Table of Contents
Advertisement
VPN Technical Introduction
With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire
packet by use of portions of the original IP header in the hashing process.
Tunnel Mode
Tunnel mode encapsulates the entire IP packet to transmit it securely. A Tunnel mode is required for gateway services to provide
access to internal system. Tunnel mode is fundamentally an IP tunnel with authentication and encryption. This is the most common
mode of operation. Tunnel mode is required for gateway to gateway and host to gateway communications. Tunnel mode
communication have two sets of IP headers¡ G
Outside header¡ G The outside IP header contains the destination IP address of the VPN gateway.
Inside header¡ G The inside IP header contains the destination IP address of the final system behind the VPN gateway.
The security protocol appears after the outer IP header and before the inside IP header.
8.1.7 IPSec Protocols
The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN. An SA is built
from the authentication provided by AH and ESP protocols. The primary function of key management is to establish and maintain
the SA between systems. Once the SA is established, the transport of data may commence.
AH (Authentication Header) Protocol
AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but
not for confidentiality, for which the ESP was designed.
In applications where confidentiality is not required or not sanctioned by government encryption restrictions, an AH can be
employed to ensure integrity. This type of implementation does not protect the information from dissemination but will allow for
verification of the integrity of the information and authentication of the originator.
ESP (Encapsulating Security Payload) Protocol
The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. ESP authenticating properties are
limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP
is sufficient if only the upper layer protocols need to be authenticated.
An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being
transmitted.
8.2
Make VPN packets pass through DFL-900
Step 1 ¡ Ð
Enable IPSec
If we need to setup DFL-900 between the existed
IPSec / PPTP / L2TP connections. We need to
open up the Firewall blocking port of DFL-900 in
advance. Here we provide a simple way. You can
through enable the IPSec / PPTP / L2TP pass
through checkbox on this page. Then the VPN
connections of IPSec / PPTP / L2TP will pass
through DFL-900. As well as DFL-900 will play
the middle forwarding device role.
ADVANCED SETTINGS > VPN Settings > Pass Through
47
DFL-900 User Manual
Advertisement
Table of Contents
