Professional Documents
Culture Documents
Presentation_ID
The proliferation of the networked economy has spawned fundamental changes in how corporations conduct business. Corporate staff is no longer defined by where they do their jobs as much as how well they perform their job functions. Competitive pressures in many industries have spawned alliances and partnerships among enterprises, requiring separate corporations to act and function as one when facing customers. While such developments have increased productivity and profitability for many corporations, they have also created new demands on the corporate network. A network focused solely on connecting fixed corporate sites is no longer feasible for many companies. Remote users, such as telecommuters or road warriors, and external business partners now require access to enterprise computing resources. Extending the enterprise network to accommodate these users is not easily accomplished with a classic wide-area network (WAN) or an enterprise-owned wide-area switching infrastructure. Consequently, many enterprises are considering virtual private networks (VPNs) to complement their existing classic WAN infrastructures.
Market Potential
Gartner Group, by 2003 nearly 100% of enterprise accounts will supplement their WAN with VPNs Motivation?
VPNs can meet diverse connectivity needs VPNs are less expensive to operate in terms of management, band-with, and capital Payback in months instead of years
Presentation_ID
1998, Cisco Systems, Inc.
According to the Gartner Group, a networking research and consulting firm, by 2003 nearly 100 percent of enterprises will supplement their WAN infrastructures with VPNs. From a network architecture perspective, the motivation for this is manifesta VPN can better meet todays diverse connectivity needs. The advantages of a VPN, however, are also visible at the bottom line. VPNs are less expensive to operate than private networks from a management, bandwidth, and capital perspective. Consequently, the payback period for VPN equipment is generally measured in months instead of years. Perhaps the most important benefit of all, however, is that VPNs enable enterprises to focus on their core business objectives instead of running the corporate network.
Internet WANs will be the primary means of building intranets by the year 2001 Forrester 11/97
Presentation_ID
Cisco VPN solutions encompass all segments of the networking infrastructureplatforms, security, network services, network appliances, and managementthus providing the broadest set of VPN service offerings across many different network architectures. Ciscos support of existing WAN infrastructures is essential in accommodating hybrid network architectures, where users will require access to the VPN from leased line, frame relay, as well as IP and Internet VPN connections. Leveraging existing network gear in these deployment scenarios is paramount; wholesale infrastructure replacement to accommodate VPN deployment is infeasible. Cisco VPN solutions enable corporations to deploy VPNs on their existing Cisco networking gear. Ciscos entire line of router platforms is easily VPN-enabled through Cisco IOS software enhancements, thus providing corporations a smooth migration path to a VPN environment. Through Cisco IOS software enhancements, Ciscos installed base of VPN ready ports numbers nearly 10 million today.
Ciscos network architecture flexibility and ubiquity make Cisco uniquely positioned as the guide to the new world of VPNs
Presentation_ID
Network architecture flexibility and ubiquity make Cisco uniquely positioned as the guide to the new world of VPNs. Industry-leading Cisco platforms, including routers, WAN switches, access servers, and firewallscombined with robust security and management services afforded by Cisco IOS softwareare the foundation for deploying the most comprehensive set of VPN service offerings available. Cisco VPN solutions tightly integrate the many facets of VPNs with existing Cisco products, ensuring the smooth integration of VPN technology into Cisco enterprise networks. The breadth of Cisco solutions, such as voice over the enterprise WAN, are fully compatible with Cisco VPN platforms. Furthermore, the ubiquity of Cisco equipment in service provider IP, Frame Relay, and ATM backbones provides the means for a high degree of feature integration over the WAN, including common QoS functions across service provider and enterprise networks.
Presentation_ID
There is much hype in the industry currently concerning VPNs, their functionality, and how they fit in the enterprise network architecture. Simply defined, a VPN is an enterprise network deployed on a shared infrastructure employing the same security management, and throughput policies applied in a private network. VPNs are an alternative WAN infrastructure that replace or augment existing private networks that utilize leased-line or enterprise-owned Frame Relay/ATM networks. VPNs do not inherently change WAN requirements, such as support for multiple protocols, high reliability, and extensive scalability, but instead meet these requirements more cost effectively. A VPN can utilize the most pervasive transport technologies available today: the public Internet, service provider IP backbones, as well as service provider Frame Relay and ATM networks. The functionality of a VPN, however, is defined primarily by the equipment deployed at the edge of the enterprise network and feature integration across the WAN, not by the WAN transport protocol itself.
