Chapter20.Remote Access VPN Design and Configuration Solutions

Chapter 20. Remote Access VPN Design and Configuration Solutions

The design of a remote access Virtual Private Network (VPN) solution is concerned with determining the optimum balance between functionality, frugality, and manageability for an organization. All Cisco solutions are competitive in pricing, offer overlapping feature sets, and perform remote access with cryptographic features. As a result, an organization's requirements can be met using a single or combination of Cisco alternatives. This chapter focuses on remote access VPN solutions. The initial part provides more detailed information about the main remote access VPN design objectives, remote access VPN management considerations, and security policies when designing remote access VPN access solutions. This chapter is divided into design and configuration sections.

The remote access VPN design part focuses on a concise description of the following topics:

• Remote access VPN design objectives

• Remote access VPN management considerations

• Security policies, authentication options, IP Security (IPSec) modes, Network Address Translation/Port Address Translation (NAT/PAT) challenges, split tunneling, and firewall functionality

• Remote access VPN core design considerations and architectural guidelines

The remote access VPN configuration part includes the following:

• Configuration of the VPN 3000 Concentrator

• Cisco VPN client configurations, including the VPN Unity Client, the Hardware client, the Easy VPN client, and the PIX-based client