VPN - Vanguard Networks

More documents

Recommendations

Info

Vanguard VPN Tunneling Outbound Processing For LAN tunnels, IP/IPX/Bridge packets reach the tunnel module if there is a matching tunnel configured in the tunnel configuration. Packets (payload) are encapsulated with a new IP header with source and destination address configured in the matching tunnel entry. Packets are sent out on the LAN link, if a LAN tunnel is configured or a WAN link if a WAN tunnel is configured. Figure 2-6 shows an example: Packets Out LCON WAN Tunnel LCON Non Tunnel Packets Tunnel Packets Tunnel Packets Packets In Packets Out ETH/Token Ring Handler LAN Tunnel IP/IPX/ Bridge Figure 2-6. Outbound Packet Flow When a Tunnel is Over a LAN Multiple Tunnels over a Single LCON A user can configure multiple tunnels on a single LCON. The user configures each tunnel with a different destination address and configures all of the tunnels with the same LCON. Multiple Tunnels to the Same Destination over a Single LCON Encryption on Tunnels A user might need to support multiple tunnels between two end-points. This is useful if the user needs to enable encryption on one tunnel and disable encryption on another tunnel. Multiple tunnels can be configured by inputting different source addresses for each of the tunnels. Encryption can be either enabled or disabled for all traffic going through the tunnel. Vanguard products currently provide tunnel mode encryption. 2-6 Tunneling
Vanguard VPN Tunneling Traffic Types Fragmentation and Reassembly Network Address Translation (NAT) Tunnel Source Address Access Control Policy Based Routing Quality of Service Grouped LCON Vanguard Networks Routers support tunneling for following traffic types: • IP • IPX • Routing protocols: RIP-v1, RIP-v2, OSPF and BGP • Broadcast packets such as local, directed and all subnet broadcasts • Bridge Fragmentation and Reassembly of the packet is done by the tunnel. If the packet size after adding the GRE header and Encryption header (if configured) exceeds the link’s MTU, then IP level fragmentation is done by the tunnel. On the remote side, when a fragmented packet is received by the tunnel, it waits for all the fragments before performing other tunnel operations like GRE header removal and Decryption. NAT static, external address can be used as a tunnel source address. NAT does not work on a tunnel/virtual interface. Do not configure tunnel/virtual interface as NAT internal or external interfaces. If Network Address Translation (NAT) is enabled and the LCON interface is external, then the tunnel source address should be configured as one of the external addresses configured for that LCON interface. The tunnel source address should be configured by the user. It is usually one of the numbered LCON physical interface addresses. Vanguard Networks routers do not support access control for tunneled packets. On the sending side, access control (if enabled) is performed before tunneling. On the receiving end, the tunnel is identified first (decapsulate tunnel header) and then access control is applied on the decapsulated packet. Policy Based Routing, along with tunneling, achieves flow based tunneling. In the Policy Based Routing configuration, you can choose the next hop address as the tunnel’s interface address. When a packet matches the flow, it is forwarded to the corresponding tunnel. Currently, Quality of Service (QoS) can be configured on LCONs. QoS cannot be configured on individual tunnels. The policy of the connected LCON is applied to the tunnel packets that travel over that LCON. Since QoS is not supported for LAN links/interfaces, Qos is not supported for LAN tunnels. The tunnel does not make any distinction between a Grouped or Point-to-Point LCON. Since only one LCON can be configured per tunnel, the tunnel simply forwards the packet to the configured LCON which can either be Grouped or Point-to-Point. Tunneling 2-7 T0103-10, Revision L Release 7.3
Page 1 and 2: Vanguard Applications Ware Multi-Se
Page 3: Notice (continued) Proprietary Mate
Page 6 and 7: VPN Technical Glossary
Page 8 and 9: What is a VPN What is a VPN Introdu
Page 10 and 11: VPN Applications Transporting IPX o
Page 12 and 13: VPN Applications Tunnel Level Backu
Page 14 and 15: VPN Applications RTP/UDP/IP compres
Page 16 and 17: In addition, you can establish mult
Page 18 and 19: Vanguard VPN Tunneling Vanguard VPN
Page 22 and 23: Vanguard VPN Tunneling Dynamic Tunn
Page 24 and 25: Vanguard VPN Tunneling Supported Pl
Page 26 and 27: Vanguard VPN Tunneling Remote Node
Page 28 and 29: po wer RemoteVU Guardian hard drive
Page 30 and 31: Vanguard VPN Tunneling Dynamic Tunn
Page 32 and 33: Vanguard VPN Tunneling Statistics o
Page 34 and 35: Generic Routing Encapsulation (GRE)
Page 36 and 37: Generic Routing Encapsulation (GRE)
Page 38 and 39: Tunnel Configuration Tunnel Configu
Page 40 and 41: Tunnel Configuration GRE Configurat
Page 42 and 43: Tunnel Configuration Tunnel Destina
Page 44 and 45: Tunnel Configuration NHRP Network I
Page 46 and 47: Tunnel Configuration Configuration
Page 48 and 49: Tunnel Configuration Configure Encr
Page 50 and 51: Tunnel Configuration Two remote IPX
Page 52 and 53: Tunnel Configuration Tunnel Support
Page 54 and 55: Tunnel Boot Boot Tunnel Menu To boo
Page 56 and 57: Statistics General Tunnel Statistic
Page 58 and 59: Statistics NHRP Mapping Statistics
Page 61 and 62: Chapter 3 IP Security Overview Intr
Page 63 and 64: Vanguard IP Security Vanguard IP Se
Page 65 and 66: Vanguard IP Security Site-to-Site I
Page 67 and 68: IPSec Configuration IPSec Profile T
Page 69 and 70: IPSec Configuration Node: Address:
Page 71 and 72:
IPSec Configuration ISAKMP SA Lifet
Page 73 and 74:
IPSec Configuration ESP Encryption
Page 75 and 76:
IPSec Configuration Perfect Forward
Page 77 and 78:
IPSec Configuration IPSec Configura
Page 79 and 80:
IPSec Configuration GRE_IPSec Examp
Page 81 and 82:
IPSec Configuration ISAKMP Aggressi
Page 83 and 84:
IPSec Configuration ISAKMP Aggressi
Page 85 and 86:
Statistics Statistics Introduction
Page 87 and 88:
Statistics Term ISAKMP SA Lifetime
Page 89 and 90:
Statistics Possible Channel State S
Page 91 and 92:
Statistics SNMP IPSec Statistics In
Page 93 and 94:
Chapter 4 Digital Certificates and
Page 95 and 96:
X.509 Digital Certificate Version S
Page 97 and 98:
Simple Certificate Enrollment Progr
Page 99 and 100:
Detailed Functional Description Det
Page 101 and 102:
Detailed Functional Description Cer
Page 103 and 104:
Configuration Configuration CA Conf
Page 105 and 106:
Configuration Polling Limit Range:
Page 107 and 108:
Configuration Node: Nodename Addres
Page 109 and 110:
Configuration Key Size Field Name C
Page 111 and 112:
Configuration Certificate Managemen
Page 113 and 114:
Configuration CA Configuration CA C
Page 115 and 116:
Configuration IPSec Configuration I
Page 117 and 118:
VPN Technical Glossary List of Acro
Page 119 and 120:
Index A Address on the Statistics S
show all

VPN - Vanguard Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?