOS Firewall

CiscoSecure

VPN Client

Business Partner

Secure VPN: Data PrivacySecure VPN: Data Privacy

8/10/2019 cisco ppt vpn 2400

15/27


2400

1190_05_2000_c2

Corporate Network


Internet

ServiceProvider

Remote Office

Intrusion Detection

RouterPIX

DMZ

Mobile User

Security Scanner

Security Manager

Policy Server

Manufacturing

IOS Firewall

CiscoSecure

VPN Client

Business Partner

Hacker

Secure VPN: Perimeter SecuritySecure VPN: Perimeter Security


2400

1190_05_2000_c2

Corporate Network


Internet

ServiceProvider

Remote Office

Intrusion Detection

RouterPIX

DMZ

Mobile User

Security Scanner

Security ManagerPolicy Server

Manufacturing

IOS Firewall

CiscoSecure

VPN Client

Business Partner

Hacker

Secure VPN: Security MonitoringSecure VPN: Security Monitoring

8/10/2019 cisco ppt vpn 2400

16/27


2400

1190_05_2000_c2

Corporate Network


Internet

ServiceProvider

Remote Office

Intrusion Detection

RouterPIX

DMZ

Mobile User

Security Scanner

Security Manager

Policy Server

Manufacturing

IOS Firewall

CiscoSecure

VPN Client

Business Partner

Policy

Policy

PolicyPolicy

Policy

Update

Policy

Secure VPN: Policy ManagementSecure VPN: Policy Management


2400

1190_05_2000_c2

E-VPN PlatformsE-VPN Platforms


2400

1190_05_2000_c2

8/10/2019 cisco ppt vpn 2400

17/27


2400

1190_05_2000_c2

ScalableEncryptionProcessor(SEP)

ScalableEncryptionProcessor(SEP)

Remote Access VPNCisco VPN 3000 Concentrator Series

Remote Access VPNCisco VPN 3000 Concentrator Series


2400

1190_05_2000_c2

Cisco Site-to-Site VPN SolutionsScalabil ity for Every Site

Cisco Site-to-Site VPN SolutionsScalabil ity for Every Site

MainOffice

Small Office/Home Office

RemoteOffice

Internet/IP VPNRegional

Office

Cisco 1700 SeriesCisco 1700 Series

VPN-optimizedVPN-optimized

router connectingrouter connectingremote offices atremote offices atT1/E1 speedsT1/E1 speeds

Cisco 800, UBr900, andCisco 800, UBr900, and1400 Series1400 Series

VPN-optimized routers forVPN-optimi zed routers forISDN, DSL, and cableISDN, DSL, and cableconnectivityconnectivity

Cisco 2600 and 3600 SeriesCisco 2600 and 3600 Series

VPN-optimized routersVPN-optimized routers

connectingconnectingbranch andbranch andregional offices atregional offices atnxT1/E1 speedsnxT1/E1 speeds

Cisco 7100, 7200 and 7500 SeriesCisco 7100, 7200 and 7500 Series

7100 for dedicated VPN7100 for dedicated VPNhead-end; 7200, and 7500head-end; 7200, and 7500

for hybrid private WAN andfor hybrid private WAN andVPN connectivi tyVPN connectivi ty

8/10/2019 cisco ppt vpn 2400

18/27


2400

1190_05_2000_c2

MainOffice

Small Office/Home Office

RemoteOffice

Internet/IP VPNRegional

Office

Site-SpecificSite-Specific

ScalabilityScalability Range of platforms toRange of platforms to

meet requirementsmeet requirements

from ISDN to DS3+from ISDN to DS3+

Investment ProtectionInvestment Protection Encryption accelerationEncryption acceleration

modularity and softwaremodularity and softwareextensionsextensions

Device IntegrationDevice Integration VPN-Securi ty, L3VPN-Securi ty, L3

routing, QoS, Servicerouting, QoS, Service

level validation, andlevel validation, anddiverse VPN accessdiverse VPN accessmediamedia

