Table of Contents
Advertisement
Chapter 10 VPN
Figure 128 IPsec VPN: Overview
SBG
The VPN tunnel connects the SBG (X) and the remote IPsec router (Y). These routers then connect the
local network (A) and remote network (B).
A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a
contract indicating what security parameters the SBG and the remote IPsec router will use.
The first phase establishes an Internet Key Exchange (IKE) SA between the SBG and remote IPsec router.
The second phase uses the IKE SA to securely establish an IPsec SA through which the SBG and remote
IPsec router can send data between computers on the local network and remote network. The
following figure illustrates this.
Figure 129 VPN: IKE SA and IPsec SA
SBG
In this example, a computer in network A is exchanging data with a computer in network B. Inside
networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other
security features of the IPsec SA. The IPsec SA is established securely using the IKE SA that routers X and Y
established first.
PPTP VPN
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a
remote client to a private server, creating a VPN using TCP/IP-based networks. PPTP supports on-
demand, multi-protocol and virtual private networking over public networks, such as the Internet.
SBG5500/3310 Series User's Guide
161
Advertisement
Table of Contents
Troubleshooting
