Specifications
BETA DRAFT REVIEW—CISCO CONFIDENTIAL
Configuring Security Features
Configuring VPN
6
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide
Configuring VPN
A Virtual Private Network (VPN) connection provides a secure connection between two networks over
a public network such as the Internet. Cisco 3900 series, 2900 series, and 1900 series ISRs support two
types of VPNs: site-to-site and remote access. Remote access VPNs are used by remote clients to log in
to a corporate network. Site-to-site VPNs connect branch offices to corporate offices. This section gives
an example for each.
Remote Access VPN Example
The configuration of a remote access VPN uses Cisco Easy VPN and an IP Security (IPSec) tunnel to
configure and secure the connection between the remote client and the corporate network. Figure 1
shows a typical deployment scenario.
Figure 1 Remote Access VPN Using IPSec Tunnel
The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing
the Cisco Unity Client protocol. This protocol allows most VPN parameters, such as internal IP
addresses, internal subnet masks, DHCP server addresses, Windows Internet Naming Service (WINS)
server addresses, and split-tunneling flags, to be defined at a VPN server, such as a Cisco VPN 3000
series concentrator that is acting as an IPSec server.
A Cisco Easy VPN server–enabled device can terminate VPN tunnels initiated by mobile and remote
workers who are running Cisco Easy VPN Remote software on PCs. Cisco Easy VPN server–enabled
devices allow remote routers to act as Cisco Easy VPN Remote nodes.
1 Remote networked users
2 VPN client—Cisco 3900 series, 2900 series, or 1900 series ISR
3 Router—Provides corporate office network access
4 VPN server—Easy VPN server; for example, a Cisco VPN 3000 concentrator with outside
interface address 210.110.101.1
5 Corporate office with a network address of 10.1.1.1
6 IPSec tunnel
2
1
121782
Internet
3
4
5
6