Remote-access Guide

cisco remote access design

by Ava Treutel Published 2 years ago Updated 2 years ago
image

The design for remote access VPN

Virtual private network

A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. …

connections includes Cisco AnyConnect Secure Mobility Client, Cisco Duo, Cisco Umbrella and Cisco Advanced Malware Protection (AMP) for Endpoints. These components are discussed later in the document. Components of secure remote worker solution

Full Answer

IPSec VPN

IPSec is a group of security protocols for encrypting IP packets between two hosts and thereby creating a secure tunnel. IPSec uses open standards and provides secure communication between peers to ensure data confidentiality, integrity, and authenticity through network layer encryption.

Cisco Easy VPN

Although VPNs provide a high level of authentication and encryption of data between endpoints, it also increases the complexity for the end user to set up and configure. Cisco Easy VPN remote feature reduces the difficultly with setting up VPN endpoints by using the Cisco VPN Client protocol.

IPSec DMVPN

DMVPN is a Cisco IOS solution for building IPsec + GRE VPNs in a dynamic and scalable manner.

IPsec Virtual Tunnel Interface (VTI)

Virtual tunnel interface (VTI) is a new IPsec VPN design option available in Cisco IOS software. VTI has some interesting advantages over previous IPsec design options, including support for dynamic routing protocols and IP multicast without using GRE or mGRE type interfaces.

Metro Ethernet

Many ISPs are offering Metro Ethernet services for providing the high bandwidth for MAN (metropolitan area network); these are based on Ethernet, IP, and optical technologies such as dense wavelength-division multiplexing (DWDM).

MPLS

MPLS provide a fast method for transferring the packet in data network by assigning labels. MPLS can run on many L2 technologies, including ATM, Frame Relay, PPP, Packet over SONET (POS), and Ethernet.

What is remote access network?

An increasing number of companies are designing and implementing Remote Access Networks, which allow users who are not physically connected to a Wide Area Network (WAN) or Local Area Network (LAN) to access the network's servers, applications and databases or to participate in video conferencing and conference calls. The ability for a remote user to function as if they were in the next office dramatically improves overall efficiency while reducing total cost of ownership. Cisco Systems, the world's largest internetworking vendor, is the pioneer of the enabling technologies for Remote Access Networks. This book will identify and explain all of the Cisco products necessary for designing and building a remote access network and integrating it with legacy systems.

Why is NAT important for remote access?

NAT is a feature within the Cisco lOS that permits an organization's IP address structure to appear differently to outside networks than the actual address space it is using. This allows organizations to connect to the Internet without using globally unique addressing schemes internally. Cisco uses a concept called Easy IP to provide easy Internet access to small remote offices. Basically, the router at the premises is configured as a DHCP server to automatically allocate IP addresses to the hosts. In this manner, the router handles administration of addresses automatically. The router is next configured to use PAT to NAT all the internal hosts to a single inside global address that is obtained automatically from a remote access server only if there is traffic to send. So, using Easy IP, IP address allocation, NAT translation, and router IP address selection are all handled automatically.

What is ISDN and DDR?

ISDN stands for Integrated Services Digital Network and is an International Telecommunication Union Telecommunication Standardization (ITU-T) term for a digital technology that replaces traditional analog telephone equipment with new high-speed digital equipment. ISDN was developed to overcome problems with the PSTN analog network. This chapter discusses the advantage of ISDN and dial-on-demand routing (DDR) to enhance remote connectivity. DDR can be used with technologies such as ISDN and Public Switched Telephone Networks (PSTN) and allows connections to be established and disconnected on an as-needed basis, which can result in substantial cost savings. There are two types of DDR configuration: legacy DDR and dialer profiles. The routing issues that occur when implementing DDR solutions and the various options available for maintaining routing tables without a permanent connection are presented in the end.

What is WAN connection?

Wide Area Network (WAN) connections are used to connect geographically separate networks. When a device on one network wants to communicate with a device on a different network or remote site, traffic has to traverse one or more WAN links. Unlike a local area network (LAN), a service provider typically provides the physical WAN connections. In this chapter, the study is conducted on the WAN connection requirements, topologies, and specifications. The Cisco Access Server product line, the routers that are currently available, and where the products fall within the Cisco product set are reviewed. Some of the remote access options that are currently available are also reviewed. The issues when planning the design, implementation, and installation of a Cisco remote access network, as well as identifying suitable equipment for each site that should be considered are detailed.

What are the problems that network administrators face?

Security and access control is one of the problems that today's network administrators are facing. As networks expand and more networking devices need to be managed, scalability issues arise, particularly if access to these devices is to be centrally managed. As telecommuting becomes more popular, remote access solutions such as dial-up Public Switched Telephone Network (PSTN) and Integrated Services Digital Network (ISDN) connections on network access servers (NAS) need to be managed; the need to keep information internal and private is becoming an absolute necessity due to competitiveness in businesses. This can be accomplished by implementing a security solution known as a firewall— a network device that controls and monitors access to areas of a network—which determines the type of traffic that can enter or leave the network and that can get into the network from the outside. The way Cisco has made it possible to run a software package that includes a built-in firewall is presented.

What is Cisco Teleworker?

The Cisco Teleworker solution is based on Cisco OEAP ( OfficeExtend AP) feature which is specifically designed for a teleworker, who primarily uses wireless devices. The solution consists of the following components:

What is a Cisco Teleworker controller?

For the most flexible and secure deployment of Cisco Teleworker solution deploy a dedicated controller using Cisco Catalyst 9800 Series Controllers or Cisco AireOS Wireless Controllers. In the dedicated design model, the controller is directly connected to the Internet edge demilitarized zone (DMZ) and traffic from the Internet is terminated in the DMZ versus on the internal network, while client traffic is still directly connected to the internal network.

How to configure WLC for NAT?

To configure the WLC for NAT, perform the following steps: Step 1: On the C9800 WLC GUI navigate to Configuration → Interface→ Wireless. Step 2: Click on the Management interface to open the Edit Management Interface dialog box. Step 3: Click on NAT Status to Enabled.

How does a WLC communicate with a DMZ?

The Wireless LAN Controller and Access Points communicate through CAPWAP protocol and when a WLC is placed in a DMZ behind a corporate firewall then it must allow CAPWAP Control and CAPWAP Data traffic through the firewall to the Wireless LAN Controller in order to establish the communication.

How to use FlexConnect with AP?

Then Name the site tag and select the AP Join Profile and Flex Profile then click Apply.

How to create a controller profile?

Create a Controller Profile. Step 1: Go to http://software.cisco.com and login via cisco.com account. Step 2: Navigate to Network Plug and Play > Plug and Play Connect. Step 3: Then click on Controller Profiles> + Add Profile to create a new controller profile.

What happens when you reboot an access point?

Note: The Access Point will reboot and after reboot, it will operate as a Teleworker/OfficeExtend Access Point.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9