SSL Remote Access VPNs (Network Security) [Kindle Edition]

Jazib Frahim (Author), Qiang Huang (Author)

Book Description

Publication Date: April 4, 2011

This is the eBook version of the printed book.

SSL Remote Access VPNs

An introduction to designing and configuring SSL virtual private networks

Jazib Frahim, CCIE® No. 5459

Qiang Huang, CCIE No. 4937

Cisco® SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection.

SSL Remote Access VPNs provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network.

SSL Remote Access VPNs gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution.

Jazib Frahim, CCIE® No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security.

Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and

ISP Dial.

Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPN
Learn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS)
Evaluate common design best practices for planning and designing an SSL VPN solution
Gain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS® routers
Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers
Manage your SSL VPN deployment using Cisco Security Manager

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Networking: Security

Covers: SSL VPNs

Editorial Reviews

About the Author

Jazib Frahim, CCIE No. 5459, has been with Cisco for more than nine years. Having a bachelor’s degree in computer engineering from Illinois Institute of Technology, he started out as a TAC engineer in the LAN Switching team. He then moved to the TAC Security team, where he acted as a technical leader for the security products. He led a team of 20 engineers in resolving complicated security and VPN technologies. He is currently working as a technical leader in the Worldwide Security Services Practice of Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. He has written numerous Cisco online technical documents and has been an active member on the Cisco online forum NetPro. He has presented at Networkers on multiple occasions and has taught many on-site and online courses to Cisco customers, partners, and employees.

 

He has recently received his master of business administration (MBA) degree from North Carolina State University. He is also an author of the following Cisco Press books: Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.

 

Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Systems Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for Cisco marketleading modular Ethernet switching platforms. He has been with Cisco for almost ten years. During his time at Cisco, Qiang played an important role in a number of technology groups including the following: technical lead in the Cisco TAC security and VPN team, where he was responsible for troubleshooting complicated customer deployments in security and VPN solutions; a security consulting engineer in the Cisco Advanced Service Group, providing security posture assessment and consulting services to customers; a technical marketing engineer focusing on competitive analysis and market intelligence in network security with specialization in the emerging SSL VPN technology. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP dial. He is also one of the contributing authors of Internetworking Technologies Handbook, Fourth Edition. Qiang received a master’s degree in electrical engineering from Colorado State University.

 

Excerpt. © Reprinted by permission. All rights reserved.

Introduction

This book provides a complete guide to the SSL VPN technology and discusses its implementation on Cisco SSL VPN–capable devices. Design guidance is provided to assist you in implementing SSL VPNs in an existing network infrastructure. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices.

Toward the end of Chapters 5 and 6, common deployment scenarios are covered to assist you in deploying an SSL VPN in your network.

Who Should Read This Book?

This book serves as a guide for network professionals who want to implement the Cisco SSL VPN remote access solution in their network to allow users to access the corporate resources easily and safely. The book systematically walks you through the product or solution architecture, installation, configuration, deployment, monitoring, and troubleshooting the SSL VPN solution. Any network professional should be able to use this book as a guide to successfully deploy SSL VPN remote access solutions in their network. Requirements include a basic knowledge of TCP/IP and networking, familiarity with Cisco routers/firewalls and their command-line interface (CLI), and a general understanding of the overall SSL VPN solution.

How This Book Is Organized

Part I of this book includes Chapters 1 and 2, which provide an overview of the remote access VPN technologies and introduce the SSL VPN technology. The remainder of the book is divided into two parts.

Part II encompasses Chapters 3 and 4 and introduces the Cisco SSL VPN product lines, with guidance on different design considerations.

Part III encompasses Chapters 5 through 7 and covers the installation, configuration, deployment, and troubleshooting of the individual components that make up the SSL VPN solution.

• Part I, "Introduction and Technology Overview," includes the following chapters:

Chapter 1, "Introduction to Remote Access VPN Technologies": This chapter covers the remote access Virtual Private Network (VPN) technologies in detail. Protocols, such as the Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling Protocol (L2TP) over IPsec, and SSL VPN, are discussed to provide readers with an overview of the available remote access VPN technologies.

Chapter 2, "SSL VPN Technology": This chapter provides a technology overview of the building blocks of SSL VPNs, including cryptographic algorithms, SSL and Transport Layer Security (TLS), and common SSL VPN technologies.

• Part II, "SSL VPN Design Considerations and Cisco Solution Overview," includes the following chapters:

Chapter 3, "SSL VPN Design Considerations": This chapter discusses the common design best practices for planning and designing an SSL VPN solution.

Chapter 4, "Cisco SSL VPN Family of Products": This chapter discusses the SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS routers and provides product specifications that are focused on SSL VPNs.

• Part III, "Deploying Cisco SSL VPN Solutions," includes the following chapters:

Chapter 5, "SSL VPNs on Cisco ASA": This chapter provides details about the SSL VPN functionality in Cisco ASA. This chapter discusses clientless and full tunnel SSL VPN client implementations and focuses on Cisco Secure Desktop (CSD). This chapter also discusses the Host Scan feature that is used to collect posture information about end workstations. The dynamic access policy (DAP) feature, its usage, and detailed configuration examples are also provided. To reinforce learning, many different deployment scenarios are presented along with their configurations.

Chapter 6, "SSL VPNs on Cisco IOS Routers": This chapter provides details about the SSL VPN functionality in Cisco IOS routers. It begins by offering design guidance and then discusses the configuration of SSL VPNs in greater detail. The configurations of clientless, thin client, and AnyConnect Client modes are discussed. The second half of the chapter focuses on Cisco Secure Desktop (CSD) and offers guidance in setting up CSD features. To reinforce learning, two different deployment scenarios are presented along with their configurations. Toward the end of this chapter, SSL VPN monitoring through SDM is also discussed.

Chapter 7, "Management of SSL VPNs": This chapter discusses the central management of SSL VPN devices using Cisco Security Manager.

© Copyright Pearson Education. All rights reserved.

Product Details

• File Size: 7061 KB
• Print Length: 384 pages
• Simultaneous Device Usage: Up to 5 simultaneous devices, per publisher limits
• Publisher: Cisco Press; 1 edition (April 4, 2011)
• Sold by: Amazon Digital Services
• Language: English
• ASIN: B004V9O94Y
• Text-to-Speech: Enabled
• Amazon Best Sellers Rank: #586,031 Paid in Kindle Store (See Top 100 Paid in Kindle Store)

More About the Author

Discover books, learn about writers, read author blogs, and more.