REMOTE ACCESS VPN
Remote-access VPNs allow secure access to corporate resources. It helps in establishing an encrypted tunnel across the Internet. It allows organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace, anytime.
Using Remote-Access VPNs to Improve Business Productivity
Anytime, anyplace network access gives employees great flexibility regarding to perform their job functions. VPNs allow employees to access network from home after hours and weekends to perform business functions. Using VPN technology, employees can essentially take their office wherever they go, thus improving response times and enabling work without interruptions present in an office environment.
VPNs also provide a secure solution for providing limited network access to non-employees, such as contractors or business partners. With VPNs, contractor and partner network access can be limited to the specific servers, Webpages, or files they are allowed access to, thus extending them the network access they need to contribute to business productivity without compromising network security.
Remote acccess VPN is used for accessing the external users to the internal networks. Here in this scenario the traffic which comes from Internet has to go through Firewall Which is placed in inside network of an organisation. The outbound interface(public facing Interface) of the Firewall has to allow VPN traffic. Also the pre-shared keys are to be shared to the Firewall VPN Wizard and Tunnel group name. Also we need to mention the network which are to be exposed to tunnels. Also group policies, connection policies to be mentioned which will allow tunnel traffic coming internally accordingly.
Technology Options: IPsec and SSL VPNs
There are two primary methods for deploying remote-access VPNs: IP Security (IPsec) and Secure Sockets Layer (SSL). Each method has its advantages based on the access requirements of your users and your organization's IT processes. While many solutions only offer either IPsec or SSL, Cisco ® remote-access VPN solutions offer both technologies integrated on a single platform with unified management. Offering both IPsec and SSL technologies enables organizations to customize their remote-access VPN without any additional hardware or management complexity.
SSL-based VPNs provide remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. It does not require any special-purpose client software to be pre-installed on the system; this makes SSL VPNs capable of "anywhere" connectivity from company-managed desktops and non-company-managed desktops, such as employee-owned PCs, contractor or business partner desktops, and Internet kiosks. Any software required for application access across the SSL VPN connection is dynamically downloaded on an as-needed basis, thereby minimizing desktop software maintenance.
SSL VPNs provide two different types of access: clientless and full network access. Clientless access requires no specialized VPN software on the user desktop. All VPN traffic is transmitted and delivered through a standard Web browser; no other software is required or downloaded. Since all applications and network resources are accessed through a Web browser, only Web-enabled and some client-server applications-such as intranets, applications with Web interfaces, e-mail, calendaring, and file servers-can be accessed using a clientless connection. This limited access, however, is often a perfect fit for business partners or contractors who should only have access to a very limited set of resources on the organization's network. Furthermore, delivering all connectivity through a Web browser eliminates provisioning and support issues since no special-purpose VPN software has to be delivered to the user desktop.
SSL VPN full network access enables access to virtually any application, server, or resource available on the network. Full network access is delivered through a lightweight VPN client that is dynamically downloaded to the user desktop (through a Web browser connection) upon connection to the SSL VPN gateway. This VPN client, because it is dynamically downloaded and updated without any manual software distribution or interaction from the end user, requires little or no desktop support by IT organizations, thereby minimizing deployment and operations costs. Like clientless access, full network access offers full access control customization based on the access privileges of the end user. Full network access is a natural choice for employees who need remote access to the same applications and network resources they use when in the office or for any client-server application that cannot be delivered across a Web-based clientless connection.
IPsec-based VPNs are the deployment-proven remote-access technology used by most organizations today. IPsec VPN connections are established using pre-installed VPN client software on the user desktop, thus focusing it primarily on company-managed desktops. IPSec-based remote access also offers tremendous versatility and customizability through modification of the VPN client software. Using APIs in IPsec client software, organizations can control the appearance and function of the VPN client for use in applications such as unattended kiosks, integration with other desktop applications, and other special use cases.
Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. SSL VPNs offer additional features such as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized Web portals upon login.
