1. Module 12: Understanding Virtual Private Networks

6. What’s Driving VPN Offerings? Reduced Networking Costs Increased Network Flexibility Mobile Users Telecommuters Organizational Changes Mergers/ Acquisitions Extranets Intranets

10. VPN Technologies © 1999, Cisco Systems, Inc. www.cisco.com

11. VPN Technology Building Blocks Security QoS

17. IPSec VPN Client Operation Remote User with IPSec Client Home Gateway Router Home Network Certificate Authority/ AAA Public Network Exchange X.509 or One-Time Password Secure Tunnel Established Encrypted Data flows Dial Access to Corporate Network IKE Negotiation Authentication Approved

22. VPNs and Quality of Service Voice Premium IP Best Effort Tunnel Conforming Traffic Packet Classification CAR Traffic Policing CAR Congestion Avoidance WRED Tunnel Layer 2TP IPSec, GRE AAA CA PBX

23. Access, Intranet, and Extranet VPNs © 1999, Cisco Systems, Inc. www.cisco.com

24. Three Types of VPNs Type Remote access VPN Application Mobile users Remote connectivity Alternative To Dedicated dial ISDN Intranet VPN Extranet VPN Site-to-site Internal connectivity Leased line Business-to-business External connectivity Fax Mail EDI Time Ubiquitous access, lower cost Benefits Extend connectivity, lower cost Facilitates e-commerce

26. Access VPN Operation Overview SP Network/ Internet POP Corporate Intranet Mobile Users and Telecommuters 1. VPN identification 2. Tunnel to home gateway Security Server 3. User authentication 4. PPP negotiation with user 5. End-to-end tunnel established Home Gateway NAS

27. Access VPN Basic Components Dial Client (PPP Peer) AAA Server (RADIUS/TACACS+) ISDN ASYNC L2TP Access Concentrator AAA Server (RADIUS/TACACS +) L2TP Network Server ( Home Gateway)

30. NAS-Initiated Access VPN NAS [email_address] Home Gateway IP Network

32. The Intranet VPN Enterprise DMZ Web Servers DNS Server STMP Mail Relay AAA CA Remote Office Service Provider A Regional Office Potential Operations and Infrastructure Cost Savings Extends the Corporate IP Network Across a Shared WAN

33. The Extranet VPN Business Partner Enterprise DMZ Web Servers DNS Server STMP Mail Relay AAA CA Service Provider A Service Provider B Extends Connectivity to Business Partners, Suppliers, and Customers Security Policy Very Important Supplier

35. Comparing the Types Intranet Access VPN NAS-Initiated Extranet Type Client-Initiated Router-Initiated X X X X X X X X

36. VPN Examples © 1999, Cisco Systems, Inc. www.cisco.com

37. Health Care Company Intranet Deployment Challenge—Low-cost means for connecting remote sites with primary hospital Primary Hospital Remote Centers Remote Center Public Network Private Network

39. Traditional Dialup Versus Access VPN Monthly long-distance charges per minute Avg. use per day, per user (min) Traditional Dialup Access VPN Number of users Remote access server One-time installation fee: 10 phone lines 20 $4,600 $1,000 $5,000 20 $3,000 $1,000 Number of users Access router, T1/E1, DSU/CSU, firewall VPN client software ($50/user) T1/E1 installation $0.10 90 Central site T1/E1 Intranet access Monthly ISP access ($20/user) $2,500 $400

40. Traditional Dialup Versus Access VPN Traditional Dial-Up Access VPN Number of users Remote access server One-time installation fee-10 phone lines 20 $4,600 $1,000 $5,000 20 $3,000 $1,000 Number of users Access router, T1/E1, DSU/CSU, firewall VPN client software ($50/user) T1/E1 installation One-time capital cost $4,000 One-time capital cost $10,600 Recurring cost $5,400 Recurring cost $2,900 Monthly long distance charges per minute Avg. use per day per user (min) $0.10 90 Central site T1/E1 Intranet access Monthly ISP access ($20/user) $2,500 $400

41. VPN Payback 0 $20,000 $40,000 $60,000 $80,000 1 2 3 4 5 6 7 8 9 10 11 12 Month Payback in 3 months!! Total Cost Traditional VPN

43. Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com