2 theoretical types of VPN connections exist. They are either remote-access or s

Question

2 theoretical types of VPN connections exist. They are either remote-access or site-to-site. Your supervisor is asking you the difference between the 2 because your company is wanting to install a VPN to allow users to telecommute a few days a week. In order for this to occur, employees need to have access to the corporate network. Before you meet with your supervisor, you have to have key factual information ready during your meeting that compares and contrasts the two VPN types. focus on the key points of the two types of VPN connections with a recommendation for your supervisor

Explanation / Answer

A client-based VPN is a virtual private network created between a single user and a remote network. There’s often an application involved to make the VPN connection.

In most scenarios, the user manually starts the VPN client, and authenticates with a username and password. The client creates an encrypted tunnel between the user’s computer and the remote network. The user then has access to the remote network via the encrypted tunnel.

Examples of client-based VPN applications include Cisco’s AnyConnect, Pulse (formerly Juniper), and Palo Alto Networks’ GlobalProtect.

Windows, Mac, and mobile operating systems often have standards-based VPN client options built-in. For example, Mac OS X 10.10 includes L2TP (Layer 2 Tunneling Protocol) over IPsec and PPTP (Point-to-Point Tunneling Protocol). Even Cisco IPsec, which is standards-based plus some Cisco enhancements, is an included option for Mac users.

Note that while IPsec was the client VPN protocol of choice for many years, SSL is more often used these days. For example, Cisco no longer updates their legacy IPsec client. Instead, Cisco’s premier client VPN solution, AnyConnect, uses SSL.

Client-based VPN apps make it easy for your users to connect their laptops or mobile devices to your private resources from anywhere. For example, I use a VPN client on my iPhone, iPad, and Mac to connect to headquarters when I’m traveling. This allows me to manage my network remotely across the secure VPN tunnel that’s been stood up between my device and the headquarters firewall.

In addition to basic connectivity, VPN clients often offer enhanced security features. One is the ability to carefully inspect a user’s device before allowing them onto the network. For example, during the authentication process, the Cisco AnyConnect client can verify (among other things) that the device has a particular version of anti-virus software installed and is part of a specific Windows domain. This provides IT teams the ability to reject client VPN devices for reasons other than simple authentication failure.

Premium VPN clients come at a licensing cost. While the client software might be free, the firewall is typically licensed by the number of simultaneous VPN connections that are allowed. For example, you might have 1,000 VPN clients deployed to your users’ devices, but only need to license the firewall to support 500 of those at any given time.

Network-based VPNs

Network-based VPNs are virtual private networks that securely connect two networks together across an untrusted network. One common example is an IPsec-based WAN, where all the offices of a business connect to each other across the Internet using IPsec tunnels.

There are several kinds of network VPNs. We’ll look at three of the most common:

IPsec tunnels, both route-based and policy-based
Dynamic multipoint VPNs
MPLS-based L3VPNs

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.