Cisco Secure Virtual Private Networks

Author: Andrew G. Mason
Pages: 416
Publisher: Cisco Press
ISBN: 1587050331


In our “2002 Security Year in Review: VPNs and Firewalls” article, David Flynn, Vice President of Marketing at NetScreen pointed out that : “2002 has been the year of marked VPN adoption. As distributed enterprises and service providers recognize the cost savings realized by leveraging the public Internet versus leased lines for data connections, deployments have increased from tens to hundreds of sites.” If your organization uses Cisco’s products and plans to deploy a Virtual Private Network, this book will help a lot.

About the author

Andrew G. Mason, CCIE #7144, CCDP, CSS-1, is the CEO of three UK-based companies: Mason Technologies, (resource site for Cisco Certification), and Boxing Orange. Andrew has 11 years experience in the networking industry and is currently consulting for the largest ISP in the UK. He is involved in the design and implementation of complex secure hosted solutions utilizing products from the Cisco Secure family. Andrew also holds CCSA, A+, Network+, CNA, and MCSE+Internet certifications.

An interview with Andrew G. Mason is available here.

Inside the book

The foreword written by Rick Stiffler, Manager of VPN Security Training at Cisco Systems, gives some background information on this publication. In the beginning of 2001, Cisco announced a new family of professional certificates called Cisco Qualified Specialist (CQS) and the first certificate announced was Cisco Security Specialist (CSS1). CSS1 was designed to certify general network security skills, especially intrusion detection, firewalls and VPNs. This book presents the knowledge contained in the instructor-led and e-learning courses that have the same title – Cisco Secure Virtual Private Networks (CSVPN).

Mason’s “Cisco Secure Virtual Private Networks” is the book aimed to the intermediate readers, with system administration experience. The novice users who understand the possibilities of VPN, should also find their answers in this book, but mainly the book is meant for the system administrators who are planning to deploy VPN using Cisco’s equipment. Also if you are preparing for Cisco’s certification, information provided here covers the required objectives for the CSVPN exam #9E0-570.

Virtual Private Networks are the most cost effective solution for establishing a point to point connection between the remote user and organization’s network. There are three main types of VPN’s: Access, Intranet and Extranet. Access VPNs provide remote access to organization’s intranet or extranet over a shared infrastructure, such as ISDN, DSL or cable. Intranet VPNs have the ability of linking organization’s headquarters, remote offices and branch offices to an internal network. This is done over a shared infrastructure using dedicated connections. Extranet VPNs connect customers, partners or various communities to the organization’s network. This is also done over shared infrastructure and dedicated lines, but the main difference between Intranet and Extranet Vitual Private Networks, is that Intranet VPNs allow access only to the organization’s employees.

The book is starting with the Virtual Private Networks fundamentals which cover protocols and basic topics that will be of use in the VPN deploying. IP Security Protocol (IPSec) is a framework of open standards that provides data confidentiality, integrity and authentication between peers and IP layer. As IPSec is used by Cisco IOS for enabling VPNs, overview of this protocol and its operations is presented to the reader. Additionally, this part of the book introduces the readers to Public Key Infrastructure, Certificate Authority and Digital Signatures basics.

The Cisco VPN Family of products is the topic of the second part of this book. Main components of the Cisco’s VPN offering include:

  • Cisco VPN routers – Use Cisco IOS IPSec support to enable a secure VPN
  • Cisco Secure PIX Firewall – Offers a VPN gateway alternative when the security group “owns” the VPN
  • Cisco VPN Concentrators series – Offers powerful remote access and site to site VPN capability, easy to manage interface and a VPN client
  • Cisco Secure VPN Client – The VPN Client enables secure remote access to Cisco routers and PIX Firewalls; runs on Windows operating system
  • Cisco Secure Intrusion Detection System (CSIDS) – Used for monitoring the security of the VPN
  • Cisco Secure Scanner – Used for auditing the security of the VPN
  • Cisco Secure Policy Manager and Cisco Works 2000 – These provide VPN-wide system management
Cisco’s flagship VPN related products Pix Firewall and VPN 3000 series are presented with images, diagrams and specifications. The following three chapters are placed within the third part of the book that talks about Cisco IOS VPN. In several major steps, you can learn how to configure Cisco IOS IPSec using both preshared authentication keys and a certificate authority. These configuration ways are spread over 30 pages each. A nice finishing touch for this part of the book is a chapter on troubleshooting Cisco IOS VPNs which should help with any possible problems you come across after doing the previously mentioned configurations.

In the same manner that the third part of the book talked about Cisco IOS IPSec configuration, the fourth and fifth parts are focused on the same configuration and troubleshooting options, but for the Cisco PIX Firewalls and Cisco VPN 3000 Concentrators. The difference is that the VPN Concentrators have an additional “Monitoring and Administration of Cisco VPN 3000 Remote Access Networks” chapter which is self-descriptive.

The final part of Mason’s “Cisco Secure Virtual Private Networks” teaches the readers how to configure IPSec features on the combinations of Cisco Routers, firewalls, VPN Concentrators and VPN Clients. Dynamic crypto maps, client configurations, IPSec with Network Address Translation (NAT), tunnel endpoint discovery are some of the topics covered in the last chapter.

What I think of the book

This publication is designed to give the readers basic knowledge of planning, administering and maintaining Virtual Private Networks. It does provide some general VPN related information, but as it is a written reference for the Cisco Secure Virtual Private Networks courses, book will be of a great use to the readers wanting to enable VPN with their Cisco products. The educational value of the book can be seen through a series of questions that are presented after each chapter, and can be used for testing the knowledge of the read material. All the answers are presented in the Appendix of this publication.

Don't miss