|
Figure 40.1 |
Illustration of a firewall that is used to protect an organization against unwanted interaction with the Internet. |
|
|
Figure 40.2 |
Illustration of the location of a packet filter. The filter software is configured to discard specified packets as they pass from one network to another. |
|
|
Figure 40.3 |
The architecture of a firewall with a secure host bracketed by two packet filters. One filter restricts incoming packets, and the other restricts outgoing packets. |
|
|
Figure 40.4 |
(a) The physical Internet connections between routers at three sites of an organization, and (b) the equivalent logical connections created by VPN software running on the routers. |
|
|
Figure 40.5 |
IP-in-IP encapsulation used over a VPN. (a) A datagram, (b) the encrypted version of the datagram, and (c) the encrypted version encapsulated in another datagram for transmission across the Internet. |
|
Image 7_001 |
A Cisco 7100 VPN router, which can serve as the endpoint for site-to-site or remote-to-site virtual private networks. It can also provide data encryption, firewall and bandwidth management functions. |
