Chapter2 De ploying CiscoSecure ACS
Basic Deployment Factors for CiscoSecure ACS
2-12
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
SecurityVPNs provide the highest level of security using advanced
encryption and authentication protocols that protect data from unauthorized
access.
ScalabilityVPNs allow corporations to use remote access infrastructure
within ISPs. Therefore, corporations can add a virtually unlimited amount of
capacity without adding significant infrastructure.
Compatibility with Broadband TechnologyVPNs allow mo bile work ers,
telecommuters, and day extenders to take advantage of high-speed,
broadband connectivity, such as DSL and cable, when gaining access to their
corporate networks, providing workers significant flexibility and efficiency.
Figure 2-7 Simple VPN Configuration
There are two types of VPN access into a network, as follows:
Site-to-Site VPNsExtend the classic WAN by providing large-scale
encryption between multiple fixed sites such as remote offices and central
offices, over a public network, such as the Internet.
Remote Access VPNsPermit secure, encrypted connections between
mobile or remote users and their corporate networks via a third-party
network, such as a service provider, via VPN client software.
Generally speaking, site-to-site VPNs can be viewed as a typical W AN connection
and are not usually configured to use AAA to secure the initial connection and are
likely to use the device-oriented IPSec tunneling protocol. Remote Access VPNs,
however, are similar to classic remote connection technology (modem/ISDN) and
lend themselves to using the AAA model very effectively; see Figure2-8 on
page 2-13.
VPN concentrator
Cisco Secure
Access Control Server
Network WAN
Tunnel
63492