Complex Network Deployments; Integrating With Vpns - Cisco 7010 Installation Manual
Firepower 7000 series; firepower 8000 series
Hide thumbs
Also See for 7010:
- Product user manual (151 pages) ,
- Help manual (132 pages) ,
- Replacement instructions manual (23 pages)
Table of Contents
Complex Network Deployments
Complex Network Deployments
Your enterprise's network may require remote access, such as using a VPN, or have multiple entry
points, such as a business partner or banking connection.
Integrating with VPNs
Virtual private networks, or VPNs, use IP tunneling techniques to provide the security of a local network
to remote users over the Internet. In general, VPN solutions encrypt the data payload in an IP packet.
The IP header is unencrypted so that the packet can be transmitted over public networks in much the
same way as any other packet. When the packet arrives at its destination network, the payload is
decrypted and the packet is directed to the proper host.
Because network appliances cannot analyze the encrypted payload of a VPN packet, placing managed
devices outside the terminating endpoints of the VPN connections ensures that all packet information
can be accessed. The following diagram illustrates how managed devices can be deployed in a VPN
environment.
You can replace the firewall and the tap on either side of the VPN connection with the managed device.
Note that if you replace the tap with a managed device, you lose the tap packet delivery guarantee.
Firepower 7000 and 8000 Series Installation Guide
3-18
Chapter 3
Deploying Firepower Managed Devices
Hide quick links:
Chapters
Table of Contents
