Types of Remote Access VPN and Its Implementations

Types of Remote Access VPN and Its Implementations

This post is on Types of Remote Access VPN and Its Implementations. We also compare remote access VPNs with IPsec and SSL is also made.

 Remote Access VPN Types

VPNs became the logical solution for remote access connectivity for many reasons. VPNs provide secure communications with access rights tailored to individual users, such as employees, contractors and partners. They also increase productivity by extending the network and business applications securely, while reducing communication costs and increasing flexibility.

Basically, with VPN technology, employees can take the office with them, including access to email and network applications. VPNs also allow contractors and partners to have limited access to the servers, web pages or specific files required. This network access allows them to contribute to the company's productivity without compromising network security.
There are two main methods to implement VPN remote access:

1. Secure Sockets Layer (SSL)
2. IP Security (IPsec)

The type of VPN method implemented is based on user access requirements and the organization's IT processes.
Both VPN technology with SSL and VPN technology with IPsec offer access to virtually any application or network resource. VPNs with SSL offer features such as easy connectivity from desktop computers not managed by the company, low or no maintenance of desktop software and web portals customized by the user when logging in.

CISCO SSL VPN

Cisco IOS VPN with SSL is the first VPN-based SSL solution based on routers in the industry. It offers connectivity from any location.
The SSL protocol supports various cryptographic algorithms for operations, such as server and client authentication with each other, certificate transmission and session key setting. Cisco SSL VPN solutions can be customized for businesses of any size.
These solutions offer many features and advantages of remote access connectivity:

• Full network access, without clients and web-based, without previously installed desktop software.
• Protection against viruses, worms, spyware and hackers on a VPN connection by integrating network and terminal security into the Cisco SSL VPN platform.
• Use of a single device for both VPN with SSL and VPN with IPsec.

Cisco IOS VPN with SSL is a technology that provides remote access through a web browser and the native SSL encryption of the web browser. Alternatively, you can provide remote access through the Cisco AnyConnect Secure Mobility Client software .

Cisco ASA provides two main modes of implementation found in Cisco SSL VPN solutions, as shown in the illustration:

• Cisco AnyConnect Secure Mobility Client with SSL : requires the Cisco AnyConnect client.
• Cisco Secure Mobility Clientless SSL VPN : requires an Internet browser.
• Cisco ASA must be configured to support the VPN connection with SSL.

REMOTE ACCESS TO IPSEC

Many applications require the security of a remote access VPN connection with IPsec to authenticate and encrypt data. When VPNs are implemented for remote workers and small branches, ease of implementation is critical if technical resources are not available for VPN configuration on a remote site router.

The feature of the Cisco Easy VPN solution offers flexibility, scalability and ease of use for VPNs with IPsec from site to site and remote access. The Cisco Easy VPN solution consists of three components:

• Cisco Easy VPN Server : is a router with Cisco IOS or a Cisco ASA firewall that functions as a VPN header terminal on site-to-site or remote-access VPNs.
• Cisco Easy VPN Remote : is a router with Cisco IOS or a Cisco ASA firewall that functions as a remote VPN client.
• Cisco VPN Client : a compatible application on a computer that is used to access a Cisco VPN server.

Using Cisco Easy VPN Server allows mobile and remote workers who use a VPN client on their computers or use Cisco Easy VPN Remote on a perimeter router to create secure IPsec tunnels to access the central office intranet, as shown in the illustration.

CISCO EASY VPN SERVER

The Cisco Easy VPN Server allows mobile and remote workers who use VPN client software on their computers to create secure IPsec tunnels to access the central office intranet where fundamental data and applications are located.
It allows Cisco IOS routers and Cisco ASA firewalls to function as header terminals for site-to-site or remote-access VPNs.
Remote office devices use the Cisco Easy VPN Remote feature or the Cisco VPN Client application to connect to the server, which then inserts the security policies defined on the remote VPN device. This ensures that those connections have the updated policies before the connection is established.

CISCO EASY VPN REMOTE

Cisco Easy VPN Remote allows software clients or routers with Cisco IOS to function as remote VPN clients.
These devices can receive Cisco Easy VPN Server security policies, which minimizes the VPN configuration requirements in the remote location.
This cost-effective solution is ideal for remote offices with little IT support or for large-scale client local equipment (CPE) implementations where it is impractical to configure several remote devices individually.

The illustration shows three network devices with Easy VPN Remote enabled, all connected to Easy VPN Server to obtain the configuration parameters.

COMPARISON OF IPSEC AND SSL

Both VPN technology with SSL and IPsec offer access to virtually any application or network resource, as shown in the following table.

Comparison Table between IPsec and SSL.

SSL	IPsec
Web-enabled applications , file sharing, email	All applications based on IP.
Moderate to secure encryption . Key lengths from 40 bits to 256 bits.	Secure encryption . Key lengths from 56 bits to 256 bits.
Unidirectional or bidirectional authentication .	Bidirectional authentication through shared secrets or digital certificates.
The connection only requires a web browser.	The connection can be difficult for users without technical knowledge.
Any device can be connected.	Only specific devices with a specific configuration can be connected.

VPNs with SSL offer features such as easy connectivity from desktop computers not managed by the company, low or no maintenance of desktop software and web portals customized by the user when logging in.
IPsec outperforms SSL in many important ways:

• The number of applications it supports
• The strength of encryption
• The strength of authentication
• General security

When security represents a problem, IPsec is the best option. If support and ease of implementation are the main problems, consider using SSL.
IPsec and VPNs with SSL complement each other because they solve different problems. Depending on the needs, an organization can implement one or both. This complementary approach allows a single device, such as an ISR router or an ASA firewall device, to satisfy all the requirements of remote access users.