VPN, or Virtual Private Network, is a technology
used to connect two private networks over a public network such as the Internet.
A site-to-site VPN allows offices in multiple fixed
locations to establish secure connections with each other over a public network
such as the Internet. Here are
two types of site-to-site VPNs:
·
Intranet-based -- If a company has one or more remote locations that
they wish to join in a single private network, they can create an intranet VPN
to connect each separate LAN to a
single WAN.
·
Extranet-based
-- When a company has a close relationship with another company (such as a
partner, supplier or customer), it can build an extranet VPN that connects
those companies' LANs. This extranet VPN allows the companies to work together
in a secure, shared network environment while preventing access to their separate intranets.
The difference between Remote Access VPN and
Site to Site VPN:
This is How IPsec works (SITE-TO-SITE VPN)
NETWORK A -- PIX ===== tunnel ======= ASA -- NETWORK B
Network A sends traffic destined to Network B.
PIX receives the packet and understands that it needs to build a VPN Tunnel to the ASA.
The PIX sends it’s Phase-1 Information to the ASA.
The ASA sends it’s Phase-1 Information to the PIX.
The PIX and the ASA will keep doing Steps 3 & 4 until they agree on a Phase-1 Policy.
If the PIX and the ASA agrees on a Phase-1 Policy, the Phase-1 Tunnel comes up.
Inside the Phase-1 Tunnel, the PIX sends it’s Phase-2 Information to the ASA.
Inside the Phase-1 Tunnel, the ASA sends it’s Phase-2 Information to the PIX.
Inside the Phase-1 Tunnel, the PIX and the ASA will keep doing Steps 7 & 8 until they agree on a Phase-2 Policy.
If the PIX and the ASA agrees on a Phase-2 Policy, the Phase-2 Tunnel is built inside the Phase-1 Tunnel.
After Phase-2 Tunnel is built, Network A & Network B can now communicate using VPN
REMOTE ACCESS VPN:
- you are going to connect to the VPN using VPN client software and need the following information below
VPN Group Name:
VPN Group Password:
IP Pool Name:
IP Pool Range:
VPN Client XAUTH Username:
VPN Client XAUTH Authentication Password:
This is How IPsec works (SITE-TO-SITE VPN)
NETWORK A -- PIX ===== tunnel ======= ASA -- NETWORK B
Network A sends traffic destined to Network B.
PIX receives the packet and understands that it needs to build a VPN Tunnel to the ASA.
The PIX sends it’s Phase-1 Information to the ASA.
The ASA sends it’s Phase-1 Information to the PIX.
The PIX and the ASA will keep doing Steps 3 & 4 until they agree on a Phase-1 Policy.
If the PIX and the ASA agrees on a Phase-1 Policy, the Phase-1 Tunnel comes up.
Inside the Phase-1 Tunnel, the PIX sends it’s Phase-2 Information to the ASA.
Inside the Phase-1 Tunnel, the ASA sends it’s Phase-2 Information to the PIX.
Inside the Phase-1 Tunnel, the PIX and the ASA will keep doing Steps 7 & 8 until they agree on a Phase-2 Policy.
If the PIX and the ASA agrees on a Phase-2 Policy, the Phase-2 Tunnel is built inside the Phase-1 Tunnel.
After Phase-2 Tunnel is built, Network A & Network B can now communicate using VPN
REMOTE ACCESS VPN:
- you are going to connect to the VPN using VPN client software and need the following information below
VPN Group Name:
VPN Group Password:
IP Pool Name:
IP Pool Range:
VPN Client XAUTH Username:
VPN Client XAUTH Authentication Password:
Reference:
