From: Mark Lewis (mark@mjlnet.com)
Date: Mon Jun 05 2006 - 19:17:48 ART
Hi,
>>
>>1. Could you adviese me the link, where I could clearly read about SSL VPN.
>>I read,read and just can't understand the main point.
>>
Providing remote access VPN connectivity is a relatively new application for the Secure Sockets Layer (SSL). SSL was designed to secure TCP-based protocols and applications such as HTTP (HTTPS), FTP (FTPS), POP3 (POP3S), and SMTP (SMTPS).
SSL is built in to most, if not all, web browsers, and this fact allows the deployment of SSL remote access VPNs without the requirement to install specific client software on remote user workstations or devices?only a web browser is needed for basic (clientless) SSL remote access VPN connectivity.
Although clientless SSL remote access VPNs provide a basic level of access, more comprehensive access can be provided through the use of the Cisco SSL VPN Client. This software provides users with remote access VPN connectivity that is comparable to that provided by IPsec or Layer Two Tunneling Protocol (L2TP)/IPsec.
Some advantages and disadvantages of SSL VPNs:
1.SSL remote access VPNs are relatively simple to deploy because it is not necessary to install or administer a VPN client on remote user or teleworker devices.
2. Clientless SSL remote access VPNs (those accessed using a web browser) provide a subset of the functionality provided by IPsec or L2TP/IPsec remote access VPNs.
3. SSL remote access VPN functionality can be enhanced by configuring the VPN gateway to dynamically download an SSL VPN client to remote user devices.
4. SSL VPNs can impose a relatively high CPU overhead on a VPN gateway if there are a large number of remote access users. This is due to the high CPU overhead incurred by public key operations associated with SSL.
5. Little configuration is required on firewalls and NAT devices to provide transit for SSL remote access VPN traffic because SSL is carried over (NAT-friendly) TCP.
6. One major disadvantage of SSL remote access VPN has been that universal access that they offer can lead to vulnerabilities being introduced into a corporate network.
Cisco has addressed these concerns with the introduction of the Cisco Secure Desktop.
>>2. When I use Cisco VPN Client - the connection is always site-to-site
>>IPSEC VPN?
>>
No, there are two broad categories of VPN: site-to-site VPNs and remote access VPNs. Site-to-site VPNs connect the sites (such as offices) of an organization or organizations, and remote access VPNs allow remote users such as teleworkers or 'road-warriors' to connect to the resources at an organization's central site.
So, because the Cisco VPN client allows a remote user such as a telecommuter or 'road-warrior' to connect to an organization's central site, the Cisco VPN client is used in remote access VPNs.
For more on the categorization of VPNs, click on 'Sample Chapter' at:
www.ciscopress.com/title/1587051796
>>3. Could anybody tell what is the main point with V3PN bundels of ISR. What
>>V3PN gives us??
>>Since long time I can't get the idea?
>>
V3PN is really a marketing term, but see the following:
http://www.cisco.com/en/US/products/ps6661/products_ios_protocol_option_home.html
HTH,
Mark
CCIE#6280 / CCSI#21051 / JNCIS#121 / etc.
Author:
www.ciscopress.com/title/1587051796
www.ciscopress.com/title/1587051044
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART