acit mumbai - understanding vpns
DESCRIPTION
http://www.acit.in/TRANSCRIPT
![Page 1: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/1.jpg)
© 1999, Cisco Systems, Inc. www.cisco.com
Module 12:Understanding Virtual Private
Networkswww.acit.in
Module 12:Understanding Virtual Private
Networkswww.acit.in
![Page 2: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/2.jpg)
12-2CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
AgendaAgenda
• What Are VPNs?
• VPN Technologies
• Access, Intranet, and Extranet VPNs
• VPN Examples
![Page 3: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/3.jpg)
12-3CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Service Provider Shared
Network
VPNVPN
Internet, IP, FR, ATM
What Are VPNs?What Are VPNs?
• Virtual Private Networks (VPNs) extend the classic WAN
• VPNs leverage the classic WAN infrastructure, including Cisco’s family of VPN-enabled routers and policy management tools
• VPNs provide connectivity on a shared infrastructure with the same policies and “performance” as a private network with lower total cost of ownership
![Page 4: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/4.jpg)
12-4CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
• Extends private network through public Internet
• Lower cost than private WAN
• Relies on tunneling and encryption
Internet
Hong Kong
Paris
IP Packet(Private,
Encrypted)
IP Header (Public)
Virtual Private NetworksVirtual Private Networks
![Page 5: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/5.jpg)
12-5CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Why Build a VPN? Why Build a VPN?
• Company information secured
• Lower costs– Connectivity costs
– Capital costs
– Management and support costs
• Wider connectivity options
• Speed of deployment
![Page 6: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/6.jpg)
12-6CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
ReducedNetworking
Costs
IncreasedNetwork
Flexibility
Mobile UsersMobile Users
TelecommutersTelecommuters
Organizational Organizational ChangesChanges
Mergers/Mergers/AcquisitionsAcquisitions
ExtranetsExtranets
IntranetsIntranets
What’s Driving VPN Offerings?What’s Driving VPN Offerings?
![Page 7: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/7.jpg)
12-7CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Who Buys VPNs?Who Buys VPNs?
• Organizations wishing to:– Implement more cost-
effective WAN solutions
– Connect multiple remote sites
– Deploy intranets
– Connect to suppliers, business partners, and customers
– Get back to their core business, and leave the WAN to the experts
– Lower operational and capital equipment costs
Businesses with:Businesses with:• Multiple branch Multiple branch
office locationsoffice locations
• TelecommutersTelecommuters
• Remote workersRemote workers
• Contractors and Contractors and consultantsconsultants
![Page 8: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/8.jpg)
12-8CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Networked ApplicationsNetworked Applications
• Traditional applications– E-mail
– Database
– File transfer
• New applications– Videoconferencing
– Distance learning
– Advanced publishing
– Voice
![Page 9: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/9.jpg)
12-9CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Example of a VPNExample of a VPN
• Private networking service over a public network infrastructure
Munich Main OfficeMain Office
New York Office Milan Office
Paris Office
Internet
MobileWorkerDials to Munichover Internet
![Page 10: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/10.jpg)
© 1999, Cisco Systems, Inc. www.cisco.com
VPN TechnologiesVPN Technologies
© 1999, Cisco Systems, Inc. www.cisco.com
![Page 11: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/11.jpg)
12-11CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
SecuritySecurity
QoSQoS
VPN Technology Building Blocks
VPN Technology Building Blocks
![Page 12: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/12.jpg)
12-12CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
SecuritySecurity
• Tunnels and encryption
• Packet authentication
• Firewalls and intrusion detection
• User authentication
![Page 13: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/13.jpg)
12-13CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
SP Network/Internet
POP CorporateIntranet
• Mobile users• Telecommuters• Small remote
offices
Tunneling: L2F/L2TPTunneling: L2F/L2TP
1. User identification2. Tunnel to
home gateway
SecurityServer
3. User authentication4. PPP negotiationwith user
5. End-to-end tunnel established
HomeGW
LAC
![Page 14: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/14.jpg)
12-14CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Tunneling: Generic Route Encapsulation (GRE)
Tunneling: Generic Route Encapsulation (GRE)
• Mesh of virtual point-to-point interfaces
• Encapsulates multiprotocolpackets in IP tunnels
• Application-level QoS
• Value-added platform (new services)
• Encryption-optional tunneling
• Standard architecture for service providers with IP infrastructures
Service ProviderBackbone
Enterprise A
Enterprise A
Enterprise A
Enterprise B
Enterprise B
![Page 15: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/15.jpg)
12-15CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
What Is IPSec?What Is IPSec?
