Content Overview Modern companies
employ people who cannot commute to work every day or for whom
working out of a home office is more practical. These people,
called teleworkers, must connect to the company network so that
they can work from their home offices. Other workers may make
use of the technologies described in this module when traveling
or working at remote sites. This module explains some of the
many different ways to provide secure, fast, and reliable
remote connections to teleworkers. Web Links
Enterprise Architectures
http://www.cisco.com/en/US/netsol/ns517/networking
_solutions_market_segment_solutions_home.html Security &
VPN
http://cisco.com/en/US/products/hw/vpndevc/index.html
CableLabs
http://www.cablelabs.com/ Long Reach
Ethernet & Digital Subscriber Line (xDSL)
http://www.cisco.com/en/US/tech/tk175/tsd_
technology_support_category_home.html RFC2516 A Method for
Transmitting PPP over Ethernet (PPPoE)
http://www.faqs.org/rfcs/rfc2516.html RFC1483 Multiprotocol
Encapsulation Over ATM Adaptation Layer 5
http://www.faqs.org/rfcs/rfc1483.html
Content 2.1
Describing Remote Connection Topologies for
Teleworkers 2.1.1 Remote Connection Topologies
for the Teleworker Companies require secure, reliable, and
cost-effective means by which to connect an increasing number
of teleworkers working in small offices/home offices (SOHOs)
and other remote locations. The previous lesson explained how
the Cisco Enterprise Architecture framework provides solutions
to meet all remote connectivity requirements. This lesson
focuses on the teleworker. To review, recall that Cisco
Enterprise Architecture provides the building blocks to build a
secure network that supports advanced technologies over the
entire network. There are three main goals of the Cisco
Enterprise Architecture framework: -
Protection: Cisco Enterprise Architecture helps avoid,
mitigate, and rapidly recover from potentially costly business
threats or disruptions by ensuring continuous access to
applications, services, and data.
- Lower cost of
operations: Cisco Enterprise Architecture helps reduce
management and operational overhead as well as deployment and
maintenance expenses.
- Growth: Cisco Enterprise
Architecture allows for the efficient and effective addition of
new users, branches, applications, and services. This provides
a scaleable network and allows businesses to grow quickly to
accommodate emerging technologies and new products.
Figure illustrates the remote connection topologies that modern
enterprise networks use to connect remote locations. In some
cases, the remote locations are connected only to the
headquarters (HQ), while in other cases remote locations must
be connected to multiple sites. The SOHO in the figure is
connected to both the branch office and HQ. The teleworker is
connected only to the corporate headquarters. Figure displays
three remote connection options that Cisco Enterprise
Architecture offers: - Layer 2 VPN: Traditional
private WAN Layer 2 technologies including Frame Relay, ATM,
and leased lines provide many remote connection solutions. The
security of these connections depends on the service
provider.
- IP VPN: Service provider
Multiprotocol Label Switching (MPLS)-based IP Virtual Private
Networks (VPNs) offer flexible and scalable connectivity. The
security level of connections without additional security
protocols (e.g., IPsec) deployment is almost the same as with
traditional private WAN Layer 2 technologies.
- Internet: The most common option for teleworkers is
site-to-site connection and remote access over broadband to
establish an IPsec VPN over the public Internet. This setup can
provide a secure, fast, and reliable remote connection to
teleworkers. A less reliable means of connectivity is
dialup.
In general, broadband refers to
telecommunication in which a wide band of frequencies is
available to transmit information. Because a wide band of
frequencies is available, information can be multiplexed and
sent on many different frequencies or channels within the band
concurrently, allowing more information to be transmitted in a
given amount of time (much as more lanes on a highway allow
more cars to travel on it at the same time). Broadband is
generally defined as any sustained speed of 200K or more.
Broadband options include digital subscriber line (DSL),
high-speed cable modems, fast downstream data connections from
direct broadcast satellite (DBS) and fixed wireless providers.
The most common problem with broadband access is lack of
coverage area.
Content 2.1 Describing
Remote Connection Topologies for Teleworkers 2.1.2
The Teleworker Solution The enterprise teleworker
broadband solution delivers an always-on, secure voice and data
service to remote small or home offices creating a flexible
work environment. Centralized management minimizes support
overhead and costs. Integrated security allows easy extension
of HQ security policies to teleworkers. The always-on VPN
grants employees easy access to authorized services and
applications. Adding IP phones enhances productivity by
allowing access to centralized IP communications with voice and
unified messaging.The teleworker solution provides the
following benefits: - Continuity of operations in case
employee access to the workplace is lost due to inclement
weather, commuter traffic, natural disasters and other
unpredictable events
- Increased responsiveness across
functional, business, and decision-making boundaries
- Secure, reliable, and manageable employee access to
critical network resources and confidential information
- Data, voice, video, and real-time applications extended
over one common network connection, cost-effectively
- Increased employee productivity, satisfaction, and
retention
Using IPsec technology over the Internet
makes the teleworker solution secure and cost-effective to
deploy.
Content 2.1 Describing Remote
Connection Topologies for Teleworkers 2.1.3
Options for Connecting the Teleworker Teleworkers typically
use diverse applications (for example, e-mail, web-based
applications, mission-critical applications, real-time
collaboration, voice, video, and videoconferencing) that
require a high-bandwidth connection. The choice of access
network technology and suitable bandwidth should be the first
consideration addressed when connecting teleworkers.
Residential cable and DSL are two options that provide high
bandwidth to teleworkers. The low bandwidth provided by a
dialup modem connection is usually not sufficient for the
teleworker solution. A modem dialup connection should only be
considered when other options are unavailable. These are the
infrastructure services options that are available: -
IPsec VPN: An IPsec VPN establishes a secure tunnel in a
broadband connection between a teleworker remote site and the
central site. Site-to-site VPNs provide an always-on
transparent VPN connection. Remote access VPNs provide
on-demand secured connections.
- Security:
Security options safeguard the corporate network and close
unguarded back doors. Deploying firewall, intrusion prevention,
and URL filtering services meets most security needs. Depending
on the enterprise corporate security policy, split tunneling