Table of Contents
Advertisement
C H A P T E R
Configuring Virtual Private
Networks (VPN)
This chapter describes the procedures for configuring VPN tunnels using VPN - Static Key, VPN -
Dynamic Key and VPN - Client Identity features of the Symantec Firewall/VPN User Interface. It
also provides a brief overview of VPNs, encryption and authentication.
Virtual Private Networks allow companies to safely use unsecure communication channels to
transport sensitive data. The most widely used VPN technology in the industry is based on the IPSec
(IP Security) standards. IPSec is a suite of standards approved by the IETF (Internet Engineering
Task Force) organization. The IPSec suite introduces security protocols that provide data integrity
and data confidentiality through encryption. Data integrity ensures that the data has not been
modified in transfer. It guarantees the receiver that the data it receives is exactly what was sent by
the sender. Data confidentially ensures that sensitive data can not be read by a third-party; clear text
is scrambled with an encryption key or multiple encryption keys, and can only be unscrambled with
the agreed upon secret key.
In addition to these basic services, IPSec includes a variety of mechanisms that provide
authentication, protection from replay attacks, and protection from denial-of-service attacks.
Together all these services provide the infrastructure that allows a company to use an insecure
medium such as the Internet to safely transfer sensitive information.
The Symantec Firewall/VPN supports two types of VPN models; gateway-to-gateway, and client-
to-gateway (200R only). Gateway-to-gateway tunnels protect entire subnets. For example, they can
be used to connect branch offices to the central office over the Internet, thus eliminating costly
leased lines.
Using the Symantec Firewall/VPN 200R, client-to-gateway VPN tunnels allow telecommuters or
remote users to safely connect over the Internet to the office. This model minimizes costs
Hide quick links:
Advertisement
Table of Contents