• Network-layer encryption and authentication
• Open standards for ensuring secure private communications over any IP network, including the Internet
• Provides a necessary component of a standards-based, flexible solution for deploying a network-wide security policy
• Data protected with network encryption, digital certification, and device authentication
• Scales from small to very large networks
![Page 16: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/16.jpg)
12-16CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
• Automatically negotiates policy to protect communication
• Authenticated Diffie-Hellman key exchange
• Negotiates (possibly multiple) security associations for IPSec
3DES, MD5, and RSA Signatures, OR
IDEA, SHA, and DSS Signatures, OR
Blowfish, SHA, and RSA Encryption
3DES, MD5, and RSA Signatures, OR
IDEA, SHA, and DSS Signatures, OR
Blowfish, SHA, and RSA EncryptionIDEA, SHA, and DSS SignaturesIDEA, SHA, and DSS Signatures
IKE Policy TunnelIKE Policy Tunnel
What is Internet Key Exchange (IKE)?
What is Internet Key Exchange (IKE)?
![Page 17: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/17.jpg)
12-17CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Remote User with IPSec Client
Home Gateway Router
HomeNetwork
CertificateAuthority/AAA
Public Network
Dial Access to Corporate NetworkExchange X.509 or One-Time Password
IKE Negotiation
Secure Tunnel EstablishedSecure Tunnel Established
Authentication Approved
Encrypted Data flows
IPSec VPN Client Operation
IPSec VPN Client Operation
![Page 18: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/18.jpg)
12-18CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
IPSec
L2TP
AAA Server
L2TP and IPSec Are Complementary
L2TP and IPSec Are Complementary
• IPSec creates the remote tunnel
• L2TP provides tunnel end-point authentication
• IPSec maintains encryption
• L2TP provides tunnels for non-IP traffic
• AAA services and dynamic address like DHCP
![Page 19: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/19.jpg)
12-19CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
• Widely adopted standard
• Encrypts plain text, which becomes cyphertext
• DES performs 16 rounds
• Triple DES (3DES)– The 56-bit DES algorithm runs three times
– 112-bit triple DES includes two keys
– 168-bit triple DES includes three keys
• Accomplished on a VPN client, server, router, or firewall
Encryption: DES and 3DES
Encryption: DES and 3DES
![Page 20: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/20.jpg)
12-20CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
• All traffic from inside to outside and vice versa must pass through the firewall
• Only authorized traffic, as defined by the local security policy, is allowed in or out
• The firewall itself is immune to penetration
FirewallsFirewalls
![Page 21: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/21.jpg)
12-21CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
User AuthenticationUser Authentication
• Centralized security database (AAA services)• High availability• Same policy across many access points• Per-user access control• Single network login• Support for: TACACS+, RADIUS (IETF), Kerberos, one-time password
TACACS+
RADIU
S
TACACS+
RADIUS
ID/User ID/User ProfileProfileID/User ID/User ProfileProfileID/User ID/User ProfileProfile
ID/User ID/User ProfileProfileID/User ID/User ProfileProfileID/User ID/User ProfileProfile
AAAServer
Dial-In User
NetworkAccess Server
Campus
Internet UserGatewayRouter Firewall
Intercept Connections
Public Network
Internet
![Page 22: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/22.jpg)
12-22CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
VoicePremium IPBest Effort
Tunnel
Conforming TrafficConforming Traffic
PacketClassification
CAR
PacketClassification
CAR
TrafficPolicing
CAR
TrafficPolicing
CAR
CongestionAvoidance
WRED
CongestionAvoidance
WRED
TunnelLayer 2TPIPSec, GRE
TunnelLayer 2TPIPSec, GRE
AAACA
PBX
VPNs and Quality of Service
VPNs and Quality of Service
![Page 23: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/23.jpg)
© 1999, Cisco Systems, Inc. www.cisco.com
Access, Intranet, and Extranet VPNsAccess, Intranet,
and Extranet VPNs
© 1999, Cisco Systems, Inc. www.cisco.com
![Page 24: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/24.jpg)
12-24CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Type
Remote access VPN
Application
Mobile users
Remote connectivity
Alternative To
Dedicated dial
ISDN
Intranet VPN
Extranet VPN
Site-to-site
Internalconnectivity
Leased line
Business-to-business
External connectivity
Fax
EDI
TimeUbiquitous
access,lower cost
Benefits
Extend connectivity,
lower cost
Facilitates e-commerce
Three Types of VPNsThree Types of VPNs
![Page 25: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/25.jpg)
12-25CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Enterprise
DMZ
Web ServersDNS Server
STMP Mail Relay
AAACA
Service Provider A
SmallOffice
Mobile Useror Corporate
Telecommuter
UbiquitousAccess• Modem, ISDN• xDSL, Cable
PotentialOperations
andInfrastructure Cost Savings
Client Initiated or NAS Initiated
Access VPNsAccess VPNs
![Page 26: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/26.jpg)
12-26CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
SP Network/Internet
POPCorporateIntranet
Mobile Usersand Telecommuters
Access VPN Operation Overview
Access VPN Operation Overview
1. VPN identification 2. Tunnel tohome gateway
SecurityServer
3. User authentication4. PPP negotiationwith user
5. End-to-end tunnel established
HomeGateway
NAS
![Page 27: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/27.jpg)
12-27CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Access VPN Basic Components
Access VPN Basic Components
Dial Client(PPP Peer)
AAA Server(RADIUS/TACACS+)
ISDN
ASYNC
L2TP AccessConcentrator
AAA Server(RADIUS/TACACS +)
L2TP Network Server (Home Gateway)Home Gateway)
![Page 28: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/28.jpg)
12-28CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Internet
CorporateNetwork
Encrypted IP
• Encrypted tunnel from the remote client to the corporate network
• Independent of access technology
• Standards compliant– IPSec encapsulated tunnel
– IKE key management
Client-Initiated Access VPNClient-Initiated Access VPN
![Page 29: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/29.jpg)
12-29CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Client-Initiated VPNsClient-Initiated VPNs
• Pros:– Use same hardware for dedicated access
– Dedicated encryption hardware in firewall for performance
• Cons:– Management of IPSec PC client
– Security must be initiated by user
![Page 30: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/30.jpg)
12-30CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
NAS-Initiated Access VPNNAS-Initiated Access VPN
NASusername@domain
HomeGateway
IP Network
![Page 31: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/31.jpg)
12-31CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
NAS-Initiated VPNsNAS-Initiated VPNs
• Pros:
– No PC client software to manage
– Premium services
– VPN and Internet access at the NAS
– More scalable and manageable
• Cons:
– Users can connect only to certain POPs
![Page 32: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/32.jpg)
12-32CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Enterprise
DMZ
Web ServersDNS Server
STMP Mail Relay
AAACA
RemoteOffice
Service Provider A
RegionalOffice
Potential Operations and Infrastructure
Cost Savings
Extends the Corporate IP Network Across a
Shared WAN
The Intranet VPNThe Intranet VPN
![Page 33: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/33.jpg)
12-33CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
BusinessPartner
Enterprise
DMZ
Web ServersDNS Server
STMP Mail Relay
AAACA
Service Provider A
Service Provider B
Extends Connectivityto Business Partners,
Suppliers, and Customers Security PolicyVery Important
Supplier
The Extranet VPNThe Extranet VPN
![Page 34: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/34.jpg)
12-34CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Intranet and Extranet VPNsIntranet and Extranet VPNs
• Multiple users, multiple sites, and potentially multiple companies or multiple communities of interest
• Dedicated connections
• Flexible architecture options– IP tunnels with IPSec or GRE
– Managed router service with Frame Relay or ATM virtual circuits
– Tag Switching/MPLS
![Page 35: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/35.jpg)
12-35CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Comparing the TypesComparing the Types
