Class Activity - VPN Planning Design

Objective
Explain the use of VPNs in securing site-to-site connectivity in a small- to medium-sized business network.

Scenario
Your small- to medium-sized business has received quite a few new contracts lately. This has increased the
need for teleworkers and workload outsourcing. The newcontract vendors and clients will also need access to
your network as the projects progress.
As network administrator for the business, you recognize that VPNs must be incorporated as a part of your
network strategy to support secure access by the teleworkers, employees, and vendors or clients.
To prepare for implementation of VPNs on the network, you devise a planning checklist to bring to the next
department meeting for discussion.

Resources
 World Wide Web access
 Packet Tracer software
 Word processing software

Step 1: Visit theVPN Discovery Tool, or any other Internet site with VPN-implementation, or
planning checklist examples.

Step 2: Use Packet Tracer to draw the current topology for your network; no device
configurations are necessary. Include:
 Two branch offices:the Internet cloud and one headquarters location
 Current network devices:servers, switches, routers/core routers, broadband ISR devices, and local user
workstations

Step 3: On the Packet Tracer topology, indicate:

a. Where you would implement VPNs?
b. What types of VPNs would be needed?
1) Siteto site
2) Remote access

Step 4: Using a word processing software program, create a small VPN planning checklist
based on your research from Step 1.

Step 5: Share your work with the class, another group, or your instructor.

© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Class Activity - VPN Planning Design

Step 1
Some other important things to consider before building the infrastructure to allow your company to go mobile:
* Before buying, ask vendors how they test their products for security.
* Review software on the basis of security features.
* Have a process for monitoring vulnerability of the network.
* Install the latest patches, but first check newsgroups and other sources for patch anomalies.
* After adding new programs or hardware, install the latest patches.
* Use an automated tool to scan all PCs in the network for compliance and automatically download patches as
appropriate.
* Use open standards such as Security Assertion Markup Language (SAML) when developing software
architecture. SAML allows businesses to make statements regarding the identity, attributes and entitlements of a
user to other entities.
* Do not use one server for multiple purposes (for example, Web server plus DNS server); the more services, the
more vulnerabilities.
* Install firewalls inside the network, not just on the perimeter; segregate departmental applications.
* Deploy intruder-detection systems internally and within each network segment system administrators.
* Use one-time passwords - they can be intercepted but will be invalid for future sessions.

Step 3
Virtual private networks generally don't provide any new functionality that isn't already offered through alternative
mechanisms, but a VPN implements those services more efficiently and cheaply in most cases. Specifically, a
VPN supports at least three different modes of use:
 Internet remote access client connections
 LAN-to-LAN inter-networking
 Controlled access within an intranet

© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2