Virtual Private Networks

Many organizations deploy virtual private networks (VPN) to provide data integrity, authentication, and data encryption to ensure confidentiality of the packets sent over an unprotected network or the Internet. VPNs are designed to avoid the cost of unnecessary leased lines. Many different protocols are used for VPN implementations, including the following:

Point-to-Point Tunneling Protocol (PPTP)

Layer 2 Forwarding (L2F) Protocol

Layer 2 Tunneling Protocol (L2TP)

Generic routing encapsulation (GRE)

Multiprotocol Label Switching (MPLS) VPN

Internet Protocol Security (IPsec)

Secure Sockets Layer (SSL)

VPN implementations can be categorized into two distinct groups:

Site-to-site VPNs: Enable organizations to establish VPN tunnels between two or more network infrastructure devices in different sites so that they can communicate over a shared medium such as the Internet. Many organizations use IPsec, GRE, or MPLS VPN as site-to-site VPN protocols.

Remote-access VPNs: Enable users to work from remote locations such as their homes, hotels, and other premises as if they were directly connected to their corporate network. Many organizations use IPsec and SSL VPN for remote access VPNs.

In Chapter 5, “Fundamentals of VPN Technology and Cryptography,” and Chapter 6, “Fundamentals of IP Security,” you learned the fundamentals of VPN technologies and IPsec. In Chapter 7, “Implementing IPsec Site-to-Site VPNs,” and Chapter 8, “Implementing SSL Remote Access VPNs Using Cisco ASA,” you learned how to implement and configure site-to-site and remote-access SSL VPNs.