VPN Defined
A network deployed on a shared network providing the same security, management, and throughput as a private network VPNs dont change WAN requirements, but instead meet the requirements more cost effectively
Presentation_ID
Types of VPNs
Presentation_ID
VPNs are segmented into three categories: remote access, intranets, and extranets. remote access VPNs connect telecommuters, mobile users, or even smaller remote offices with minimal traffic to the enterprise WAN and corporate computing resources. An intranet VPN connects fixed locations, branch and home offices, within an enterprise WAN. An extranet extends limited access to enterprise computing resources to business partners, such as suppliers or customers, enabling access to shared information. Each type of VPN has different security and quality of service (QoS) issues to consider.
Telecommuters
Dial / ISDN
Networking
infrastructure
Internet IP-VPN
Mobile Users Partners / Customers
Mobile Users
Security and
management infrastructure
Presentation_ID
1998, Cisco Systems, Inc.
Remote Sites
10
VPNs and VPDNs are exciting technologies which have the potential to dramatically slash the cost of providing network support to remote offices and mobile users. By leveraging the Internet and the services provided by ISPs, you can tightly integrate the corporate intranet with remote users, and cut costs at the same time.
10
11
VPNs offer many advantages over traditional, leased-line networks. Some of the primary benefits are: Lower cost than private networks; total cost of ownership is reduced through lower cost transport bandwidth, backbone equipment, and operations; according to Infonetics, a networking management consulting firm, LAN-to-LAN connectivity costs are typically reduced by 20 to 40 percent over domestic leased-line networks; cost reduction for remote access is in the 60 to 80 percent range Proliferation of the Internet economy; VPNs are inherently more flexible and scalable network architectures than classic WANs, thereby enabling enterprises to easily and cost effectively connect and disconnect remote offices, international locations, telecommuters, roaming mobile users, and external business partners as business requirements demand Reduced management burdens compared to owning and operating a private network infrastructure, enterprises may outsource some or all of their WAN functions to a service provider, enabling enterprises to focus on core business objectives, instead of managing a WAN or dial-access network Simplify network topologies, thus reducing management burdens; utilizing an IP backbone eliminates permanent virtual circuits (PVCs) associated with connection oriented protocols such as Frame Relay and ATM, thereby creating a fully meshed network topology while actually decreasing network complexity and cost
11
Management:Enforcing QoS policies Platform scalability:ability to adapt the VPN to meet bandwidth and connectivity needs
Presentation_ID
12
VPN solutions are defined by the breadth of features offered. A VPN platform must be secure from intrusion and tampering, deliver mission-critical data in a reliable and timely manner, and be manageable across the enterprise. Unless each of these requirements is addressed, the VPN solution is incomplete. The essential elements of a VPN can be segmented into five broad categories: SecurityTunneling, encryption, packet authentication, user authentication, and access control AppliancesFirewalls, intrusion detection, and active security auditing VPN ServicesQuality of service (QoS) functions like queuing, network congestion avoidance, traffic shaping, and packet classification, as well as VPN routing services utilizing EIGRP, OSPF, and BGP ManagementEnforcing security and QoS policies across the VPN and monitoring the network Platform ScalabilityEach of these elements must be scalable across VPN platforms ranging from a small office configuration through the largest enterprise implementations; the ability to adapt the VPN to meet changing bandwidth and connectivity needs is crucial in a VPN solution.
12
Open Architecture
Scalability
Presentation_ID
13
Satisfying these VPN requirements does not necessarily require replacement of an existing wide-area networking infrastructure. Cisco VPN solutions augment existing WAN infrastructures to meet the enhanced security, reliability, and management requirements present in a VPN environment. Ciscos existing router portfolio is VPN-capable, with VPN features deployable through Cisco IOS software. In some VPN deployments, depending on encryption performance requirements and WAN topology, the Cisco portfolio of VPN-optimized routers may be a better alternative. VPN-optimized routers offer optional hardware extensibility for enhanced security performance. Implementing VPN solutions on either portfolio of VPN routers enables robust VPN deployment using existing Cisco networking gear, thus preserving enterprise investments in networking infrastructures.
13
Tunnel support
IPsec, Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding (L2F), and Generic Routing Encapsulation (GRE)
Encryption Support
DES, and 3DES, support for major certificate authorities like Verisign, Entrust, and Netscape
Presentation_ID
14
Cisco VPN solutions employ encrypted tunnels to protect data from being intercepted and viewed by unauthorized entities and to perform multiprotocol encapsulation, if necessary. Tunnels provide logical, pointto-point connections across a connectionless IP network, enabling application of advanced security features in a connectionless environment. Encryption is applied to the tunneled connection to scramble data, thus making data legible only to authorized senders and receivers. In applications where security is less of a concern, tunnels can be employed without encryption to provide multiprotocol support without privacy. Cisco VPNs employ IPSec, Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding (L2F), and Generic Routing Encapsulation (GRE) for tunnel support, as well as the strongest standard encryption technologies availableDES and 3DES. Furthermore, Cisco VPN solutions support major certificate authority vendors, like Verisign, Entrust, and Netscape, for managing security/encryption administration.
14
Presentation_ID
15
While interception and viewing of data on a shared network is the primary security concern for enterprises, data integrity is also an issue. On an unsecured network, packets can be intercepted by a perpetrator, the contents changed, then forwarded on to their destination with erroneous information. For example, an order placed to a supplier over an unsecured network could be modified by a perpetrator, changing the order quantity from 1000 to 100. Packet authentication protects against such tampering by applying headers to the IP packet to ensure its integrity. Components of IP Security, authentication header (AH) and Encapsulation Security Protocol (ESP) are employed in conjunction with industry-standard hashing algorithms such as MD-5 and Secure Hash Algorithm (SHA) to ensure data integrity of packets transmitted over a shared IP backbone.
15
Intrusion Detection operates with firewall to analyze the content and context of individual packets to determine if they are authorized
NetRanger:
Presentation_ID
16
A critical part of an overall security solution is a network firewall, which monitors traffic crossing network perimeters and imposes restrictions according to security policy. In a VPN application, firewalls protect enterprise networks from unauthorized access to computing resources and network attacks, such as denial of service. Furthermore, for authorized traffic, a VPN firewall verifies the source of the traffic and prescribes what access privileges users are permitted. Cisco VPN solutions provide enterprises flexibility in firewall choices, offering Cisco IOS software-based firewalls resident on VPN routers, as well as the separate PIX Firewall appliance. An added element of insurance in perimeter security is intrusion detection. While firewalls permit or deny traffic based on source, destination, port, and other criteria, they do not actually analyze traffic. Intrusion detection systems, such as Cisco NetRanger, operate in conjunction with firewalls to extend perimeter security to the packet payload level by analyzing the content and context of individual packets to determine if the traffic is authorized. If a networks data stream experiences unauthorized activity, NetRanger automatically applies real-time security policy, such as disconnecting the offending session, and notifies a network administrator of the incident. The NetRanger products provide automated monitoring and response of more robust network security while simultaneously reducing personnel costs associated with perimeter monitoring. Monitoring traffic and intrusion detection provide strong defense mechanisms against network attacks, but strong security begins inside the corporate network by ensuring that security vulnerabilities are minimized. Security auditing systems like, Cisco's NetSonar, scan the corporate network identifying potential security risks. NetSonar maps all active systems on a network, their operating systems and network services, and their associated potential vulnerabilities. NetSonar also proactively and safely probes systems using its comprehensive network security database to confirm vulnerabilities, and provides detailed information about security vulnerabilities enabling network managers to better secure the network from attacks.
16
Presentation_ID
17
User Authentication
A key component of VPN security is making sure authorized users gain access to enterprise computing resources they need, while unauthorized users are shut out of the network entirely. Cisco VPN solutions are built around authentication, authorization, and accounting (AAA) capabilities that provide the foundation to authenticate users, determine access levels, and archive all the necessary audit and accounting data. Such capabilities are paramount in the dial access and extranet applications of VPNs. Cisco VPN solutions support Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+) user authentication platforms.
17
Presentation_ID
18
QoS is an essential component in efficient use of precious WAN bandwidth and ensuring reliable throughput of important data. The bursty nature of network traffic characteristically makes poor use of network bandwidth by sending too many packets into the network at once or congesting network bottlenecks. The result is twofold: WAN links are often under utilized, letting expensive bandwidth lie dormant; network congestion during peak times constrains throughput of delay-sensitive and mission-critical traffic. It is a lose/lose situation. QoS determines the networks ability to assign resources to mission-critical or delay-sensitive applications, while limiting resources committed to low-priority traffic. QoS addresses two fundamental requirements for applications run on a VPN: predictable performance and policy implementation. Policies are used to assign network resources to specific users, applications, project groups, or servers in a prioritized way. Components of QoS that apply to Layer 2 and Layer 3 VPNs are as follows: Packet classificationassigns packet priority based on enterprise network policy. Committed access rate (CAR)guarantees minimum throughput levels to specific applications and users based on enterprise network policy. Weighted Fair Queuing (WFQ)allocates packet throughput based on packet priority. Weighted Random Early Detection (WRED)complements TCP in predicting and managing network congestion on the VPN backbone, ensuring predictable throughput rates. Tag Switching/Multiprotocol Label Switching (MPLS)ensures continuity of packet priority across Layer 2 and Layer 3 VPNs. Generic traffic shaping (GTS)smooths bursty traffic and packet trains to ensure optimal average utilization of VPN WAN links. Border Gateway Protocol (BGP) propagationenables the QoS policies to extend to traffic in both directions of the VPN connection These QoS mechanisms complement each other, working together in different parts of the VPN to create a comprehensive end-to-end QoS solution. QoS solutions must be integrated across all parts of the VPN to be effective; single point solutions cannot ensure predictable performance.
