Scribd Logo
Upload

Welcome to Scribd!

  • Cisco SNF Main Office and Mobile Worker Topologies: Cisco Secure Network Foundation Smart Designs

    Uploaded by

    Ryan Belicov
    22 views15 pages
    it

    Original Title

    SMBEN20S04L03

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    it

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views15 pages

    Cisco SNF Main Office and Mobile Worker Topologies: Cisco Secure Network Foundation Smart Designs

    Uploaded by

    Ryan Belicov
    it

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Cisco SNF Main Office and Mobile Worker Topologies

    Cisco Secure Network Foundation Smart Designs

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-1

    Lesson Overview
    Upon completing this lesson, you will be able to apply Main Office with Cisco ASA topologies, including mobile workers. This ability includes being able to meet these objectives:
    Articulate relevant Main Office Hybrid model topology of the SNF Architecture Guide Compare integrated and hybrid topologies and capabilities Identify VPN technologies, services, and features

    Describe mobile worker topologies and VPN options

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-2

    Main Office with Cisco ASA and Security

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-3

    Main Office with Cisco ASA (Hybrid Model)


    Internet
    WAN interface

    WAN router

    Cisco ASA firewall DMZ

    Aggregation switch

    DMZ VLAN DMZ servers

    Access switches

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-4

    Comparison of Integrated and Hybrid Architectures


    Function
    Use of Cisco ASA as firewall appliance

    Integrated Model
    No

    Hybrid Model
    Yes

    VPN type: DMVPN termination


    VPN type: Easy VPN gateway VPN type: SSL VPN gateway Firewall Intrusion prevention system (optional)

    WAN router
    WAN router WAN router WAN router WAN router

    WAN router
    Cisco ASA Cisco ASA Cisco ASA Cisco ASA

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-5

    VPN Options
    Branch Office
    DMVPN Easy VPN
    2 WAN connections

    DMVPN HUB
    DMVPN tunnel (split tunnel) DMVPN Tunnel (split tunnel) Easy VPN connection (split tunnel) GE Standby router Active/Standby ASA (in Hybrid model) Easy VPN/SSL VPN Gateway Aggregation switches SSL VPN connection or Easy VPN connection GE Primary router

    Teleworker
    Easy VPN

    DMVPN branch
    Single WAN connections

    Mobile user
    SSL VPN
    Easy VPN

    Easy VPN branch

    Easy VPN connection


    Teleworker (Easy VPN) Mobile worker (Easy VPN Client, or SSL VPN)

    Main Office (Hybrid)

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-6

    Comparison of VPN Services and Features


    *Major infrastructure functionality supported at business locations Function Dynamic routing Business Location Main Office Yes Branch Office Teleworker Mobile Worker No Yes (Easy VPN No branch does not need routing) Yes Yes Yes Yes Yes Yes No No Yes Yes Yes

    VPN (DMVPN) VPN (Easy VPN) VPN (SSL VPN) QoS Voice ready

    Yes Yes Yes Yes Yes

    Video ready
    Multicast Firewall Intrusion prevention system Infrastructure security GUI-based configuration

    Yes
    Yes (source) Yes Yes Yes Yes

    Yes
    Yes (destination) Yes Yes Yes Yes

    Yes
    No Yes No Yes Yes

    Yes
    NA Yes (Firewall on laptop) NA NA NA

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-7

    Mobile Worker Topologies

    Ethernet, or wireless connection to broadband network (hotel, airport, Wi-Fi booths)

    Mobile worker with Easy VPN

    Ethernet, or wireless connection to broadband network (hotel, airport, Wi-Fi booths)

    Mobile worker with SSL VPN (AnyConnect client)

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-8

    Secure Connectivity via Easy VPN

    Easy VPN Gateway


    VPN policies 2800 ISR

    Easy VPN remote client


    800 ISR

    Teleworker

    Easy VPN remote client


    (Software-based) VPN policies Mobile worker

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-9

    Mobile Worker with VPN Client


    Ethernet, or wireless connection to broadband network in hotel, airport, Wi-Fi booths Mobile worker with Easy VPN

    WAN link Redundancy Redundancy technology L3 or L2 forwarding Easy VPN client Firewall IPS Upstream traffic shaping (via HQoS) QoS to support voice IP telephony
    2008 Cisco Systems, Inc. All rights reserved.

    Functionality support by the VPN client

    No NA

    No (user needs to re-establish connection)


    NA L3 (from laptop) Yes

    Yes (on laptop)


    No (laptop may have virus protection software) No No (Best Effort voice only) Yes (Softphone application on laptop)
    SMBEN v2.04-10

    Mobile Worker with SSL VPN


    Ethernet, or wireless connection to broadband network in hotel, airport, Wi-Fi booths Mobile worker with SSL VPN (AnyConnect client)

    WAN link Redundancy Redundancy technology L3 or L2 forwarding SSL VPN client (AnyConnect) Firewall No

    Functionality support by the VPN client No (user needs to re-establish connection) NA L3 (from laptop) Yes (Clientless SSL VPN possible) Yes (on laptop) No (laptop may have virus protection software) No No (Best effort voice only) Yes (Softphone application on laptop)
    SMBEN v2.04-11

    IPS
    Upstream traffic shaping (via HQoS) QoS to support voice IP telephony
    2008 Cisco Systems, Inc. All rights reserved.

    Q&A

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-12

    Lesson Summary

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-13

    Lesson Summary
    The Main Office Hybrid model is similar to the integrated model except for its use of a dedicated firewall appliance (Cisco ASA). A comparison of the Integrated and Hybrid models reveals that the Hybrid model takes advantage of the firewall appliance. Secure Network Foundation (SNF) 2.0 uses multiple VPN technologies suitable for diverse environments. Smart Design offers a choice of two VPN technologies to a mobile worker: Easy VPN or SSL VPN.

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-14

    2008 Cisco Systems, Inc. All rights reserved.

    SMBEN v2.04-15

    You might also like