Configuration > Vpn; Vpn Overview - ZyXEL Communications Vantage CNM 2.0 User Manual

Centralized network management

Hide thumbs Also See for Vantage CNM 2.0:

Quick start manual (40 pages)

User manual (346 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

page of 253

/ 253
Contents
Table of Contents
Bookmarks

Table of Contents

11.1 VPN Overview

A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased

site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and

auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the

TCP/IP protocol suite for communication.

11.1.1 IPSec

Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data

communications across a public network like the Internet. IPSec is built around a number of standardized

cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.

11.1.2 Security Association

A Security Association (SA) is a contract between two parties indicating what security parameters, such as keys

and algorithms they will use.

11.1.3 Encryption

Encryption is a mathematical operation that transforms data from "plaintext" (readable) to "ciphertext"

(scrambled text) using a "key". The key and clear text are processed by the encryption operation, which leads to

the data scrambling that makes encryption secure. Decryption is the opposite of encryption: it is a mathematical

operation that transforms "ciphertext" to plaintext. Decryption also requires a key.

11.1.4 Data Confidentiality

The IPSec sender can encrypt packets before transmitting them across a network.

11.1.5 Data Integrity

The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been

altered during transmission.

11.1.6 Data Origin Authentication

The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service.

11.1.7 IPSec Algorithms

The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec

VPN. An SA is built from the authentication provided by the AH and ESP protocols. The primary function of

key management is to establish and maintain the SA between systems. Once the SA is established, the transport

of data may commence.

AH (Authentication Header) Protocol

AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and

non-repudiation but not for confidentiality, for which the ESP was designed.

Configuration > VPN

11 Configuration > VPN

This chapter shows you how to configure VPNs using Vantage.

Vantage CNM 2.0

11-1

Table of Contents

Configuration > Vpn; Vpn Overview - ZyXEL Communications Vantage CNM 2.0 User Manual

11.1 VPN Overview

Related Manuals for ZyXEL Communications Vantage CNM 2.0

Related Content for ZyXEL Communications Vantage CNM 2.0

Table of Contents