18
Presentation_ID
19
VPNs integrate multiple security and QoS services in addition to the network devices themselves. Enterprises need to seamlessly manage these devices and features across the VPN infrastructure, including remote access and extranet users. Given these issues, network management becomes a major consideration in a VPN environment. A VPN WAN architecture, however, affords network managers the opportunity to outsource many aspects of network management. Unlike in a private network architecture, a VPN enables enterprises to define what level of network control they need to retain in-house, while outsourcing less sensitive functions to service providers.
19
Presentation_ID
20
Many companies choose to retain full control over deployment and daily operation of their VPN, and thus require a comprehensive, policy-based management system. Such a system extends the existing management framework to encompass WAN management functions unique to VPNs. Cisco enterprise network management provides a comprehensive suite of tools for managing devices, security policies, and services across any size VPN. As the WAN is extended with VPN technology, a strict set of business requirements must be met for the enterprise network manager to be successful. These requirements include: Minimize riskmoving from a dedicated infrastructure to a shared infrastructure that utilizes WAN transport mediums, such as the public Internet, presents the network manager with new security and auditing challenges; network managers must be able to extend VPN access to multiple corporate sites, business partners, and remote users, while assuring the integrity of the corporate data resources Scalethe rapid addition of mobile users and business partners to the VPN requires network managers to expand the network, make hardware and software upgrades, manage bandwidth, and maintain security policies with unprecedented speed and accuracy Costto fully realize the cost benefits of a VPN, network managers must be able to implement new VPN technologies and provision additional network users without growing the operations staff at a proportional rate
20
Main Office
PSTN
NAS
PPP/SLIP
NAS-Initiated Tunnel
Presentation_ID
1998, Cisco Systems, Inc.
21
When implementing a remote access VPN architecture, an important consideration is where to initiate tunneling and encryptionon the dialup client or on the network access server (NAS). In a client-initiated model, the encrypted tunnel is established at the client using IPSec, L2TP, or PPTP, thereby making the service provider network solely a means of transport to the corporate network. An advantage of a clientinitiated model is that the last mile service provider access network used for dialing to the point of presence (POP) is secured. An additional consideration in the clientinitiated model is whether to utilize operating system embedded security software or a more secure supplemental security software package. While supplemental security software installed on the client offers more robust security, a drawback to this approach is that it entails installing and maintaining tunneling/ encryption software on each client accessing the remote access VPN, potentially making it more difficult to scale. In a NAS-initiated scenario, client software issues are eliminated. A remote user dials into a service providers POP using a PPP/SLIP connection, is authenticated by the service provider, and, in turn, initiates a secure, encrypted tunnel to the corporate network from the POP using L2TP or L2F. With a NAS-initiated architecture, all VPN intelligence resides in the service provider networkthere is no end-user client software for the corporation to maintain, thus eliminating client management burdens associated with remote access. The drawback, however, is lack of security on the local access dial network connecting the client to the service provider network. In a remote access VPN implementation, these security/management trade-offs must be balanced.
