Introduction

Virtual private networks (VPNs) provide secure communications between internal networks over a public network (such as the Internet, for example). Connecting private networks or hosts by securely tunneling through a public network infrastructure has both commercial and practical applications. VPNs can connect branch offices, mobile users, and business partners.

VPNs ensure confidentiality and authentication. VPNs provide a number of solutions, including economical connectivity between offices (using site-to-site VPNs) and the ability to provision connections quickly (simply by installing VPN hardware on an existing Internet connection instead of having to wait for a dedicated leased line or Frame Relay PVC to be installed). Remote access VPNs provide connectivity for mobile workers or telecommuters, allowing them to securely gain access to their home network, regardless of where they are or how they connect.

The PIX firewall supports both site-to-site and remote access VPNs using IPsec. VPNs can be very complicated, and a single connection might be implemented using a combination of many protocols that work together to provide tunneling, encryption, authentication, access control, and auditing.

A new emerging contender in the VPN world, WebVPN (also known as an SSL VPN), was not supported at the time this book was going to press. According to contacts at Cisco, the feature is being researched for incorporation into future updates of 7.0.

This chapter shows how to configure VPNs on the PIX firewall. We will configure site-to-site VPNs using IPsec and IKE with preshared keys and digital certificates. The PIX firewall can act as...