Information Technology Reference
In-Depth Information
Cisco Adaptive Security Appliances (ASA):
Te r m i n a t e I P s e c t u n n e l s a n d a u t h e n -
ticate individual remote users, and provide firewall and intrusion prevention services
■
Network intrusion prevention system (IPS) appliances
■
If you use a remote-access terminal server, this module connects to the PSTN. Today's net-
works often prefer VPNs over remote-access terminal servers and dedicated WAN links.
VPNs reduce communication expenses by leveraging the infrastructure of SPs. For critical
applications, the cost savings might be offset by a reduction in enterprise control and the
loss of deterministic service. Remote offices, mobile users, and home offices access the
Internet using the local SP with secured IPsec tunnels to the VPN/remote access submod-
ule via the Internet submodule.
Figure 2-10 shows a VPN design. Branch offices obtain local Internet access from an ISP.
Te l e w o r k e r s a l s o o b t a i n l o c a l I n t e r n e t a c c e s s . V P N s o f t w a r e c r e a t e s s e c u r e d V P N t u n n e l s
to the VPN server that is located in the VPN submodule of the enterprise edge.
Enterprise Edge
SP Edge
Internet Access
ISP A
Internet Connectivity
Internet
ISP B
VPN Access
Server
Figure 2-10
VPN Architecture
Enterprise WAN
The enterprise edge of the enterprise WAN includes access to WANs. WAN technologies
include the following:
Multiprotocol Label Switching (MPLS)
■
Metro Ethernet
■
Leased lines
■
Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)
■
PPP
■
Frame Relay
■