1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Slides:

Advertisements

Similar presentations

What’s New in Fireware XTM v11.3.4

Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Internet Protocol Security (IP Sec)

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.

Meraki Mobile Device Management

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 2: Teleworker Connectivity.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)

Internet Protocol Security (IPSec)

Remote Networking Architectures

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

TOSIBOX LOCK security options 1 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

Course 201 – Administration, Content Inspection and SSL VPN

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

1 © 1999, Cisco Systems, Inc. The Cisco VPN 3080 Concentrator 0844_04F9_c

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Copyright ©Universalinet.Com, LLC 2009 Implementing Secure Converged Wide Area Networks ( ISCW) Take-Aways Course 1: Cable (HFC) Technologies.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.

BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Wavetrix Changing the Paradigm: Remote Access Using Outbound Connections Remote Monitoring, Control & Automation Orlando, FL October 6, 2005.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—15-1 Lesson 15 Configuring PIX Firewall Remote Access Using Cisco Easy VPN.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—16-1 Lesson 16 Easy VPN Remote—Small Office/Home Office.

Lesson 12 Configuring Security Appliance Remote Access Using Cisco Easy VPN © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—12-1.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Dynamic Host Configuration Protocol DHCP Every device that connects to a network needs a unique IP address. Network administrators assign static IP addresses.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)

Windows Vista Configuration MCTS : Advanced Networking.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Configuring Network Devices

Mobile equipment for vacuum control

Chapter 1 Introduction to Networking

Configuring Network Devices

Chapter 10: Advanced Cisco Adaptive Security Appliance

Providing Teleworker Services

Presentation transcript:

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS Routers, PIX Firewalls, 3000 Series Concentrators & HW Clients & Client

222 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Heterogeneous CPE devices and clients Remote sites without on-site support VPN tunnels over static and dynamic WAN connections Static & dynamic IP addresses Pushing configuration changes once deployed Coordinating custom configuration, IP address and mixed WAN environment (Cable/DSL, PPPoE/hostname) VPN Deployment & Management Challenges Configuration ? Configuration ? Configuration ? Configuration ? IP Address ?? Central Site Teleworkers VPN Repository VPN Tunnels Mobile Workers Small Branch Office Internet

333 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco VPN Clients T1 Cable, DSL Small Branch Office Cisco 800 / uBR 900 Cisco 1700 CVPN 3002 Home Office Central Site VPN Gateways with Cisco Easy VPN Server - Cisco VPN30xx - Cisco IOS® Routers with 12.2(8)T - PIX® Firewalls with 6.0+ Cisco Easy VPN Server Accepts VPN connection from Cisco VPN clients and Cisco Easy VPN Remote devices Cisco Easy VPN Remote Eliminates complex remote-side configuration simplifying VPN deployments Dial-Up Cisco Easy VPN Solutions Leverages Cisco Unified Client Framework Cisco PIX 501 Home Office Cable, DSL Internet

444 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Easy VPN Family T1 Cable, DSL Small Branch Office Home Office Dial-Up Home Office Cable, DSL Internet Routers: 800 Series uBR900 Series 1700 Series Security Appliances: PIX 501 CVPN 3002 Cisco VPN Client CISCO Easy VPN Remotes Routers: 1700 Series 2600 Series 3600 Series 7100/7200 Series Security Appliances: PIX Firewall Series CVPN 3000 Series CISCO Easy VPN Servers

555 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Scalable Deployment & Management VPN Solution HQ / ISP Configuration A Configuration A Configuration A Configuration A Central Site Teleworkers VPN Tunnels Small Branch Office Mobile Workers Internet Policy Updates Cisco Easy VPN Remote and Server Support for all Cisco VPN Clients Dynamic policy updates, pushed to each CPE and clients Dynamic VPN tunnels over static and dynamic WAN connections Dynamic & static IP addresses Cisco Easy VPN server on VPN gateway with security policy repository (Cisco CVPN 3000, Cisco IOS Router, PIX Firewall)

666 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Easy VPN Benefits Central Site Cisco IOS Router, VPN Concentrator, PIX Firewall Browser-based GUI on Cisco 800, 900, Cisco PIX 501 FW & CVPN VPN established from remote CPE/Client with new policy in place Internet 1. Remote CPE contact central site for authentication, & provide information 2. Policy update delivered to designated CPE & PC clients Support dynamic connections w/VPN Availability Lower cost connection for customers More control by SP or Enterprise Enable small or large deployments without user intervention Simplified configuration during deployment Automated initiation Pre-configuration for faster uptime Enforce consistent VPN Policy on all remote devices Interoperability across Cisco access and security devices No head end changes when adding extra devices Cisco 800, 900 Series Router, Cisco PIX 501 FW, CVPN 3002 Cisco 1700, 2600, 3600 Series Router, Cisco PIX Firewall, CVPN 3002

777 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Easy VPN Remote Initiation on Cisco Routers & Security Appliances Optional user initiation of Cisco Easy VPN Connection 1. Configure Basic Connection LAN Interface WAN Interface DNS Address DHCP Address NAT / PAT Configuration (optional) 2. Configure Cisco Easy VPN Specifics Mode (client or network ext.) Peer address VPN tunnel interface Group name and password User name and password Initiate Dynamic VPN 100% pre-configured and automated initiation Optional: admin final set up with CLI, Telnet or console port Optional: user final set up (Cisco 800 & uBR900, CVPN 3002 and Cisco PIX 501 FW only) Group Name, Group Password, Peer IP Address, Host Name Optional: dynamic/ongoing device authentication Admin Configures Cisco Easy VPN Server Crypto Ipsec 1p A Internet

888 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Push VPN Policy with Cisco Easy VPN HQ Cisco 1700 SBO VPN functions are assigned IKE Mode Config Attributes; several parameters may be pushed at once Attributes Internal IP Address Internal NetMask Internal DNS Server Internal WINS Server Split tunnel allowed when VPN tunnel is up (remote site traffic goes in the clear) Central Site Teleworker / Small Branch Office Cisco Easy VPN Server on Central Site Gateways with security policy repository (Cisco CVPN 3000, Cisco IOS Router, Cisco PIX Firewall) Mobile Workers Internet

999 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Simple Set with GUI – Example Cisco 800 Series Router Setting up Cisco Easy VPN Remote Non-technical users can enable Easy VPN with simple login information provided by IT No pre-configuration required, standard router configuration can be used Cisco Easy VPN Remote GUI support on Cisco 800, 900, Cisco PIX Firewalls, and CVPN 3002

10 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Summary - Cisco Easy VPN Benefits Streamlines VPN deployments for remote offices and teleworkers Simplifies on-going VPN management Ensures and applies up-to-date policies before connections are established Removes complex remote-side administration burden Provides a consistent policy, key management and system management approach for all Cisco VPN CPE devices – routers, security appliances and software clients

11 © 2000, Cisco Systems, Inc. F0_7082_c2

12 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Easy VPN Roadmap Stateless failover via dead peer detection Cisco Easy VPN Split tunneling (with tunnel up) and Cisco IOS Firewall enabled (available today with static configuration) Easy VPN Split tunneling (with tunnel down) and Cisco IOS Firewall enabled Support for multiple VPN tunnels User authentication for Cisco IOS routers