Remote-access VPNs allow secure access to corporate resources. It helps in establishing an encrypted tunnel across the Internet. It allows organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace, anytime.
Using Remote-Access VPNs to Improve Business Productivity
Anytime, anyplace network access gives employees great flexibility regarding to perform their job functions. VPNs allow employees to access network from home after hours and weekends to perform business functions. Using VPN technology, employees can essentially take their office wherever they go, thus improving response times and enabling work without interruptions present in an office environment.
VPNs also provide a secure solution for providing limited network access to non-employees, such as contractors or business partners. With VPNs, contractor and partner network access can be limited to the specific servers, Webpages, or files they are allowed access to, thus extending them the network access they need to contribute to business productivity without compromising network security.
Remote acccess VPN is used for accessing the external users to the internal networks. Here in this scenario the traffic which comes from Internet has to go through Firewall Which is placed in inside network of an organisation. The outbound interface(public facing Interface) of the Firewall has to allow VPN traffic. Also the pre-shared keys are to be shared to the Firewall VPN Wizard and Tunnel group name. Also we need to mention the network which are to be exposed to tunnels. Also group policies, connection policies to be mentioned which will allow tunnel traffic coming internally accordingly.
Technology Options: IPsec and SSL VPNs
There are two primary methods for deploying remote-access VPNs: IP Security (IPsec) and Secure Sockets Layer (SSL). Each method has its advantages based on the access requirements of your users and your organization's IT processes. While many solutions only offer either IPsec or SSL, Cisco ® remote-access VPN solutions offer both technologies integrated on a single platform with unified management. Offering both IPsec and SSL technologies enables organizations to customize their remote-access VPN without any additional hardware or management complexity.
SSL-based VPNs provide remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. It does not require any special-purpose client software to be pre-installed on the system; this makes SSL VPNs capable of "anywhere" connectivity from company-managed desktops and non-company-managed desktops, such as employee-owned PCs, contractor or business partner desktops, and Internet kiosks. Any software required for application access across the SSL VPN connection is dynamically downloaded on an as-needed basis, thereby minimizing desktop software maintenance.
SSL VPNs provide two different types of access: clientless and full network access. Clientless access requires no specialized VPN software on the user desktop. All VPN traffic is transmitted and delivered through a standard Web browser; no other software is required or downloaded. Since all applications and network resources are accessed through a Web browser, only Web-enabled and some client-server applications-such as intranets, applications with Web interfaces, e-mail, calendaring, and file servers-can be accessed using a clientless connection. This limited access, however, is often a perfect fit for business partners or contractors who should only have access to a very limited set of resources on the organization's network. Furthermore, delivering all connectivity through a Web browser eliminates provisioning and support issues since no special-purpose VPN software has to be delivered to the user desktop.
SSL VPN full network access enables access to virtually any application, server, or resource available on the network. Full network access is delivered through a lightweight VPN client that is dynamically downloaded to the user desktop (through a Web browser connection) upon connection to the SSL VPN gateway. This VPN client, because it is dynamically downloaded and updated without any manual software distribution or interaction from the end user, requires little or no desktop support by IT organizations, thereby minimizing deployment and operations costs. Like clientless access, full network access offers full access control customization based on the access privileges of the end user. Full network access is a natural choice for employees who need remote access to the same applications and network resources they use when in the office or for any client-server application that cannot be delivered across a Web-based clientless connection.
IPsec-based VPNs are the deployment-proven remote-access technology used by most organizations today. IPsec VPN connections are established using pre-installed VPN client software on the user desktop, thus focusing it primarily on company-managed desktops. IPSec-based remote access also offers tremendous versatility and customizability through modification of the VPN client software. Using APIs in IPsec client software, organizations can control the appearance and function of the VPN client for use in applications such as unattended kiosks, integration with other desktop applications, and other special use cases.
Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. SSL VPNs offer additional features such as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized Web portals upon login.
No comments:
Post a Comment