VPN - Vanguard Networks

More documents

Recommendations

Info

What is a VPN What is a VPN Introduction Advantages of a VPN Requirements of a VPN A Virtual Private Network (VPN) is a network that has the appearance and many of the advantages of a dedicated link but occurs over a shared network. Using a technique called “tunneling,” packets are transmitted across a public routed network, such as the Internet or other commercially available network, in a private “tunnel” that simulates a point-to-point connection. This approach enables network traffic from many sources to travel through separate tunnels across the same infrastructure. VPN allows network protocols to traverse incompatible infrastructures. VPN also enables traffic from many sources to be differentiated, so that it can be directed to specific destinations and receive specific levels of service. A VPN provides following advantages: • Cost Effectiveness - Infrastructure Cost - By using a VPN, a company need not invest money on connectivity equipment like leased lines, WAN switches etc. The connectivity is provided by the service provider. - Operational Cost - Costs involved with maintaining leased lines or a private WAN along with the money spent on people to maintain them can be avoided. • Manageability - A VPN is more easily managed when compared to a fully private network. Below are some of the requirements of a VPN: • Connectivity - There needs to be network connectivity among the various corporate sites. This connectivity is typically used through the Internet. • Security - Data exchanged between the various corporate sites is confidential. When data is sent over a public network it is usually encrypted. The encryption algorithm must be robust enough to withstand any type of snooping. • Address Management - The Addresses of the clients on each of the private sites should not be the ones used in the public domain, however, packets sent out onto the public network must have public source/destination addresses. • Multiprotocol Support - The solution must be able to handle common protocols used in the corporate network. 1-2 Virtual Private Network
VPN Applications VPN Applications Tunneling and Address Translation Figure 1-1 shows a network diagram of a company that has three sites (A, B, and C) connected to the Internet. The Internet has assigned 15.0.1.2 to Site A, 17.0.1.18 to Site B and 215.1.84.3 to Site C. The company is using 10.0.x.x as its private IP address space. Each site is given a distinct IP subnet address from 10.0.x.x. • It is required that any host in any site (example H1) should be able to communicate with any host (example X1) in the Internet. • It is required that any host (example H1) should be able to communicate with any other host (example H2) in any of the company’s sites using the destination’s private address. i.e. H1 should be able to communicate with H2 using H2’s private address 10.0.3.8. The above requirements can be met by using following solutions: • NAT can be enabled on the interfaces which are connected to the Internet. When the packet from H1 reaches R1 and is destined for X1, R1 translates the source address 10.0.1.5 to 15.0.1.2 and sends it to X1 and does destination address translation when a reply comes back from X1. • Three tunnels can be established between R1 to R2, R2 to R3 and R1 to R3. When a packet is sent from H1 to H2, the original packet is tunneled by appending a tunnel header and an IP header. The new IP header uses the public address 15.0.1.2 as source address and 215.1.84.3 as destination address. When the tunneled packet reaches R2, the packet is decapsulated and the original packet is sent to H2. Site A 10.0.1.0 R1 15.0.1.2 Internet 17.0.1.18 Site B 10.0.2.0 R3 H1 180.1.50.2 X1 H3 10.0.1.5 10.0.2.6 Site C 10.0.3.0 215.1.84.3 R2 H2 10.0.3.8 Figure 1-1. Tunneling and Address Translation Virtual Private Network 1-3 T0103-10, Revision L Release 7.3
Page 1 and 2: Vanguard Applications Ware Multi-Se
Page 3: Notice (continued) Proprietary Mate
Page 6 and 7: VPN Technical Glossary
Page 10 and 11: VPN Applications Transporting IPX o
Page 12 and 13: VPN Applications Tunnel Level Backu
Page 14 and 15: VPN Applications RTP/UDP/IP compres
Page 16 and 17: In addition, you can establish mult
Page 18 and 19: Vanguard VPN Tunneling Vanguard VPN
Page 20 and 21: Vanguard VPN Tunneling Outbound Pro
Page 22 and 23: Vanguard VPN Tunneling Dynamic Tunn
Page 24 and 25: Vanguard VPN Tunneling Supported Pl
Page 26 and 27: Vanguard VPN Tunneling Remote Node
Page 28 and 29: po wer RemoteVU Guardian hard drive
Page 30 and 31: Vanguard VPN Tunneling Dynamic Tunn
Page 32 and 33: Vanguard VPN Tunneling Statistics o
Page 34 and 35: Generic Routing Encapsulation (GRE)
Page 36 and 37: Generic Routing Encapsulation (GRE)
Page 38 and 39: Tunnel Configuration Tunnel Configu
Page 40 and 41: Tunnel Configuration GRE Configurat
Page 42 and 43: Tunnel Configuration Tunnel Destina
Page 44 and 45: Tunnel Configuration NHRP Network I
Page 46 and 47: Tunnel Configuration Configuration
Page 48 and 49: Tunnel Configuration Configure Encr
Page 50 and 51: Tunnel Configuration Two remote IPX
Page 52 and 53: Tunnel Configuration Tunnel Support
Page 54 and 55: Tunnel Boot Boot Tunnel Menu To boo
Page 56 and 57: Statistics General Tunnel Statistic
Page 58 and 59:
Statistics NHRP Mapping Statistics
Page 61 and 62:
Chapter 3 IP Security Overview Intr
Page 63 and 64:
Vanguard IP Security Vanguard IP Se
Page 65 and 66:
Vanguard IP Security Site-to-Site I
Page 67 and 68:
IPSec Configuration IPSec Profile T
Page 69 and 70:
IPSec Configuration Node: Address:
Page 71 and 72:
IPSec Configuration ISAKMP SA Lifet
Page 73 and 74:
IPSec Configuration ESP Encryption
Page 75 and 76:
IPSec Configuration Perfect Forward
Page 77 and 78:
IPSec Configuration IPSec Configura
Page 79 and 80:
IPSec Configuration GRE_IPSec Examp
Page 81 and 82:
IPSec Configuration ISAKMP Aggressi
Page 83 and 84:
IPSec Configuration ISAKMP Aggressi
Page 85 and 86:
Statistics Statistics Introduction
Page 87 and 88:
Statistics Term ISAKMP SA Lifetime
Page 89 and 90:
Statistics Possible Channel State S
Page 91 and 92:
Statistics SNMP IPSec Statistics In
Page 93 and 94:
Chapter 4 Digital Certificates and
Page 95 and 96:
X.509 Digital Certificate Version S
Page 97 and 98:
Simple Certificate Enrollment Progr
Page 99 and 100:
Detailed Functional Description Det
Page 101 and 102:
Detailed Functional Description Cer
Page 103 and 104:
Configuration Configuration CA Conf
Page 105 and 106:
Configuration Polling Limit Range:
Page 107 and 108:
Configuration Node: Nodename Addres
Page 109 and 110:
Configuration Key Size Field Name C
Page 111 and 112:
Configuration Certificate Managemen
Page 113 and 114:
Configuration CA Configuration CA C
Page 115 and 116:
Configuration IPSec Configuration I
Page 117 and 118:
VPN Technical Glossary List of Acro
Page 119 and 120:
Index A Address on the Statistics S
show all

VPN - Vanguard Networks

Create successful ePaper yourself

Delete template?

Save as template?