02 – Easy Server VPN 8,046 views

Posted by Mo7sin in VPN On 29/03/2013 at 9:09 PM

General Overview
Q. What is Cisco® Easy VPN?
A. Cisco Easy VPN is an IP Security (IPsec) virtual private network (VPN) solution supported by Cisco routers and security appliances. It greatly simplifies VPN deployment for remote offices and mobile workers. Cisco Easy VPN is based on the Cisco Unity® Client Framework, which centralizes VPN management across all Cisco VPN devices, thus reducing the management complexity of VPN deployments. There are three components of the Cisco Easy VPN solution: Easy VPN Client, Easy VPN Remote, and Easy VPN Server.
Q. What is Cisco Easy VPN Client?
A. The Cisco Easy VPN Client enables mobile workers to create a remote-access VPN connection to a Cisco Easy VPN Server. Cisco Easy VPN Client refers to the Cisco VPN Client, which is also commonly referred to as the Cisco Software VPN Client. For more information,

please visit http://www.cisco.com/en/US/products/sw/secursw/ps2308/index.html.

Q. What is Cisco Easy VPN Remote?
A. The Cisco Easy VPN Remote enables Cisco routers and security appliances to establish a site-to-site VPN connection to a Cisco Easy VPN Server without complex remote-side configuration. Cisco Easy VPN Remote is also commonly referred to as a hardware client. For more information, please visit http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftezvpnr.html.
Q. What is Cisco Easy VPN Server?
A. The Cisco Easy VPN Server accepts connections from Cisco Easy VPN Client and Remote, ensures that those connections have up-to-date policies in place before the connections are established. All Cisco Easy VPN Servers are interoperable with all Cisco Easy VPN Client and Remote. For more information, please visit: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr.html
Q. How does the Cisco Easy VPN solution reduce the management complexity in deploying IPsec VPNs?
A. The Cisco Easy VPN solution uses the Mode-Configuration (Mode-Config) mechanism within the Internet Key Exchange (IKE) to push policy (attributes) from the Easy VPN Server to the Easy VPN Client or Remote. Since this policy is pushed to the client or the remote every time a new tunnel is created, it makes it easier to propagate new policy changes. Mode-Config also enables the Client or the Remote to have minimal configuration in order to establish the tunnel.
Q. What types of attributes can be pushed to the Cisco Easy VPN Client or Remote through Mode-Config?
A. The attributes that can be pushed down through Mode-Config include: internal IP address, internal subnet mask, Domain Name Server (DNS) addresses, Windows Internet Name Service (WINS) addresses, backup server list, domain name, client firewall policy, Cisco IOS® Software configuration, login banner, and Split Tunneling Include List. For a complete list of Cisco Easy VPN attributes, refer to the appendix.
Q. Who can benefit from a Cisco Easy VPN solution?
A. Customers that need to deploy and manage large-scale site-to-site and remote-access VPNs should consider a Cisco Easy VPN solution because of its simplification of VPN management and configuration. Cisco Easy VPN supports quality of service (QoS) and multicast, but if there is a requirement to support dynamic routing protocols or direct spoke-to-spoke communications, Cisco recommends Dynamic Multipoint VPN (DMVPN) as the preferred site-to-site VPN solution. For more information on DMVPN, please visit http://www.cisco.com/go/dmvpn.
Q. What is Cisco Enhanced Easy VPN?
A. Cisco Enhanced Easy VPN is a new method for configuring Easy VPN using Dynamic Virtual Tunnel Interface (DVTI) instead of a crypto map, which is used by traditional Easy VPN. DVTI can be used on both the Easy VPN Server and Easy VPN Remote routers. DVTI relies on the virtual tunnel interface to create a virtual access interface for every new Easy VPN tunnel. The configuration of the virtual access interface is cloned from a virtual template configuration. The cloned configuration includes the IPsec configuration and any Cisco IOS Software feature configured on the virtual template interface, such as QoS, Network Address Translation (NAT), Context-Based Access Control (CBAC) firewall, NetFlow, or access control lists (ACLs).
More details at: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl.html
Q. What benefits does DVTI bring to the Cisco Easy VPN solution?
A. Benefits are listed in Table 1.

Read more…


%d bloggers like this: