Virtual Private Networking allows you to securely utilize the public Internet for transmitting your sensitive corporate information.
virtual private networking
In less than a decade remote network access has grown from a futuristic notion to a vital element of almost every corporate network. Thanks to the global reach of the Internet, corporations can now hire professionals from a talent pool that covers the entire country or even the world. Field sales people can use corporate network resources to boost efforts in their own territories. By sharing network communications, suppliers can strengthen their bond with customers, and consultants can remove more barriers between their services and their clients. Analysts estimate that as many as eight million people telecommute in one way or another. E-mail and World Wide Web services have become linchpins of corporate communications, and laptop computers are a simple fact of life for anyone who moves on the job.
As these factors fuel the demand for remote access capability, companies are seeking ways to provide greater connectivity at lower cost and with fewer administration and maintenance hassles. All this, of course, without sacrificing the requirements of on-demand service from anywhere in the world. That's where Virtual Private Networking (VPN) technology, such as that used in the VPN Access Servers from Cisco Systems and other vendors come into play.
The Remote Access Dilemma
The traditional remote access model was simple enough. Have users dial into a bank of modems to establish a connection, and then have the modems route the connection through a port on a remote access server and onto the corporate network. While such systems allowed the pioneers of remote access to gain the functionality they needed, they also came with a hefty price tag. Not only did customers have to bite the bullet in order to purchase a remote access server; they also had to pay long-distance charges for every remote user. In addition, the corporate MIS department felt the strain. To them, remote access meant a serious time drain. Many network managers report that remote access configuration and support can take up more than half of their on-the-job time.
VPN: A Better Way
In order to offer VPN technology, vendors must address the capabilities of the Internet itself. The Internet is designed for TCP/IP traffic only. However, IPX (Novell) traffic constitutes more than 60% of all local network traffic in the U.S., and though IP use in intranets and extranets is growing rapidly, multiprotocol support is mandatory on most remote access links. Multiprotocol traffic is accommodated through a process called tunneling.
VPN: Remote Access You Can Afford
How Tunneling Works
Netalliance recommends the IPSec protocol for maximum application and inter-vendor compatibility. Tunnel servers work by performing three basic operations.
Authentication - For Secure Connection
Other popular tunneling protocols rely on PPP authentication routines (CHAP and PAP) to verify tunnel requests. Authentication occurs before the connection is established. Once the connection has been established, however, there is no further authentication of packets. Make sure you know what kind of authentication is provided with any VPN product you consider.
Encryption - For Data Privacy
A Comparison of Tunneling Protocols
The Cisco 3XXX and 5XXX concentrators establish secure tunnels using the IETF IPSec standard. IPSec operates at Layer 3 of the OSI model. This means that the VPN concentrator produces straight IP packets that are compatible with every ISP and every IP router in the world.
For additional applications and compatibility, the Cisco concentrators also offer L2TP and PPTP tunneling protocols. The following table provides a comparison between IPSec and L2TP/PPTP.
IPSec [Cisco IOS, 3XXX and 5XXX]
L2TP - Layer 2 Tunneling Protocol [Cisco IOS, 3XXX, 5XXX]
Netalliance VPN Access products comply with these IETF standards:
Cisco Systems 5000-Series VPN Access Servers
The 5000-Series VPN Access Servers, along with the included client software for Windows-XX and Macintosh machines, provides secure access to corporate IP and IPX networks. The VPN Access Server supports up to 1000 simultaneous tunnel connections supporting IP-in-IP and IPX-in-IP encapsulation. Your remote users install Cisco 5000 VPN Client Software on their PCs and make a simple local call to an ISP, eliminating expensive long-distance charges. All tunnel connections utilize the IETF's IPSec and GRE standards for encapsulation as well as MD5 digital signature authentication, and DES and 3DES (Data Encryption Standard) encryption. These features make the 5000-Series VPN Access Servers one of the most cost-effective secure remote access solution available today.
Cisco Systems 3000-Series VPN Concentrators provide a scalable virtual private network (VPN) solution for customer premise and service provider environments. The VPN Concentrator Series supports remote access, LAN-to-LAN and Extranet applications and is specifically focused at addressing bandwidth-intensive broadband connections. It supports a wide range of client software including the Cisco 3000 VPN Client (IPSec), Windows Dial-up Networking (PPTP), and Windows 2000 (L2TP over IPSec). Combining high availability and high performance, the VPN Concentrator Series supports up to 5000 concurrent sessions. These connections are exemplary of emerging high performance desktop applications, such as real-time graphics and integrated voice, video and data, as well as the new breed of high-speed remote connections, such as cable and digital subscriber line (DSL). Specifically designed for corporations that require secure access for their remote employees, partners and customers via the Internet, the 3000-Series VPN Concentrators are based on an open standards approach that complements customers' existing network architecture The 3000-Series VPN solution is manageable through an embedded HTML server with SSL support that can be accessed using a standard web browser of your choice. For added convenience Microsoft's Internet Explorer and Netscape Navigator are included with Cisco's client software package. VPN Concentrator:
Cisco Systems IOS can also participate in VPNs. Implemented as a 'feature pack' software upgrade to their IOS operating system,
the amazingly versatile software at the heart of each Cisco router. Depending on the hardware platform, this feature
pack is available with either DES or 3DES encryption technology, and supports the IPSec standards for tunneling TCP/IP
only. A key issue
to consider is that since the encryption engine is software-based, the maximum encrypted throughput is limited by the
CPU horsepower available in the router. Many low- and medium-range routers offered by Cisco do not have sufficient
processor power to handle more than a few simultaneous remote-access client connections or LAN-LAN connections. Contact
Netalliance for more detailed recommendations.
Phone 651-556-9600; Fax 651-645-7550; email@example.com
All rights reserved. All material copyright. Netalliance, Inc. © 1995-2005. Updated: June 12, 2008.