Feature InteroperabilityFeature Interoperability Single device solutionSingle device solution

ensures interoperabilityensures interoperability

of all VPN servicesof all VPN services

Site-to-Site VPN SolutionsSite-to-Site VPN Solutions


2400


2400

1190_05_2000_c2

E-VPN

Services

E-VPN

Services

8/10/2019 cisco ppt vpn 2400

19/27


2400

1190_05_2000_c2

Make optimum use ofVPN WAN link(s)

Provide bandwidth and priorityto mission-critical apps

Control non-mission-criticalapplications

Exploit differentiatedservices offered byService Provider

QoS Benefits for VPNs

CPE FunctionsCPE Funct ions

Packet classification

Packet marking

WAN-link bandwidthmanagement

Measurement

SP FunctionsSP Functions

Adhere to SLA

Throughput

Latency

Availabi li ty

Control congestion

ISP

Quality of Service in a VPNQuality of Service in a VPN


2400

1190_05_2000_c2

Non-Classified Traffic

Classi

fier

QoSM

arking

Crypto

Engin

e

Tunneled and Encrypted Packetwith QoS Preservation

Output QueuingISP

End-to-End

IPSec TOS PreservationIPSec TOS Preservation

Enables classification for encrypted andtunneled VPNs

Supports ISP Differentiated Services offerings

Preserves QoS Signaling end-to-end

8/10/2019 cisco ppt vpn 2400

20/27


2400


2400

1190_05_2000_c2

E-VPNManagement

E-VPNManagement


2400

1190_05_2000_c2

Internet /IP VPN

VPN Security ManagementVPN Security Management

IPSec

IKE

Certif

icate

Certif

icate

Headquarters

IntrusionDetection

Pix

RegionalOffice

Securi ty ManagerCentralizedSecurity PolicyControl

ACLManagerManagesAccessControl Lists

CertificateAuthor ityIssue DigitalCertificates

8/10/2019 cisco ppt vpn 2400

21/27


2400

1190_05_2000_c2

VPN Bandwidth ManagementVPN Bandwidth Management

Headquarters

IntrusionDetection

Pix

QoS MonitorMonitorsTraffic

Distribution

SAA

Service LevelManagerSLA Monitoring

andMeasurement

QoS PolicyManagerCentralized

BandwidthManagementPolicy Control

Internet /IP VPN

Regional

Office


2400

1190_05_2000_c2

Next StepsNext Steps


2400

1190_05_2000_c2

8/10/2019 cisco ppt vpn 2400

22/27


2400

1190_05_2000_c2

Major VPN ChallengesMajor VPN Challenges

Mobility

Streaming services

Voice, video, audio

Scalable deployment

Policy management


2400

1190_05_2000_c2

Local Standardsand Practices

Role ofRegulation

ConflictingNationalPolicies

Non-Technology ChallengesNon-Technology Challenges

8/10/2019 cisco ppt vpn 2400

23/27


2400

1190_05_2000_c2

Network Manager Provides ongoing

application andconfigurationmanagement andhelp desk support

Network Manager Provides ongoing

application andconfigurationmanagement andhelp desk support

Service Provider Supplies VPN

equipment and addsQoS to bandwidthoffering

Service Provider Supplies VPN

equipment and addsQoS to bandwidthoffering

50%50%

50%50%

Increasing Enterprise Network RoleIncreasing Enterprise Network Role

90%90%

10%10%

Network Manager

Buys products fromVPN vendor

Manages network

Network Manager

Buys products fromVPN vendor

Manages network

Service Provider Supplies basic

Internet access

Service Prov ider Supplies basic

Internet access

10%10%

90%90%

Net Manager Administers

security server

Net Manager Administers

security server

Service Prov ider Supplies complete

VPN solution,including service,training, and helpdesk

Service Provider Supplies complete

VPN solution,including service,training, and helpdesk

VPN Deployment OptionsVPN Deployment Options

Increasing Service Provider RoleIncreasing Service Provider Role


2400

1190_05_2000_c2

Cost-Effectiveness of VPNRemote Access*

Cost-Effectiveness of VPNRemote Access*

*Numbers are quoted on an annual basis for 1000 users.

