The principal goal of this paper is to provide best-practice information to interested parties for designing and implementing
Enterprise IP Security (IPSec) virtual private networks (VPNs). The SAFE white paper for large enterprises and the SAFE
white paper for small, midsize and remote user networks are both available at the SAFE Web site: http://www.cisco.com/go/
safe. These documents were written to provide best-practice information on network security designs. They include some
element of VPN configurations and design guidance. This document continues the discussion, examining specific design
considerations and best-practice recommendations for IPSec VPNs in networks today. Although you can read this document
without having read either of the two security design documents, it is recommended that you read the document most
appropriate to your network size before you read this document. For example, a business with a large network might look
at the enterprise SAFE white paper before reading this document. This exercise will frame the VPN conversation within the
context of overall security design. SAFE represents a system-based approach to security and VPN design. This type of
approach focuses on overall design goals and translates those goals into specific configurations and topologies. SAFE is based
on Cisco products and those of its partners.
This document begins with an overview of the architecture, and then details the specific designs under consideration. The
following designs are covered in detail:
• Remote-user VPN designs
• Small-network VPN design
• Medium-network VPN design
• Large-network VPN design (with extranet connectivity)
• Distributed large-network VPN design
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.