IntranetIntranetAccess VPNAccess VPN
NAS-InitiatedNAS-Initiated
ExtranetExtranetTypeType
Client-Client-InitiatedInitiated
Router-Router-InitiatedInitiated
XX
XX XX
XX
XX
XX
XX
XX
![Page 36: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/36.jpg)
© 1999, Cisco Systems, Inc. www.cisco.com
VPN ExamplesVPN Examples
© 1999, Cisco Systems, Inc. www.cisco.com
![Page 37: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/37.jpg)
12-37CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Primary Hospital
Remote Centers
Remote Center
Public Network
Private Network
Challenge—Low-cost means for connecting remote sites with primary hospital
Health Care Company Intranet Deployment
Health Care Company Intranet Deployment
![Page 38: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/38.jpg)
12-38CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
• IPSec encrypts traffic fromremote sites to the enterprise using any application
• IPSec may be combined with other tunnel protocols, e.g., GRE
• Telecommuters can gain secure, transparent access to the corporate network
Public Network
Challenge—Cost-effective means for connecting branch offices and telecommuters to the corporate network
Branch Office or TelecommutersBranch Office or Telecommuters
![Page 39: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/39.jpg)
12-39CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Monthly long-distanceMonthly long-distance charges per minutecharges per minute
Avg. use per day, perAvg. use per day, per user (min)user (min)
Traditional DialupTraditional Dialup Access VPNAccess VPN
Number of usersNumber of users
Remote access serverRemote access server
One-time installation One-time installation fee: 10 phone linesfee: 10 phone lines
2020
$4,600$4,600
$1,000$1,000
$5,000$5,000
2020
$3,000$3,000
$1,000$1,000
Number of usersNumber of users
Access router, T1/E1,Access router, T1/E1, DSU/CSU, firewallDSU/CSU, firewall
VPN client software VPN client software ($50/user)($50/user)
T1/E1 installationT1/E1 installation
$0.10$0.10
9090
Central site T1/E1Central site T1/E1 Intranet accessIntranet access
Monthly ISP accessMonthly ISP access ($20/user)($20/user)
$2,500$2,500
$400$400
Traditional Dialup Versus Access VPN
Traditional Dialup Versus Access VPN
![Page 40: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/40.jpg)
12-40CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
Traditional Dial-UpTraditional Dial-Up Access VPNAccess VPN
Number of usersNumber of users
Remote access serverRemote access server
One-time installation One-time installation fee-10 phone linesfee-10 phone lines
2020
$4,600$4,600
$1,000$1,000
$5,000$5,000
2020
$3,000$3,000
$1,000$1,000
Number of usersNumber of users
Access router, T1/E1,Access router, T1/E1, DSU/CSU, firewallDSU/CSU, firewall
VPN client software VPN client software ($50/user)($50/user)
T1/E1 installationT1/E1 installation
Monthly long distanceMonthly long distance charges per minutecharges per minute
Avg. use per day perAvg. use per day per user (min)user (min)
$0.10$0.10
9090
Central site T1/E1Central site T1/E1 Intranet accessIntranet access
Monthly ISP accessMonthly ISP access ($20/user)($20/user)
$2,500$2,500
$400$400
One-time capital cost $4,000One-time capital cost $4,000 One-time capital cost $10,600One-time capital cost $10,600
Recurring cost $5,400Recurring cost $5,400 Recurring cost $2,900Recurring cost $2,900
Traditional Dialup Versus Access VPN
Traditional Dialup Versus Access VPN
![Page 41: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/41.jpg)
12-41CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
0
$20,000
$40,000
$60,000
$80,000
Traditional
VPN
1 2 3 4 5 6 7 8 9 10 11 12
Month
Payback in 3 months!!
Total Cost
VPN PaybackVPN Payback
![Page 42: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/42.jpg)
12-42CSE: Networking Fundamentals—VPNs © 1999, Cisco Systems, Inc. www.cisco.com
SummarySummary
• VPNs reduce costs
• VPNs improve connectivity
• VPNs maintain security
• VPNs offer flexibility
• VPNs are reliable
![Page 43: Acit Mumbai - understanding vpns](https://reader034.vdocument.in/reader034/viewer/2022052522/547a03cab4af9fa5158b49a4/html5/thumbnails/43.jpg)
43Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com