From: Stefan Grey (examplebrain@hotmail.com)
Date: Tue Jun 06 2006 - 03:50:03 ART
Ok thanks, but another thing I can't understand in V3PN is:
They tell that V3PN gives an oportunity for data,voice,video through single
VPN channel. Why couldn't I do this with just additional Voice bundle with
CCME(which as I remember already have a secure IOS??
2.I know that for VOIP traffic very often Frame-relay is used since it can
provide the same throughput. Voice traffic uses VPN?? There are no problems
with throughput guarantee?? If no problems why in 90% of cases Frame-relay
is used and what is the reason to use VPN?
Thanks.
>From: "Mark Lewis" <mark@mjlnet.com>
>Reply-To: mark@mjlnet.com
>To: examplebrain@hotmail.com
>CC: ccielab@groupstudy.com
>Subject: Re: Need help with VPN!
>Date: Mon, 05 Jun 2006 22:17:48 +0000
>
>Hi,
>
> >>
> >>1. Could you adviese me the link, where I could clearly read about SSL
>VPN.
> >>I read,read and just can't understand the main point.
> >>
>
>
>Providing remote access VPN connectivity is a relatively new application
>for the Secure Sockets Layer (SSL). SSL was designed to secure TCP-based
>protocols and applications such as HTTP (HTTPS), FTP (FTPS), POP3 (POP3S),
>and SMTP (SMTPS).
>SSL is built in to most, if not all, web browsers, and this fact allows the
>deployment of SSL remote access VPNs without the requirement to install
>specific client software on remote user workstations or devices?only a web
>browser is needed for basic (clientless) SSL remote access VPN
>connectivity.
>Although clientless SSL remote access VPNs provide a basic level of access,
>more comprehensive access can be provided through the use of the Cisco SSL
>VPN Client. This software provides users with remote access VPN
>connectivity that is comparable to that provided by IPsec or Layer Two
>Tunneling Protocol (L2TP)/IPsec.
>
>Some advantages and disadvantages of SSL VPNs:
>
>1.SSL remote access VPNs are relatively simple to deploy because it is not
>necessary to install or administer a VPN client on remote user or
>teleworker devices.
>
>2. Clientless SSL remote access VPNs (those accessed using a web browser)
>provide a subset of the functionality provided by IPsec or L2TP/IPsec
>remote access VPNs.
>
>3. SSL remote access VPN functionality can be enhanced by configuring the
>VPN gateway to dynamically download an SSL VPN client to remote user
>devices.
>
>4. SSL VPNs can impose a relatively high CPU overhead on a VPN gateway if
>there are a large number of remote access users. This is due to the high
>CPU overhead incurred by public key operations associated with SSL.
>
>5. Little configuration is required on firewalls and NAT devices to provide
>transit for SSL remote access VPN traffic because SSL is carried over
>(NAT-friendly) TCP.
>
>6. One major disadvantage of SSL remote access VPN has been that universal
>access that they offer can lead to vulnerabilities being introduced into a
>corporate network.
>
>Cisco has addressed these concerns with the introduction of the Cisco
>Secure Desktop.
>
>
> >>2. When I use Cisco VPN Client - the connection is always site-to-site
> >>IPSEC VPN?
> >>
>
>No, there are two broad categories of VPN: site-to-site VPNs and remote
>access VPNs. Site-to-site VPNs connect the sites (such as offices) of an
>organization or organizations, and remote access VPNs allow remote users
>such as teleworkers or 'road-warriors' to connect to the resources at an
>organization's central site.
>
>So, because the Cisco VPN client allows a remote user such as a
>telecommuter or 'road-warrior' to connect to an organization's central
>site, the Cisco VPN client is used in remote access VPNs.
>
>For more on the categorization of VPNs, click on 'Sample Chapter' at:
>
>www.ciscopress.com/title/1587051796
>
>
>
> >>3. Could anybody tell what is the main point with V3PN bundels of ISR.
>What
> >>V3PN gives us??
> >>Since long time I can't get the idea?
> >>
>
>V3PN is really a marketing term, but see the following:
>
>http://www.cisco.com/en/US/products/ps6661/products_ios_protocol_option_home.html
>
>
>
>HTH,
>
>Mark
>
>
>
>CCIE#6280 / CCSI#21051 / JNCIS#121 / etc.
>
>Author:
>
>www.ciscopress.com/title/1587051796
>
>www.ciscopress.com/title/1587051044
>
>
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART