| With the availability of so many high-speed and affordable WAN connections, it's no wonder that companies large and small have embraced VPN technology. The key to the popularity of VPNs is that they can replace traditionally high-priced dedicated WAN connections for a fraction of the cost. Some of the key advantages of a VPN over a traditional leased line are Lower costs Flexibility Simplified management
 | It might seem obvious, but make sure you can describe what a VPN offers and how it compares to leased lines. |
VPNs provide three critical functions: confidentiality, integrity, and authentication (CIA): Confidentiality or encryption A sender of a packet can encrypt the packet before it is transmitted across the network, thereby preventing anyone eavesdropping on a conversation from being able to read the data. Data integrity The receiver of the packet can verify that it has not been altered or changed. Origin authentication The receiver can also verify the source of the packet as the sender of the data.
Some of the VPN technologies are Generic Routing Encapsulation (GRE), Layer 2 Forwarding (L2F), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec. The types of packets you will be sending dictate what VPN options you will use, such as the level of encryption and whether it is unicast, multicast, or a protocol besides IP. One thing to point out is that neither LT2P nor GRE support data encryption by themselves; you need to combine them with an encryption protocol. IPSec is the focus of this chapter. | Traffic that is IP unicast should only use IPSec. If you need to send multiple protocols or multicast traffic, use GRE or L2TP. IPSec doesn't support multicast or any protocol other than IP. |
Whenever you hear of VPNs, you normally think of a tunnel. A tunnel is a virtual point-to-point connection; it carries one protocol inside of another, takes clear text and encrypts it, then the other end of the tunnel decrypts the data back to cleartext. The encrypted data is known as ciphertext. There are four major VPN topologies: Types of VPNs Cisco organizes VPN solutions into two categories: Remote access VPNs Connect remote users to the enterprise. Remote access clients are usually routers and VPN clients, and there are two types: Client initiated Remote users use VPN clients to establish the secure tunnel to the enterprise. They are an extension to dial-in networks. The client VPN is usually terminated at a router, firewall, or concentrator. Network access server (NAS) initiated A remote user connects to the Internet service provider (ISP), and the ISP builds a secure tunnel to the enterprise.
Site-to-site VPNs Connect entire networks to an enterprise network. They are an extension to the classic WAN network. They can be built by routers, firewalls, and concentrators, and there are two types:
|
