Chapter 18: Configuring IPSec VPN
This chapter provides information about configuring IPSec VPN in the G250/G350, and
contains the following sections:
Introduction to IPSec VPN
●
Overview of IPSec VPN configuration
Configuring a site-to-site IPSec VPN
●
G250/G350
IPSec VPN maintenance
●
well as viewing the IPSec VPN log
Typical installations
●
Introduction to IPSec VPN
VPN (Virtual Private Network) defines a private secure connection between two nodes on a
public network such as the Internet. VPN at the IP level is deployed using IPSec. IPSec (IP
Security) is a standards-based set of protocols defined by the IETF that provide privacy,
integrity, and authenticity to information transferred across IP networks.
The standard key exchange method employed by IPSec uses the IKE (Internet Key Exchange)
protocol to exchange key information between the two nodes (called peers). Each peer
maintains SAs (security associations) to maintain the private secure connection. IKE operates
in two phases:
The Phase-1 exchange negotiates an IKE SA.
●
The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges, which in turn
●
generate IPSec SAs.
IPSec SAs secure the actual traffic between the protected networks behind the peers, while the
IKE SA only secures the key exchanges that generate the IPSec SAs between the peers.
The G250/G350 IPSec VPN feature is designed to support site-to-site topologies, in which the
two peers are gateways.
Note:
To configure IPSec VPN, you need at least a basic knowledge of IPSec. The
Note:
following can provide a suitable introduction:
-
— an introduction to VPN and IPSec technology, including an
— instructions on displaying and clearing IPSec VPN data, as
— examples of IPSec VPN typical applications
http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm
— instructions on how to configure IPSec VPN in the
Issue 1.1 June 2005
357