On completing this chapter, you will be able to
Explain IPSec
Describe the difference between transport mode and tunnel mode
Explain transform sets
Understand the difference between ESP and AH
Describe antireplay protection
A virtual private network (VPN) is a service that offers a secure, reliable connection over a shared public infrastructure such as the Internet. Cisco defines a VPN as an encrypted connection between private networks over a public network. To date, there are three types of VPNs:
Remote access
Site-to-site
Firewall-based
The remote access VPN solution is shown in Figure 12-1. Telecommuters and mobile phone users use remote access VPNs to work on the corporate network while out of the office.
In the past, telecommuters and mobile phone users used dial-in connections to access the corporate network, but corporations had to pay for phone lines and the speed was unsatisfactory. Now with the use of VPNs and broadband Internet access, a mobile user can access the corporate site from almost any location, and the speed has greatly improved.
Another VPN solution is site-to-site, as shown in Figure 12-2.
In the past, leased lines and Frame Relay connections were used to connect different sites. Now, almost all companies have Internet access, so VPNs can be used to connect sites together.
The last available solution is the firewall-based solution. This is almost the same as a site-to-site setup, as you can see in Figure 12-3.
In a site-to-site setup, the VPN originates on one router and ends on another, whereas in a firewall-based solution, the routers are replaced by firewalls. The difference between the two is not in setup but in security. Typically, this approach is used when corporate security manages the VPN connections because then corporate security is in control of everything.