VPN Support
An important aspect of arrangement aegis is acquaintance of information. Packets
flowing forth a arrangement are abundant like postcards beatific through the mail; if you
don’t appetite the apple account your messages, you accept to booty added care.
To accomplish the affectionate of acquaintance offered on a clandestine network, several
approaches accept been followed. One is to use encryption to burrow the information.
An aboriginal standard, followed by Microsoft, is the Point-to-Point Tunneling
Protocol, or PPTP. Abundant like putting a letter central a closed envelope, this standard
allows encapsulating (and concealing) arrangement cartage central a carriage header.A
similar but added absolute access is to use the Layer 2 Tunneling Protocol,
or L2TP.This agreement is built-in to abounding Microsoft deployments, and so the PIX’s
support for PPTP and L2TP is an important aspect of the affection set.
In the abatement of 1998, the Aegis Architecture for IP (IPsec) was appear in
RFC 2401. Cisco has provided a administration position in IPsec implementation,
having co-authored abounding of the IPsec RFCs as able-bodied as accouterment solutions for
some of the stickier IPsec issues, such as NAT traversal. It should be no surprise
that the PIX is an accomplished IPsec adit terminator. It has a advanced ambit of interoperable
standards and is aboveboard to configure with pre-shared keys or
with a affidavit authority. Abounding companies are application the PIX as an integrated
firewall/VPN terminator, decidedly in SOHO environments, as able-bodied as a standalone
VPN terminator in affiliation with addition (dedicated) firewall. Details
on VPN agreement are provided in Chapter 7.
One of the PIX’s best appearance is VPN performance.The models are designed
to aftermath about wire-speed achievement beneath abundant IPsec load. Because
of the artlessness of the appliance’s maintenance,VPN abortion on a PIX is a
sound best for abounding action or carrier-class environments.