21
Ubiquitous Access
Dial, ISDN xDSL, Cable, and Mobile IP
IPSec
Client-Initiated
Access independent Standards evolution / deployment
Corporate Headquarters
Presentation_ID
22
These are the standard features typically provided with an Access VPN
22
Intranet VPNs
Remote Office
VPN Router
Tunnels
Main Office
IPsec/GRE
IPsec/GRE
Internet/IP
VPN Router
Remote Office
VPN Router
IPsec/GRE
Presentation_ID
23
Intranet VPNs are an alternative WAN infrastructure that can augment or replace private lines or other private WAN infrastructures by utilizing shared network infrastructures provided by service providers. Intranet VPNs are built using the Internet or service provider IP, Frame Relay, or ATM networks. Intranet VPNs built on an IP WAN infrastructure utilize IPSec or GRE to create secure tunnels across the network to carry WAN traffic. When combined with service provider backbone QoS mechanisms, QoS functions such as WFQ, WRED, GTS, and CAR employed on corporate network edge routers ensure efficient use of WAN bandwidth and reliable throughput. The benefits of an intranet VPN are as follows: Reduced WAN bandwidth costs Connect new sites easily Increased network uptime by enabling WAN link redundancy across service providers Building an intranet VPN using the Internet is the most cost-effective means of implementing VPN technology. Service levels,however, are generally not guaranteed on the Internet. When implementing an intranet VPN, corporations need to assess which\ trade-offs they are willing to make between guaranteed service levels, network ubiquity, and transport cost. Enterprises requiring guaranteed throughput levels should consider deploying their VPNs over a service providers endto-end IP network, or, potentially, Frame Relay or ATM.
23
Public Internet-based Ubiquitous connectivity Low cost Throughput and latency concerns Constrained by lack of interISP SLAs
Presentation_ID
1998, Cisco Systems, Inc.
Provided by single ISP: controls all access and backbone facilities With QoS control Enables SLAs to be delivered/enforced
24
24
Extranets
Business Partner
VPN Router
Tunnels
Main Office
IPsec/GRE
Internet/IP
L2TP/L2F VPN Router
Presentation_ID
25
Extending connectivity to corporate partners and suppliers is expensive and burdensome in a private network environment. Expensive dedicated connections must be extended to the partner, management and network access policies must be negotiated and maintained, and often compatible equipment must to be installed on the partners site. When dial access is employed, the situation is equally complicated because separate dial domains must be established and managed. Due to the complexity, many corporations do not extend connectivity to their partners, resulting in complicated business procedures and reduced effectiveness of their business relationships. One of the primary benefits of a VPN WAN architecture is the ease of extranet deployment and management. Extranet connectivity is deployed using the same architecture and protocols utilized in implementing intranet and remote access VPNs. The primary difference is the access permission extranet users are granted once connected to their partners network. Choosing a Service Provider Partner With any VPN implementation scenario, service providers become partners in the solution. The performance of a VPN relies not only on the networking equipment chosen, but also on the service providers providing the WAN bandwidth and dialup facilities for remote access. As such, service providers used for VPN implementation should be chosen carefully. Service providers offer various levels of VPN services, from basic connectivity to completely outsourced solutions. Decisions regarding which aspects of the VPN will managed in-house or by the service provider should be reviewed in-depth when choosing service providers. Ultimately, the service providers chosen are partners in the VPN implementation. Consequently, a strong working relationship and established expectations should be a guiding factor in the overall decision process.
25
Main Office
Supplier Customer
Intranet
26
1 - Platforms
Regional Office
Enterprise Core
Cisco 7100 VPN
Cisco 1720
VPN router 2 WIC slots 10/100 Enet Future HW encryption
Cisco 3600
Data, voice and dial 2/4 NM slot Future HW encryption
Telecommuter
Cisco 2600 Cisco 800
Entry-level Cisco IOS ISDN One fixed WAN Simple to install Data, voice and dial 2 WIC + 1 NM slot AIM expansion slot Future HW encryption
Cisco 7200
High Performance High Density Port Adapters 4/6 slot Systems IPSec Accelerator Future HW encryption
Cisco 7500
Distributed Architecture
27
The Cisco 1600 and 1720 routers are positioned for the Small and Medium-sized Businesses and Small Branch Offices. The Cisco 1720 router is an extension of the Cisco 1600 series, with the same desktop form factor and software feature sets, offering higher functionality at a higher price point. The Cisco 2500 and 2600 routers are positioned as enterprise-class solutions for enterprise branch offices, offering rack-mount for wiring closet environments, internal power supply, optional redundant power supply, Token Ring, high-density WAN, and legacy protocol support (DECnet, VINES, APPN). The Cisco 2500 router continues to be the industry-leading fixed-configuration data router, with strong sales across all geographies. The Cisco 2600 routers support the same software feature sets as the 2500 and 3600 series, providing additional capabilities such as voice and dial services at a higher price point. It offers a flexible, modular solution with higher performance; more WAN density such as dual ISDN Primary Rate Interface (PRI), 10 ISDN BRIs, four T1/E1s, 36 async modem interfaces; and support for voice and dial. These four router families are positioned as two winning pairs: Cisco 1600/1720 for Small and Medium-sized Businesses and Small Branch Offices Cisco 2500/2600 for Enterprise branch offices
