Site-to-site VPNs connect
entire networks to each other. For example, they can connect a branch of?¬?ce network to a
company headquarters network. In the past, a leased line or Frame Relay connection
was required to connect sites, but because most corporations now have Internet access,
these connections can be replaced with site-to-site VPNs. Figure 8-2 shows an example of
a site-to-site VPN.
300 Chapter 8: Extending the Network into the WAN
Figure 8-2 Site-to-Site VPN
In a site-to-site VPN, hosts do not have Cisco VPN Client software; they send and receive
normal TCP/IP traf?¬?c through a VPN ???gateway,??? which could be a router, ?¬?rewall, Cisco
VPN Concentrator, or Cisco ASA 5500 Series adaptive security appliance. The VPN
gateway is responsible for encapsulating and encrypting outbound traf?¬?c for all the traf?¬?c
from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN
gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts
the content, and relays the packet toward the target host inside its private network.
Remote access is an evolution of circuit-switching networks, such as plain old telephone
service (POTS) or ISDN.
Pages:
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448