You are previewing The Complete Cisco VPN Configuration Guide.
O'Reilly logo
The Complete Cisco VPN Configuration Guide

Book Description

Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution

  • A complete resource for understanding VPN components and VPN design issues

  • Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients

  • Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience

  • Filled with relevant configurations you can use immediately in your own network

  • With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.

    Part I, “VPNs,” introduces the topic of VPNs and discusses today’s main technologies, including IPsec. It also spends an entire chapter on SSL VPNs, the newest VPN technology and one that Cisco has placed particular emphasis on since 2003. Part II, “Concentrators,” provides detail on today’s concentrator products and covers site-to-site and remote-access connection types with attention on IPsec and WebVPN. Part III covers the Cisco VPN Client versions 3.x and 4.x along with the Cisco3002 Hardware Client. Cisco IOS® routers are the topic of Part IV, covering scalable VPNs with Dynamic Multipoint VPN, router certificate authorities, and router remote access solutions. Part V explains Cisco PIX and Cisco ASA security appliances and their roles in VPN connectivity, including remote access and site-to-site connections. In Part VI, a case study shows how a VPN solution is best implemented in the real world using a variety of Cisco VPN products in a sample network.

    This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

    Table of Contents

    1. Copyright
    2. About the Author
    3. Acknowledgments
    4. Icons Used in This Book
    5. Introduction
    6. VPNs
      1. Overview of VPNs
        1. Traffic Issues
        2. VPN Definition
        3. VPN Components
        4. VPN Designs
        5. VPN Implementations
        6. VPNs: Choosing a Solution
        7. Summary
      2. VPN Technologies
        1. Keys
        2. Encryption
        3. Packet Authentication
        4. Key Exchange
        5. Authentication Methods
        6. Summary
      3. IPsec
        1. IPsec Standards
        2. ISAKMP/IKE Phase 1
        3. ISAKMP/IKE Phase 2
        4. IPsec Traffic and Networks
        5. Summary
      4. PPTP and L2TP
        1. PPTP
        2. L2TP
        3. Summary
      5. SSL VPNs
        1. SSL Overview
        2. When to Use SSL VPNs
        3. Cisco WebVPN Solution
        4. Summary
    7. Concentrators
      1. Concentrator Product Information
        1. Concentrator Models
        2. Concentrator Modules
        3. Concentrator Features
        4. Introduction to Accessing a Concentrator
        5. Summary
      2. Concentrator Remote Access Connections with IPsec
        1. Controlling Remote Access Sessions to the Concentrator
        2. IPsec Remote Access
        3. Network Access Control (NAC) for IPsec and L2TP/IPsec Users
        4. Summary
      3. Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN
        1. PPTP and L2TP Remote Access
        2. WebVPN Remote Access
        3. Summary
      4. Concentrator Site-to-Site Connections
        1. L2L Connectivity Example
        2. ISAKMP/IKE Phase 1 Preparation
        3. Adding Site-to-Site Connections
        4. Address Translation and L2L Sessions
        5. Summary
      5. Concentrator Management
        1. Bandwidth Management
        2. Routing on the Concentrator
        3. Chassis Redundancy
        4. Administration Screens
        5. Summary
      6. Verifying and Troubleshooting Concentrator Connections
        1. Concentrator Tools
        2. Troubleshooting Problems
        3. Summary
    8. Clients
      1. Cisco VPN Software Client
        1. Cisco VPN Client Overview
        2. Cisco VPN Client Interface
        3. IPsec Connections
        4. VPN Client GUI Options
        5. VPN Client Software Updates
        6. VPN Client Troubleshooting
        7. Summary
      2. Windows Software Client
        1. Windows Client
        2. Configuring the Windows VPN Client
        3. Configuring the VPN 3000 Concentrator
        4. Microsoft Client Connections
        5. Troubleshooting VPN Connections
        6. Summary
      3. 3002 Hardware Client
        1. Overview of the 3002 Hardware Client
        2. Initial Access to the 3002
        3. Authentication and Connection Options
        4. Connection Modes
        5. Administrative Tasks
        6. Summary
    9. IOS Routers
      1. Router Product Information
        1. Router Deployment Scenarios
        2. Router Product Overview
        3. Summary
      2. Router ISAKMP/IKE Phase 1 Connectivity
        1. IPsec Preparation
        2. ISAKMP/IKE Phase 1 Policies
        3. ISAKMP/IKE Phase 1 Device Authentication
        4. Monitoring and Managing Management Connections
        5. Routers as Certificate Authorities
        6. Summary
      3. Router Site-to-Site Connections
        1. ISAKMP/IKE Phase 2 Configuration
        2. Viewing and Managing Connections
        3. Issues with Site-to-Site Connections
        4. Summary
      4. Router Remote Access Connections
        1. Easy VPN Server
        2. Easy VPN Remote
        3. IPsec Remote Access and L2L Sessions on the Same Router
        4. WebVPN
        5. Summary
      5. Troubleshooting Router Connections
        1. ISAKMP/IKE Phase 1 Connections
        2. ISAKMP/IKE Phase 2 Connections
        3. New IPsec Troubleshooting Features
        4. Fragmentation Problems
        5. Summary
    10. PIX Firewalls
      1. PIX and ASA Product Information
        1. PIX Deployment Scenarios
        2. PIX and ASA Feature and Product Overview
        3. Summary
      2. PIX and ASA Site-to-Site Connections
        1. ISAKMP/IKE Phase 1 Management Connection
        2. ISAKMP/IKE Phase 2 Data Connections
        3. L2L Connection Examples
        4. Summary
      3. PIX and ASA Remote Access Connections
        1. Easy VPN Server Support for 6.x
        2. Easy VPN Remote Support for 6.x
        3. Easy VPN Server Support for 7.0
        4. Summary
      4. Troubleshooting PIX and ASA Connections
        1. ISAKMP/IKE Phase 1 Connections
        2. ISAKMP/IKE Phase 2 Connections
        3. Summary
    11. Case Study
      1. Case Study
        1. Company Profile
        2. Case Study Configuration
        3. Summary
    12. Index