Www.ciscopress.com Copyright 2003 CCNA 4 Chapter 23 Virtual Private Networks By Your Name.

Презентация:



Advertisements
Похожие презентации
Copyright 2003 CCNA 3 Chapter 10 Virtual Trunking Protocol By Your Name.
Advertisements

Copyright 2003 CCNA 4 Chapter 11 Scaling IP Addresses By Your Name.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.
Copyright 2003 CCNA 4 Chapter 22 Developing Network Security and Network Management Strategies By Your Name.
Copyright 2003 CCNA 2 Chapter 17 TCP/IP Suite Error and Control Messages By Your Name.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Categorizing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement the DiffServ QoS Model Implementing QoS Preclassify.
Designing Enterprise Edge Connectivity © 2004 Cisco Systems, Inc. All rights reserved. Designing the Remote Access Module ARCH v
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary The IKE protocol is a key management protocol standard used in conjunction with.
Copyright 2003 CCNA 4 Chapter 14 ISDN and DDR By Your Name.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
Designing Enterprise Edge Connectivity © 2004 Cisco Systems, Inc. All rights reserved. Designing the Internet Connectivity Module ARCH v
Copyright 2003 CCNA 4 Chapter 20 CCNA Certification Exam Review By Your Name.
Designing Virtual Private Networks © 2004 Cisco Systems, Inc. All rights reserved. Designing Remote- Access VPNs ARCH v
Designing Virtual Private Networks © 2004 Cisco Systems, Inc. All rights reserved. Designing Site-to-Site VPNs ARCH v
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Connecting to Remote Networks Using Circuit Switching in WANs.
Designing IP Telephony Solutions © 2004 Cisco Systems, Inc. All rights reserved. Reviewing the Cisco IP Telephony Solution ARCH v
Транксрипт:

Copyright 2003 CCNA 4 Chapter 23 Virtual Private Networks By Your Name

Copyright 2003 Objectives Describe VPN operation Describe VPN implementation Describe Cisco Systems VPNs Describe tunneling Describe Ciscos L2F implementation Describe the end-to-end virtual dialup process Describe highlights of the virtual dialup service

Copyright 2003 Types of VPNs Three types of VPNs exist, aligning to how businesses and organizations use VPNs: –Access VPN –Intranet VPN –Extranet VPN

Copyright 2003 A Logical Topology View of a VPN

Copyright 2003 A Virtual Private Network

Copyright 2003 VPN Implementation Security audit Scope and application needs Documentation Security policy

Copyright 2003 The Cisco Systems VPN Design Tunneling –Passenger protocol –Encapsulating protocol –Carrier protocol Cisco virtual dialup services Cisco L2F implementation End-to-end virtual dialup process

Copyright 2003 Tunneling Tunneling involves three types of protocols: Passenger protocol Protocol being encapsulated. –In a dialup scenario, might be PPP, SLIP, or text dialog. Encapsulating protocol Creates, maintains, and tears down the tunnel. –Cisco supports several encapsulating protocols, including the L2F protocol, which is used for virtual dialup services. Carrier protocol Carries the encapsulated protocol. –IP is used by the L2F protocol because of its robust routing capabilities, ubiquitous support across different media, and deployment within the Internet.

Copyright 2003 End-to-End Virtual Dialup Process Remote user The client dials ISDN/Public Switched Telephone Network (PSTN). Network access server (NAS) The telecommuting device that terminates the dialup calls over either analog (telephone) or digital (ISDN) circuits. Internet service provider (ISP) The dialup services provider can provide itself using a NAS, or can deliver the dialup remote user to a designated corporate gateway. Corporate gateway The destination router that provides access to the services the remote user requests. The services could be a corporation or even another ISP.

Copyright 2003 Ciscos L2F Implementation Neither the remote system nor the corporate hosts should require special software to use this service in a secure manner. Authentication is provided by dialup PPP supporting the following: –CHAP or PAP –Terminal Access Controller Access Control System Plus (TACACS+) –Remote Authentication Dial-In User Service (RADIUS) –Smart cards and one-time passwords –Authentication managed by the user independent of the ISP Addressing will be as manageable as dedicated dialup solutions; the address will be assigned by the remote users respective corporation, not by the ISP. Authorization will be managed by the corporations remote users, as it would be in a direct dialup solution. Accounting can be performed by both the ISP (billing purposes) and by the user (charge back and auditing purposes).

Copyright 2003 Remote User Establishes a PPP Connection

Copyright 2003 Steps Required for a Remote VPN Session

Copyright 2003 Highlights of Virtual Dialup Service Authentication and security Authorization Address allocation Accounting