Establish a VPN connection using the Cisco ASA 5500 Series (1)

This article mainly introduces the technologies of VPN connection threat defense, Cisco Remote Access VPN solution, ssl vpn, and IPSec-based remote access. It also introduces how to connect to VPN.

Cisco? The ASA 5500 Series Adaptive Security devices are designed for small and medium-sized enterprises (SMB) and large enterprise applications. They organically combine the highest security with the VPN service. Cisco ASA 5500 Series Adaptive threat defense solutions are based on firewalls, intrusion defense systems IPS) and network anti-virus functions. As a dedicated VPN platform, this solution can be used independently or in combination with other solutions.

For VPN services, the Cisco ASA 5500 Series provides flexible technologies to provide customized solutions based on remote access and site-to-site connection requirements. Cisco ASA 5500 Series provides easy-to-manage IP SecurityIPsec) and Secure Socket Layer SSL) VPN remote and network-sensitive site-to-site VPN connections, this allows enterprises to create secure connections for mobile users, remote sites, and business partners through the public network. With the Cisco ASA 5500 Series, organizations can gain internet connection and cost advantages without compromising the integrity of their security policies. The Cisco ASA 5500 Series combines VPN services with comprehensive threat elimination services to provide secure VPN connections and communications. The integrated adaptive threat defense function provides unified protection to ensure that VPN deployment is not a conductor of network attacks, such as worms, viruses, bad parts, or hackers. In addition, you can also apply detailed applications and access control policies for VPN traffic applications so that individuals and user groups can access the applications, network services, and resources they have the right to access. See figure 1 ).

Figure 1 VPN service for any deployment scheme: enhanced IPsec and ssl vpn service with threat defense

Remote Access

Cisco ASA 5500 Series provides a complete Remote Access VPN solution that supports multiple connection modes, including WebVPNSSL VPN) and Cisco VPN ClientIPSec VPN) and Nokia Symbian mobile wireless and client-less access established from Windows Mobile devices. With Cisco's remote access technology, enterprises only need to deploy an integrated platform to support a wide range of core enterprise applications, simplify management, and improve deployment flexibility.

Secure Remote connections can be established through an SSL Web browser or VPN Client. Therefore, you can achieve maximum flexibility and application access without deploying and managing independent devices. With the Cisco ASA 5500 Series security devices, enterprises can select the most appropriate technology for each user group without the need to deploy multiple solutions at the same time. With secure remote access, enterprises no longer need to establish separate platforms for both SSL and IPSec VPN, which improves efficiency and reduces costs.

IPSec-based Remote Access

Use IPSec to provide remote access to establish the most enhanced custom connection. Using IPSec, users can access almost any application, just as they have established actual connections with the Headquarters LAN. Cisco IPSec remote access is highly customizable. With the provided APIs, administrators can write execution programs and other customized programs.

Is the Cisco ASA 5500 Series A Cisco system? The most versatile IPSec-based Remote Access solution provided by the company. For IPSec deployment, because the ASA 5500 Series fully utilizes the features and features of the Cisco VPN 3000 series concentrator platform, it can provide almost identical features, but the throughput per user is higher. In addition, the ASA 5500 Series can be seamlessly integrated with the existing VPN 3000 Concentrator cluster to enable the two platforms to serve the same user group at the same time.

In addition, the Cisco ASA 5500 Series also provides new Cisco Easy VPN remote access features, such as Cisco PIX? Security Device, Cisco IOS? Vro and Cisco VPN 3000 series concentrator. Cisco Easy VPN provides a scalable, cost-effective, and Easy-to-manage unique Remote Access VPN architecture, and reduces the operating costs required by Traditional VPN solutions to maintain remote device configurations. The Cisco ASA 5500 Series devices dynamically promote the latest VPN security policies to remote VPN devices and clients to ensure that these remote endpoints implement the latest policies before establishing a connection, to achieve the highest flexibility, scalability and ease of use.

Cisco ASA 5500 Series security devices support implementation of VPN Client Security Policies and perform security checks when attempting to establish a VPN connection, including the Security policy execution status, version number, and host Security products managed by the company, such as Cisco Security Agent or personal firewall software), and then allow remote users to access the company's network. In addition, the Cisco VPN Client can restrict network connections based on the Client type, installed operating system, and the version of the Cisco VPN Client software to prevent illegal VPN clients from accessing the company's network.

The Cisco VPN Client and the Cisco VPN 3002 Hardware Client can automatically perform software updates, that is, they can trigger updates when establishing a VPN connection or update the VPN Client of the current connection as needed. This method allows enterprises to easily update the client software of remote users.

Remote Access Users can perform authentication based on the internal user database of the device, or use RADIUS or TACACS + to perform authentication through external sources. Because it is integrated with mainstream authentication services, including Microsoft Active Directory, Microsoft Windows Domains, Kerberos, and Lightweight Directory Access Protocol LDAP, and RSA SecurID, user authentication is not required through an independent RADIUS/TACACS + server.

SSL VPN

The Cisco ASA 5500 Series provides core ssl vpn functions for both client-less and full-network access deployment. Non-client access is applicable to non-corporate desktops, such as external network systems and public access points. Full network access is applicable to remote access users who require consistent "Lan-type" user experience and access to all applications or network resources. SSL-based full network access is provided through the Cisco ssl vpn Client for WebVPN, which is similar to the IPSec VPN Client, but does not require pre-installed VPN Client software.

Ssl vpn only uses the Web browser and its local SSL encryption, and can remotely access network resources from anywhere on the Internet without the need to pre-install the VPN Client software. Using the WebVPN supported on the Cisco ASA 5500 Series, you can easily access a variety of enterprise applications, including Web resources, Web applications, and NT/Active Directory file sharing Web applications), email, and other TCP-based applications, such as Telnet or Windows Terminal Services from any computer that is connected to the Internet and can reach an HTTP Internet site. WebVPN uses SSL and its subsequent Product Transport Layer SecurityTLS) to establish a secure connection between remote users and special internal resources of the central site. After using WebVPN to establish a secure connection, you can access the network from any system without installing other desktop software.