VPN Technology : Basics about Easy VPN

Today I am going to talk about one of the VPN technology and now used many of the enterprises in their network. The VPN technology which we are going to talk about is Easy VPN. 

Easy VPN is an IP Security (IPsec) and virtual private network (VPN) solution where we centralizes VPN management across all Cisco VPN devices, thus reducing the management complexity of VPN deployments. Below is the basic topology showing the Easy VPN deployment

Fig 1.1- Easy VPN


What are the various components of Easy VPN ?
Easy VPN has three components and these components are Easy VPN Client, Easy VPN Remote, and Easy VPN Server.

Easy VPN Client
Easy VPN Client permits mobile workforces to generate a remote-access VPN connection to a Cisco Easy VPN Server. Cisco Easy VPN Client mentions to the VPN Client, which is also normally signified to as the Software VPN Client

Easy VPN Remote
Easy VPN Remote permits  routers and security appliances to establish a site-to-site VPN connection to a Easy VPN Server without complicated remote-side configuration. Cisco Easy VPN Remote is also normally signified to as a hardware client.

Easy VPN Server
Easy VPN Server acknowledges connections from Easy VPN Client and Remote, guarantees that those connections have latest policies in place before the connections are established. All Easy VPN Servers are interoperable with all Easy VPN Client and Remote.

What are the benefit of Cisco Easy VPN solution ?
Consumers that demand to deploy and manage comprehensive site-to-site and remote-access VPNs should consider a Cisco Easy VPN solution because of its oversimplification of VPN management and configuration. 

Easy VPN upkeeps quality of service (QoS) and multicast, but if there is a necessity to support dynamic routing protocols or direct spoke-to-spoke communications, Dynamic Multipoint VPN (DMVPN) as the preferred site-to-site VPN solution instead of Easy VPN solution.

In short, Easy VPN Simplifies IPsec and remote-site device management through dynamic configuration policy-push and it supports QOS. Configuration and management is the primary goal but only restricted networking descriptions are required.

The product supports basically, Cisco ASA 5500 Series, Cisco VPN 3000 Series, and Cisco PIX Firewall

What authentication mechanism does Easy VPN provide ?
Easy VPN Remote feature supports a two-stage method for authenticating the remote router to the central concentrator. 

The first step is Group Level Authentication and is part of the control channel formation. In this first stage, two types of authentication credentials can be used like it can either pre-shared keys or digital certificates. The second authentication step is called Extended Authentication.

we will talk about the Extended Authentication in our next article.

Basic configuration Easy VPN Client in Client Mode
ip ssh time-out 120 
ip ssh authentication-retries 3 
crypto ipsec client ezvpn easy_vpn_remote 
connect auto 
group ezvpn key ezvpn 
mode client
peer 10.10.6.1
interface FastEthernet0/0 
ip address 10.4.4.2 255.255.255.0 
speed auto 
crypto ipsec client ezvpn easy_vpn_remote inside 
interface Serial0/0 
ip address 10.10.6.2 255.255.255.0 
no fair-queue 
crypto ipsec client ezvpn easy_vpn_remote
interface Serial1/0 
ip address 10.5.5.2 255.255.255.0 
clock rate 4000000 
crypto ipsec client ezvpn easy_vpn_remote inside 
ip classless 
no ip http server 
ip pim bidir-enable