In-HouseIn-House VPNVPN

$957,000$957,000

$500,000$500,000

$440,000$440,000

$185,000$185,000

$750,000$750,000

$75,000$75,000

$2,907,000$2,907,000

$700,000$700,000

$450,000$450,000

$0$0

$100,000$100,000

$550,000$550,000

$0$0

$1,800,000$1,800,000

SavingsSavings

$257,000$257,000

$50,000$50,000

$440,000$440,000

$85,000$85,000

$200,000$200,000

$75,000$75,000

$1,107,000$1,107,000

38%38%

Ports and Tollfree AccessPorts and Tollfree Access

Network BackboneNetwork Backbone

StaffingStaffing

SecuritySecurity

24 x 7 Help Desk24 x 7 Help Desk

Network ManagementNetwork Management

Totals:Totals:

Savings Based onVPN Solution (1000 Users)Savings Based onVPN Solution (1000 Users)

8/10/2019 cisco ppt vpn 2400

24/27


2400

1190_05_2000_c2

ChimeLink

CT HospitalAssociation

CharterCommunications

Laurel

Cable

CoxCommunications

Physicians

Home/Office

CableModems

T1

T1

PIX Firewall

Clinical DataRepository

Encrypted IP TunnelEncrypted IP TunnelIPSec Client

Cisco 3640

Waterbury HospitalWaterbury Hospital

1. Requirement Fast/secure access

to patient records

2. Solution Extranet VPN Via Cable modems and IPSec

3. Benefit High speed access to new applications More detailed patient information for doctors


2400

1190_05_2000_c2

Internet56K

Connection

Encrypted IP TunnelEncrypted IP Tunnel

Media CompanyMedia Company1. Requirement

Reliable/low-cost Access f rom remote off ice

2. Solution Intranet VPN Via From Delhi to Hong Kong Lease line From Hong Kong

to US HQ

3. Benefit 10x cost savings over Frame Relay Deployment in 3 weeks vs 6 months Expanding VPN to other remote sites around wor ld

DelhiIndia

Singapore

LeasedLine

UnitedStates

Cisco 1720

Cisco 3600

8/10/2019 cisco ppt vpn 2400

25/27


2400

1190_05_2000_c2

Altera SemiconductorAltera Semiconductor

Internet

TorontoCisco 2610 ISDN

Encrypted IP TunnelEncrypted IP Tunnel

1. Requirement Reliable/low-cost/secure Connections to remote offices and

telecommuters

2. Solution Intranet and Remote Access VPN

3. Benefit Fast/flexible deployment Higher speeds Secure communications

Cisco 3640Gateway

Cisco 7120VPN Router

Santa CruzCisco 2621

DSL

UnitedKingdom

IPSec Client

T1

San Jose HQ

FremontCable Modem


2400

1190_05_2000_c2

Additional Information

www.cisco.com/go/evpn

www.cisco.com/go/security

www.cisco.com/go/securityassociates

Networking Professionals Community

White Papers, ISPs with CiscoPowered VPN Services, Design Guides,Data Sheets, 3rd Party Solutions

8/10/2019 cisco ppt vpn 2400

26/27


2400

1190_05_2000_c2

Are You Ready?Are You Ready?

Multiservice/Voice

Telecommuters

Partners

CustomersVery Remote Sites

Networked Applications

VirtualPrivate

Networks


2400


2400

1190_05_2000_c2

Introduction to VPNs


Session 2400

8/10/2019 cisco ppt vpn 2400

27/27


2400

1190_05_2000_c2

Please Complete YourEvaluation Form

Please Complete YourEvaluation Form

Session 2400Session 2400


2400

1190_05_2000_c2

Date post:	02-Jun-2018
Category:	Documents
Upload:	mehdimehdi
View:	240 times
Download:	0 times

cisco ppt vpn 2400

Documents