Exam (elaborations) TEST BANK & SOLUTIONS GUIDE FOR Redes- Cisco Secure VPN Client (Exam Certification Guide)

The Cisco Secure VPN Client is a software component in either an extranet Virtual Private Network (VPN) or a client-initiated access VPN. VPNs allow for private data to be encrypted and transmitted securely over a public network. With the Cisco Secure VPN Client, you can establish an encrypted tunnel between a client and a router using static or dynamic IP addresses. This technology overview contains the following sections: 2 What is a Virtual Private Network? 2 Types of Virtual Private Networks 2 What is the Cisco Secure VPN Client? 2 Interoperability with Cisco Routers 2 System Requirements 2 Benefits ;(     A Virtual Private Network (VPN) is a network that extends remote access to users over a shared infrastructure. VPNs maintain the same security, prioritizing, manageability, and reliability as a private network. They are the most cost-effective method of establishing a point-to-point connection between remote users and an enterprise customer's network. VPNs based on IP meet business customers' requirements to extend intranets to remote offices, mobile users, and telecommuters. Further, they can enable extranet links to business partners, suppliers, and key customers for greater customer satisfaction and reduced business costs.

  
    5*6      5*6      The three basic types of VPNs, discussed in this section, are access VPNs, intranet VPNs, and extranet VPNs. 2 Access VPNs—Provide secure connections for remote access for individuals (for example, mobile users or telecommuters), a corporate intranet, or an extranet over a shared service provider network with the same policies as a private network. For more information, refer to “Access VPNs.” 2 Intranet VPNs—Connect corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Businesses enjoy the same policies as a private network, including security, quality of service (QoS), manageability, and reliability. For more information, refer to “Intranet VPN.” 2 Extranet VPNs—Link customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure using dedicated connections. For more information, refer to “Extranet VPN.” ,  There are two types of access VPNs, network access server (NAS)-initiated and client-initiated. 2 Client-initiated—Remote users use clients to establish an encrypted IP tunnel across the Internet service provider’s (ISP) shared network to the enterprise customer's network. The main advantage of client-initiated VPNs over NAS-initiated VPNs is that they use encrypted tunneling to secure the connection between the client and the ISP over the PSTN. Figure 1-1 shows the Cisco Secure VPN Client in a client-initiated access VPN topology. The client establishes a PPP connection with the ISP’s NAS, an IKE Mode Configuration session occurs, then an encrypted tunnel is established over the PSTN. Client-initiated access VPNs with the Cisco Secure VPN Client are covered in Chapter 6, “Using Internet Key Exchange Mode Configuration: A Business Case.”
    2 NAS-initiated—Remote users dial in to the ISP’s NAS. The NAS establishes an encrypted tunnel to the enterprise's private network. NAS-initiated VPNs allow users to connect to multiple networks by using multiple tunnels, and do not require the client to maintain the tunnel-creating software. NAS-initiated VPNs do not encrypt the connection between the client and the ISP, but rely on the security of the PSTN. Figure 1-2 shows a NAS-initiated access VPN topology. Because the Cisco Secure VPN Client is not required for a NAS-initiated access VPN solution, it is not a component of this network. The disadvantage of NAS-initiated access VPNs is that the PSTN is not secured. 28491 = encrypted tunnel = serial line PSTN Internet PPP Remote user with Cisco Secure VPN client NAS ISP Enterprise PPP

  
    5*6     
    /  An intranet is a network for business that is internal to a company. It delivers the most current information and services available to a company’s networked employees. Intranets offer a common, platform-independent interface, which is less costly to implement than a client/server application. Intranets also increase employees’ productivity by allowing for a reliable connection to consistent information. Intranet VPNs are used to allow the the same security and connectivity for a corporate headquarters, a remote office, and a branch office as you would have with a private network. Figure 1-3 shows an intranet VPN topology. Because the Cisco Secure VPN Client acts as the client component in a client/server application, with the router functioning as a server, it is not commonly used in an intranet VPN scenario. Also, the Cisco Secure VPN Client is not necessary for secure encryption over an intranet between two routers–an IPSec tunnel will suffice. It is, however, possible for the client to negotiate a more strict transform set than the router-to-router transform set, depending on the level of security required between the host and destination. For information on creating an intranet VPN, refer to the “Intranet VPN Scenario” chapter of the Cisco 7100 VPN Configuration Guide.
    0  An extranet is an intranet that extends limited access to customers, suppliers, and partners. Extranets differ from intranets in that they allow access to users outside of the enterprise. By allowing greater access to the resources that are available to customers, suppliers, and partners, companies with extranet VPNs can actually improve their customer satisfaction and reduce business costs at the same time. 28492 = encrypted tunnel = serial line PSTN Internet PPP Remote user NAS ISP Enterprise PPP 28493 Internet Corporate headquarters Remote office = encrypted tunnel = serial line

  
    ;((
  
 Figure 1-4 shows the Cisco Secure VPN Client in an extranet VPN topology. Using digital certificates, clients establish a secure tunnel over the Internet to the enterprise. A certification authority (CA) issues a digital certificate to each client for device authentication. Telecommuters, remote users, extranet partners, and remote offices are checked for authentication, then authorized to access information relevant to their function. While the telecommuters might use static IP addresses, the remote users might use dynamic IP addresses. Extranet VPNs with the Cisco Secure VPN Client begin coverage in Chapter 3, “Using Digital Certificates: Business Case Introduction.”  While this solutions guide uses digital certificates to describe an extranet VPN scenario, it is possible to use digital certificates for device authentication in all types of VPNs. Client-initiated access VPNs, intranet VPNs, and extranet VPNs all support digital