Information Technology Reference
In-Depth Information
on the WAN cloud have full-mesh characteristics. Partial-mesh topologies can give you
more options and flexibly for where to place the high-redundancy VCs based on your spe-
cific requirements.
One of the goals of remote-access network design is to provide a unified solution that al-
lows for seamless connectivity as if the users are on the HQ LAN. The primary function
of remote access is to provide your users access to internal resources and applications. Be-
cause connection requirements drive the technology selection process, it is important that
you analyze the application and network requirements in addition to reviewing the avail-
able service provider options.
The following summarizes typical remote-access requirements:
Best-effort interactive and low-volume traffic patterns
■
Key
To p i c
Connections to the enterprise edge using Layer 2 WAN technologies (consider capital
and recurring costs)
■
Vo i c e a n d I P s e c V P N s u p p o r t
■
Remote-access network connections are enabled over permanent always-on connections
or on-demand connections. Technologies include digital subscriber line (DSL), cable, wire-
less 802.11 a/b/g/n LAN, and 3G/4G wireless WAN (WWAN). However, these remote-ac-
cess technologies might or might not be available, so it is best to check the availability for
the location in your network design.
VPNs are typically deployed over some kind of shared or public infrastructure. VPNs are
similar to tunnels in that they carry traffic over an existing IP infrastructure. VPN tech-
nologies use the Internet, ATM/Frame Relay WANs, and point-to-point connected IP in-
frastructures to transport data from end to end. A disadvantage of using VPNs over public
networks is that the connectivity is best effort in nature and troubleshooting is also diffi-
cult because you do not have visibility into the service provider's infrastructure.
Figure 7-2 shows VPN connectivity options.
The three VPN groups are divided by application:
Access VPN:
These types of VPN connections give users connectivity over shared
networks such as the Internet to their corporate intranets. Users connect remotely us-
ing cable/DSL, wireless LAN, or 3G/4G WWAN. Remote network connectivity into
the corporate network over the Internet is typically outsourced to an Internet service
provider (ISP), and the VPN clients are usually supported by the internal helpdesk.
Two architectural options are used to initiate the VPN connections: client-initiated or
network access server (NAS)-initiated VPN connections. Client-initiated VPN con-
nections let users establish IPsec encrypted sessions over the Internet to the corpo-
rate VPN terminating device. NAS-initiated VPN connections are where
connect to the NAS and then the NAS sets up a VPN tunnel to the corporate
■
Key
To p i c
