Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
egresses, you must map each private IP address to a unique public IP address.
This leads to the requirement for a large amount of public IP addresses. Therefore,
GRE is not applicable for scenarios with NAT gateways. VPNs established using
early versions of IPSec does not support NAT traversal either. NAT traversal is
implemented by encapsulating IPSec packets in UDP packets now.
GRE is not applicable for scenarios with dynamic IP addresses. VPN tunnels
established using GRE are based on fixed IP addresses. Using GRE, you cannot
establish VPNs for dial-up subscribers at all.
Not secure. Layer 2 tunneling protocol (L2TP) and GRE do not encrypt the
transmitted packets. Whereas, IPSec provides the most secure protection for
packets forwarded across IPSec VPNs.
IPSec VPN does not support dynamical routes. VPN tunnels that are established
using GRE and L2TP are interface-based, whereas those that are established
using IPSec are flow-based. Therefore, route learning is not possible between
private networks interconnected using IPSec VPN tunnels, which is contradictory
to dynamic network planning.
II. Advantages of DVPN
DVPN provides all the advantages from which traditional VPN benefits and overcomes
lots of problems that traditional VPN faces. It is more suitable for modern and future
networks. DVPN has the following features:
Easy to configure. Instead of configuring one logical interface as the tunnel end for
each tunnel, you need only to configure one logical tunnel interface for a DVPN
access device to establish sessions with multiple other DVPN access devices.
This simplifies DVPN configuration remarkably and improves network
maintainability and extensibility. In addition, to add a private network to an existing
DVPN domain, you only need to configure information about the DVPN server of
the DVPN domain on the DVPN access device(s) of the private network.
Supporting NAT traversal. UDP-encapsulated DVPN packets can traverse NAT
gateways. This enables VPN connections to be established between the internal
DVPN access devices and the public network DVPN access devices, making the
private networks connected to the NAT gateways form a VPN together with the
external private networks.
Supporting to establish dynamic IP address-based VPNs. For a DVPN client to
establish a tunnel in a DVPN domain, it requires only to be configured with the IP
address of the DVPN server; it even does not need to know what IP address it is
using. This makes DVPN perfect for applications using dynamical IP addresses,
such as applications based on plain dial-up and xDSL.
Capable of establishing tunnels automatically. A DVPN server maintains
information about all DVPN access devices in the DVPN domain. The redirect
function enables a DVPN client to acquire information about any other DVPN
client in the DVPN domain from the DVPN server and then establish a session
3Com Corporation
4-6
Chapter 4 DVPN
Advertisement
Chapters
Table of Contents
Troubleshooting
