Virtual Private Networks; Cisco Vpn Capabilities; Implementation Prerequisites - HP T5720 - Compaq Thin Client User Manual

Virtual Private Networks

Advancements in computer networking have significantly changed the way people and organizations
communicate and access information. Networks have become critical resources in many
organizations, providing real-time communications and access, through both the Internet and
enterprise intranets. As organizations take advantage of the benefits of making information available,
they increasingly turn to virtual private networks (VPNs) to protect valuable proprietary information.
They also might be responsible for complying with government regulations related to data privacy.
VPN refers to an array of technologies that provide encryption and encapsulation of data through an
otherwise unsecured network (such as the internet). However, both encryption and encapsulation are
generic functions that can be performed by multiple technologies and can be combined in different
implementation topologies. Thus, VPNs can vary widely from vendor to vendor.

Cisco VPN Capabilities

In this paper, we show how to use a CISCO VPN 3000 Concentrator to provide data tunneling (also
known as data encapsulation) across a public TCP/IP network, such as the Internet, to create secure
connections (tunnels) between remote users and a private corporate network.
The VPN 3000 Concentrator functions as a bidirectional tunnel endpoint:
It can receive plain packets from the private network, encapsulate them, create a tunnel, and
•
send them to the other end of the tunnel where they are unencapsulated and sent to their final
destination.
Or
It can receive encapsulated packets from the public network, unencapsulate them, and send
•
them to their final destination on the private network.
The VPN 3000 concentrator supports the most popular VPN tunneling protocols:
PPTP: Point-to-Point Tunneling Protocol
•
L2TP: Layer 2 Tunneling Protocol
•
IPSec: IP Security Protocol
•
WebVPN: VPN via an HTTPS-enabled Web browser, does not require a client
•
The concentrator also supports L2TP over IPSec, which provides interoperability with the VPN Client
provided by Microsoft. The VPN 3000 Concentrator is interoperable with other clients that conform to
L2TP/IPSec standards, but it does not formally support those clients.

Implementation Prerequisites

For the purpose of this white paper, we assume a basic network infrastructure is already in place. The
reference implementation consists of HP BladeSystem bc2000 Blade PCs and HP BladeSystem
bc2500 Blade PCs running Windows XP SP2.
Windows XPe are used as access devices.
The network topology for this reference implementation consists of a Cisco VPN 3000 concentrator
sitting between two Class-C networks: 10.1.1.xxx/24 on the public interface and 10.2.2.x on the
private interface. Details of the reference network can be found in
Configuration.
HP Compaq t5720 Thin Clients
Appendix A – CISCO 3560 Switch
(t5720) running
3