| This chapter explained how to deploy IPsec VPNs on the security appliance and how to monitor those sessions. It included client configuration as well as ASA/PIX Security Appliance configuration using ASDM. You have now completed all the steps to deploy defense in depth in your network. You have Configured your initial security appliance and connected it to the Internet (Chapter 5). Added a web and a mail server (Chapter 6). Deployed authentication to the ASA/PIX Security Appliance and authenticated connections to web services (Chapter 7). Deployed perimeter protection (Chapter 8). Deployed intrusion detection (Chapter 9). Deployed host intrusion prevention (Chapter 10).
In this chapter, you deployed VPN on your ASA/PIX Security Appliance. VPN enables employees and partners to work remotely and have complete secure access to your internal network. VPNs have the following security attributes: User sessions are authenticated with usernames and passwords. Tunnels are authenticated with secret preshared keys. Data is encrypted so that it cannot be sniffed off of the network. Data is authenticated using a private key so that you know the data came from the trusted client that authenticated on your network. Networking dialup costs are reduced because your remote users can dial local ISPs to connect with VPN, reducing long-distance and toll-charged phone costs.
You used ASDM to configured VPN tunnels and to monitor and control the tunnels. VPN monitor statistics gave you all the information the ASA/PIX Security Appliance has about VPN tunnels, including the following: Number of tunnels Username of the connection Tunnel group name of the connection IP address information Protocol encryption information Login time duration Bytes in and bytes out Full session information, including IKE parameters and ports used Access lists applied to the sessions IKE and IPSec parameters
In additional to viewing statistics, the monitor control panel also conveniently gives you substantial control over your VPN tunnels. It enables you to Log out a VPN tunnel. Ping a client with an established tunnel. Log out a tunnel by username, IP address, tunnel group, or protocol.
|