A practical guide for comparing, designing, and deploying IPsec, MPLS Layer 3, L2TPv3, L2TPv2, AToM, and SSL virtual private networks

• Explore the major VPN technologies and their applications, design, and configurations on the Cisco IOS® Router, Cisco® ASA 5500 Series, and the Cisco VPN 3000 Series Concentrator platforms

• Compare the various VPN protocols and technologies, learn their advantages and disadvantages, and understand their real-world applications and methods of integration

• Find out how to design and implement Secure Socket Layer (SSL) VPNs, including consideration of clientless operation, the Cisco SSL VPN Client, the Cisco Secure Desktop, file and web server access, e-mail proxies, and port forwarding

• Learn how to deploy scalable and secure IPsec and L2TP remote access VPN designs, including consideration of authentication, encryption, split-tunneling, high availability, load-balancing, and NAT transparency

• Master scalable IPsec site-to-site VPN design and implementation including configuration of security protocols and policies, multiprotocol/ multicast traffic transport, NAT/PAT traversal, quality of service (QoS), Dynamic Multipoint VPNs (DMVPNs), and public key infrastructure (PKI)

Virtual private networks (VPNs) enable organizations to connect offices or other sites over the Internet or a service provider network and allow mobile or home-based users to enjoy the same level of productivity as those who are in the same physical location as the central network. However, with so many flavors of VPNs available, companies and providers are often hard pressed to identify, design, and deploy the VPN solutions that are most appropriate for their particular network architecture and service needs.

Comparing, Designing, and Deploying VPNs brings together the most popular VPN technologies for convenient reference. The book examines the real-world operation, application, design, and configuration of the following site-to-site VPNs: Layer 2 Tunneling Protocol version 3 (L2TPv3)-based Layer 2 VPNs (L2VPN); Any Transport over MPLS (AToM)-based L2VPN; MPLS Layer 3-based VPNs; and IP Security (IPsec)-based VPNs. The book covers the same details for the following remote access VPNs: Layer 2 Tunneling Protocol version 2 (L2TPv2) VPNs; L2TPv3 VPNs; IPsec-based VPNs; and Secure Socket Layer (SSL) VPNs. Through the operation, application, and configuration details offered in each chapter, you’ll learn how to compare and contrast the numerous types of VPN technologies, enabling you to consider all relevant VPN deployment options and select the VPN technologies that are most appropriate for your network.

Comparing, Designing, and Deploying VPNs begins with an introduction of the types of VPNs available. Subsequent chapters begin with an overview of the technology, followed by an examination of deployment pros and cons that you can use to determine if the particular VPN technology is appropriate for your network. Detailed discussion of design, deployment, and configuration make up the heart of each chapter. Appendix A offers insight into two multipoint emulated LAN services that can be deployed over a MAN or WAN: Virtual Private LAN Service (VPLS) and IP-only Private LAN Service (IPLS).

If you are a network architect, network engineer, network administrator, an IT manager, or CIO involved in selecting, designing, deploying, and supporting VPNs, you’ll find Comparing, Designing, and Deploying VPNs to be an indispensable reference.

This book is part of the Cisco Press® Networking Technology Series, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 3 Ratings

Another great VPN technologies book from Mark Lewis - 2006-06-03
Reviewer Rating:
"Comparing, Designing and Deploying VPNs" introduces various and the most popular VPN technologies, provides explanation on how to select the appropriate VPNs, as well as how to design and deploy them. The book shows each VPN technologies in details, their capabilities and configurations.

The book starts with defining what VPN is, explaining what various VPNs are available and their comparisons. The first chapter introduces a lot of acronyms such as VPWS, VPLS, L2TPv2/v3, AToM and others). It also provides a summary table of technical consideration for selecting each Site-to-Site VPN and Remote Access technologies and a flowchart of all VPN technologies. Both the tables and flowcharts are very useful for reference before progressing to the next chapters.

The book dedicates the next 6 chapters (about 500 pages!) explaining Site-to-Site VPNs starting from designing, deploying and configuring L2TPv3 based Layer 2 VPN, Any Transport over MPLS (AToM) based Layer 2 VPN, MPLS Layer 3 Site-to-Site VPN and Site-to-Site IPSecs VPN. It provides in-depth explanation on how each VPN operates, many elaborate configuration samples with explanation of each commands used, and some advanced designs and deployments.