1998, Cisco Systems, Inc. Presentation_ID.scr 27
1 - Platforms
Flexibility
Autosensing 10/100 Fast Ethernet + two WIC slots + AUX port Any combination of current 1600 WICs and 2600 dual serial WICs
The Cisco 1720 provides 3 key advantages for small/medium businesses and small branch offices: VPN Access Cisco IOS software, the defacto standard for the Internet and private networks, now extends its leadership to VPNs. It provides superior security, QoS, management, reliability/scalability The RISC processor on the Cisco 1720 offers encryption performance. IPSec DES encryption performance: 512 Kbps for 256-byte packets There is an internal expansion slot for future hardware-assisted encryption @ T1/E1 Flexibility Autosensing 10/100 Fast Ethernet + two WIC slots + AUX port Mix and match any combination of current 1600 WICs and 2600 dual serial WICs on the 2 WIC slots Network Device integration The Cisco 1720 provides all-in-one functionality such as router-firewall-encryptionVPN tunnel server-DSU/CSU-ISDN NT1 It is part of Cisco Networked Office stack, which provides an integrated single vendor LAN and WAN solution Global List Price Base Chassis with IP Software and no WIC cards: US $1,795 With IP and one-port T1/E1 Serial WIC = US $1,795 + $400 = US $2,195 With IP and two-port T1/E1 Serial WIC = US $1,795 + $700 = US $2,495
28
VPN Management
Presentation_ID
1998, Cisco Systems, Inc.
The Cisco 7100 Series VPN Router is and integrated VPN router designed for larger regional office and headquarter environments. It integrates key features of VPNs to provide VPN solutions for remote access, intranet, and extranet VPNs as discussed on the previous two slides. Key features include: Feature Rich Routing Ciscos industry leading routing delivered through Cisco IOS, including support for numerous routing protocols and a framework for managing routing and VPN functions Optimized for VPN The Cisco 7100 includes integrated LAN/WAN interfaces for connectivity to the VPN and corporate LAN Range of WAN interfaces are included with the Cisco 7100 from 4T1/E1 to T3/E3 and OC3, available in single and dual interfaces for single or dual homed connectivity to the VPN The Cisco 7100 has a service module slot to accommodate task-specific VPN service processing modules, like the Integrated Services Module for hardware-assisted encryption and tunneling scalability Rich VPN Services The Cisco 7100 integrates all of the VPN services outlined above in the third column. Integrating these features on a single device reduces network complexity associated with deploying numerous single purpose devices, such as firewalls or bandwidth managers, in the network.
29
30
VPNs make sense from a business and technology perspective. VPNs enable businesses to refocus their energies on core business objectives instead of networking needs, while reducing operations and bandwidth costs. Furthermore, VPNs are not an all-or-nothing network decision. VPN can be phased into existing private network architectures offering a flexible migration path for the evolution of private networks. VPN solutions must offer strong security features such as 3DES encryption, scalable tunneling, and packet authentication, as well as transport reliability mechanisms such as WFQ, WRED, GTS, and CAR. VPN solutions must also be interoperable with the existing network infrastructure. Unless each of these features is included in a VPN implementation, the VPN is subject to security and transport reliability issues. The Cisco VPN solution offers an exhaustive feature set to address any security and reliability issues associated with VPN implementations.
30
Cisco provides the broadest set of VPN service offerings across many different network architectures
Presentation_ID
1998, Cisco Systems, Inc.
31
Cisco VPN solutions encompass all segments of the networking infrastructureplatforms, security, network services, network appliances, and managementthus providing the broadest set of VPN service offerings across many different network architectures. Ciscos support of existing WAN infrastructures is essential in accommodating hybrid network architectures, where users will require access to the VPN from leased line, frame relay, as well as IP and Internet VPN connections. Leveraging existing network gear in these deployment scenarios is paramount; wholesale infrastructure replacement to accommodate VPN deployment is infeasible. Cisco VPN solutions enable corporations to deploy VPNs on their existing Cisco networking gear. Ciscos entire line of router platforms is easily VPN-enabled through Cisco IOS software enhancements, thus providing corporations a smooth migration path to a VPN environment. Through Cisco IOS software enhancements, Ciscos installed base of VPN ready ports numbers nearly 10 million today.
31
Thank You
Presentation_ID
32
32