Table of Contents
Advertisement
Quick Links
There have been many improvements in the Internet including Quality of Service, network
performance, and inexpensive technologies, such as DSL. But one of the most important advances
has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of
the most complete, secure, and commercially available, standards-based protocols developed for
transporting data.
What is a VPN?
A VPN is a shared network where private data is segmented from other traffic so that only the
intended recipient has access. The term VPN was originally used to describe a secure connection
over the Internet. Today, however, VPN is also used to describe private networks, such as Frame
Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS).
A key aspect of data security is that the data flowing across the network is protected by encryption
technologies. Private networks lack data security, which allows data attackers to tap directly into
the network and read the data. IPSec-based VPNs use encryption to provide data security, which
increases the network's resistance to data tampering or theft.
IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame
Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive.
VPNs are traditionally used for:
•
Intranets: Intranets connect an organization's locations. These locations range from the
headquarters offices, to branch offices, to a remote employee's home. Often this connectivity
is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS
accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting
home users is also very expensive compared to Internet-access technologies, such as DSL or
cable. Because of this, organizations are moving their networks to the Internet, which is
inexpensive, and using IPSec to create these networks.
VPN Concepts, Tips, and Techniques
1Introduction to VPN
VPN Concepts, Tips, and Techniques
Version 1.0, July 2003
1-1
Advertisement
Table of Contents
Related Manuals for NETGEAR VPN
Summary of Contents for NETGEAR VPN
- Page 1 What is a VPN? A VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access. The term VPN was originally used to describe a secure connection over the Internet. Today, however, VPN is also used to describe private networks, such as Frame Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS).
-
Page 2: What Is Ipsec And How Does It Work
Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications to their organization. • Extranets: Extranets are secure connections between two or more organizations. Common uses for extranets include supply-chain management, development partnerships, and subscription services. -
Page 3: Encapsulating Security Payload (Esp)
ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header. Figure 1-1: Original packet and packet with IPSec Encapsulated Security Payload VPN Concepts, Tips, and Techniques TechNote: VPN Configuration Case Studies Version 1.0, July 2003... -
Page 4: Authentication Header (Ah)
The SAs allow an enterprise to control exactly what resources may communicate securely, according to security policy. To do this an enterprise can set up multiple SAs to enable multiple secure VPNs, as well as define SAs within the VPN to support different departments and business partners. - Page 5 Note: AH and ESP can be used in both transport mode or tunnel mode. Figure 1-3: Original packet and packet with IPSec ESP in Tunnel mode VPN Concepts, Tips, and Techniques TechNote: VPN Configuration Case Studies Version 1.0, July 2003...
-
Page 6: Key Management
It is a good idea to gather all the necessary information required to establish a VPN before you begin the configuration process. You should understand whether the firmware is up to date, all of the addresses that will be necessary, and all of the parameters that need to be set on both sides. -
Page 7: Vpn Process Overview
Network Interfaces and Addresses The VPN gateway is aptly named because it functions as a “gatekeeper” for each of the computers connected on the Local Area Network behind it. In most cases, each Gateway will have a “public” facing address (WAN side) and a “private”... -
Page 8: Setting Up A Vpn Tunnel Between Gateways
LAN (Private) Firewalls It is important to understand that many gateways are also firewalls. VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Please refer to the firewall instructions for both gateways to understand how to open specific protocols, ports, and addresses that you intend to allow. -
Page 9: Vpn Tunnel
VPN Gateway A Figure 1-5: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This communication is often referred to as a “tunnel.” The gateways contain this information so that it does not have to be loaded onto every computer connected to the gateways. -
Page 10: Vpnc Ike Security Parameters
SAs. The master key is used to derive the IPSec keys for the SAs. Once the SA keys are created and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. Data transfer. Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. -
Page 11: Vpnc Ike Phase Ii Parameters
SA lifetime of 28800 seconds (one hour) Testing and Troubleshooting Once you have completed the VPN configuration steps you can use PCs, located behind each of the gateways, to ping various addresses on the LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the Netgear gateway to determine if IKE negotiation is working. - Page 12 TechNote: VPN Configuration Case Studies 1-12 VPN Concepts, Tips, and Techniques Version 1.0, July 2003...