The first 6 chapters also have the most typos. For instance, in a couple of page, the author refers to previous diagrams by providing the page number xx instead of the actual page number. However, all of these typos are minor and can be ignored.

The next 3 chapters focus on Remote Access VPNs. They cover the design and implementation of L2TPV2 and V3 remote access VPNS, IPSec remote access and finally SSL remote access (WebVPN). They provide several configuration examples on how to implement the remote access VPNs in several VPN gateways from IOS routers, VPN 3000 Series Concentrators, and the new Cisco ASA 5500 series appliance.

The book assumes that the readers already have an extensive knowledge of IGP routing protocols (RIP, EIGRP, ISIS, OSPF), Quality of Service (QoS) and especially BGP. Without knowing them, readers will find difficulties in understanding the examples given as the book uses them extensively. I recommend readers to read Jeff Doyle's "Routing TCP/IP Volume 1 Second Edition" and "Routing TCP/IP volume 2 as well to understand IGP and BGP routing protocols in-depth.

I liked this book a lot and certainly will recommend others to read this. I gave the book five out of five stars for its good explanations, configuration and examples. The book is very technical but well written and provides a lot of examples that can be well understood. Since this is a CiscoPress release book, all of the hardware design and configuration are based on Cisco equipments.

The book has helped me greatly in understanding the different flavors of VPNs available. The IPSec VPN and Remote Access VPN chapters alone are very useful for the VPN project I am currently involved with and they already justify the purchase of this book.

Mark Lewis, the author, is a CCIE who has real work experiences in Service Provider VPN technologies. I also recommend his other book "Troubleshooting Virtual Private Networks (VPN)".

More Acronyms than you can Imagine - 2006-05-01
Reviewer Rating:
You would think that a VPN should be a fairly simple thing. But of course it isn't. Over a surprisingly short time various companies, groups of companies, standards organizations and seemingly anyone who wants to can come up with a new set of initials to define something special. Just a few examples include: GRE. AToM, Q-in-Q, MPLS LSP, L2F, PPTP. And of course they all mean something that is just a little bit different. This book starts out defining all these and more.

The second part of the book covers site-to-site VPNs. This part has six chapters, and basically each chapter talks about designing and deploying different types of VPNs. The third part of the book is on Remote Access VPNs, covering situations like the telecommuting worker or the salesman out on the road.

This book is by Cisco press so, as you might expect, it concentrates on the use of Cisco equipment. This is not unreasonable as Cisco produces a lot of VPN equipment. Also as you would expect from a Cisco title, the information is complete and accurate. In this book it is also very well written in a language that can be understood. All in all, quite a good book

Useful content could be condensed to 1/3 this book's size - 2008-09-11
Reviewer Rating:
If the author of this book had used a slightly smaller font size, cut down on the number of useless program outputs and screen shots, and cut down on the "fluff" in his text, this book could have fit easily in 300-400 pages and the content would be much easier to digest. In its current form, however, there's a lot of chatter and only tidbits of useful information interspersed seemingly at random.

The author appears to have cut and pasted like a madman anything remotely related to VPNs and the result is something that looks more like a scrapbook than a professional reference. I understand and appreciate the importance of including program output as much as the next person, but you don't have to include the entire output, including banner text, each and every time you run ping or traceroute or netstat, and you definitely don't need to print it in 14pt Courier font each time either.

I bought this book to help me with a VPN I was implementing for a small business, and of the 1000+ pages in this book, there were only around 15-20 pages of info, or about 2%, that was truly pertinent. From the moment I started digging through this tome looking for help on IPSec I was bored to tears by all the program output and sometimes poor quality snapshots that were pasted from other sources.

No doubt there's pertinent info in this book on the subject of VPNs, but in my opinion it's poorly and inefficiently organized, which ultimately serves to diminish the value of this text. If you're fortunate enough to find the specific topic in the index and get the answer you need on the first hit, hurray! More often than not, though, I suspect you'll find yourself wading through page after page of computer-generated text, growing frustrated to the point that you hit the Internet looking for something better.

Browse Similar Topics

Top Level Categories:
Networking

Sub-Categories:
Networking > VPN