HP Sa3110 - VPN Server Appliance Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Server
  5. Sa3110 - VPN Server Appliance
  6. Manual
HP Sa3110 - VPN Server Appliance Manual

HP Sa3110 - VPN Server Appliance Manual

Hp vpn server appliance sa3110/sa3150/sa3400/sa3450 - virtual private networking concepts guide
Hide thumbs Also See for Sa3110 - VPN Server Appliance:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Installation Manual
hewlett-packard company
virtual private networking
concepts guide
Hewlett-Packard Company
HP: 5971-3009
P/N: A55310-001
March 2001

Advertisement

Table of Contents
loading

Related Manuals for HP Sa3110 - VPN Server Appliance

Summary of Contents for HP Sa3110 - VPN Server Appliance

  • Page 1 Hewlett-Packard Company HP: 5971-3009 P/N: A55310-001 March 2001...
  • Page 3 Except as provided in Hewlett-Packard Company’s Terms and Conditions of Sale for such products, Hewlett-Packard Company assumes no liability whatsoever, and Hewlett-Packard Company disclaims any...

  • Page 5: Table Of Contents

    Firewall Functions ............5-2 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 6 Redundancy ............. 6-2 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 7 TCP/IP Basics Overview........... .1-6 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 8 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 9: Hp Vpn Concepts Guide Overview

    HP VPN Concepts Guide Overview HP VPN Concepts Guide Overview The purpose of this HP VPN Concepts Guide is to provide you with information on the Hewlett-Packard Company virtual private networking (VPN) suite, consisting of five modular components that work together to provide secure communications across any network.

  • Page 10: Hp Vpn Suite Overview

    Using a powerful graphical user Manager Manager Manager Manager interface (GUI), you can configure and monitor VPN devices deployed in the field. The VPN Manager is also used to define and grant access to VPN Client users. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 11 VPN devices. As your network grows, you can add additional VPN devices, remote clients, and central management at any time. These components are illustrated next in a typical network configuration. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 12 Figure: Typical Network Configuration Figure: Typical Network Configuration Figure: Typical Network Configuration Related Related Related Related Operational Overview (page 1-5) Information Information Information Information TCP/IP Basics Overview (page 1-6) HP VPN Concepts Guide Overview (page1-1) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 13: Operational Overview

    Telnet session from a computer on the VPN's trusted network. Related Related Related Related HP VPN Concepts Guide Overview (page1-1) Information Information Information Information TCP/IP Basics Overview (page 1-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 14: Tcp/Ip Basics Overview

    Each component of the subnet mask (either 255 or 0 in the example) is called an octet. A class C subnet mask means that there are 254 addresses with which the device can directly communicate. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 15 Number of Subnets Addresses in Each Addresses in Each (Binary Value) (Binary Value) (Binary Value) (Binary Value) Subnet Subnet Subnet Subnet 255 (1111-1111) 254 (1111-1110) 252 (1111-1100) 248 (1111-1000) 240 (1111-0000) 224 (1110-0000) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 16: Routing Table

    Most desktop computers do not have static routes added to them and therefore rely on the default gateway being set to be able to communicate outside their local subnet. This Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 17 Note that a Web server can be configured to listen on another port, but most follow the standard. Packets with the source and destination application ports set to 2233 are encrypted with a HP VPN device. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 18 HP VPN Concepts Guide Overview Related Related Related Related HP VPN Concepts Guide Overview (page1-1) Information Information Information Information Operational Overview (page 1-5) The Template Concept 1-10 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 19 Key Space and Brute Force Attacks .........2-13 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 20 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 21: Cryptographic Systems And Encryption Terminology Overview

    Decryption is the opposite of encryption, a mathematical operation that transforms cipher text to clear text. Decryption usually requires a key and can be expressed as the formula: Clear Text = g ( Cipher Text , Kd ) Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 22 "undoes" the steps performed by the algorithm f, and Kd represents a key. Related Related Related Related Symmetric Cryptographic Systems (page 2-3) Information Information Information Information Asymmetric Cryptographic Systems (page 2-9) Symmetric Vs. Asymmetric Cryptography (page 2-10) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 23: Symmetric Cryptographic Systems

    Related Related Related Related Data Encryption Standard (DES) (page 2-4) Information Information Information Information Triple Pass DES (page 2-5) 3DES (page 2-7) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 24: Data Encryption Standard (Des)

    They estimate that a 90-bit key protects data for about 20 years in the face of expected advances in computing power. Related Related Related Related Triple Pass DES (page 2-5) Information Information Information Information 3DES (page 2-7) Outer Cipher Block Chaining (CBC) (page 2-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 25: Triple Pass Des

    AT = shift-left( DW , K1 = 3 ) The steps for both the triple pass DES technique and the 3DES technique are illustrated with the simple symmetric cryptographic system in the following table. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 26 K2 = 5 K3 = 4 (Key Space = 3*26 =78) Related Related Related Related 3DES (page 2-7) Information Information Information Information Data Encryption Standard (DES) (page 2-4) Outer Cipher Block Chaining (CBC) (page 2-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 27: 3Des

    K1 = 3 K2 = 5 K3 = 4 (Key Space = 3*26 =78) Related Related Related Related Data Encryption Standard (DES) (page 2-4) Information Information Information Information Outer Cipher Block Chaining (CBC) (page 2-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 28: Outer Cipher Block Chaining (Cbc)

    This is important since most file structures and application protocols use identical header information. Related Related Related Related Data Encryption Standard (DES) (page 2-4) Information Information Information Information Triple Pass DES (page 2-5) 3DES (page 2-7) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 29: Asymmetric Cryptographic Systems

    Related Related Related Related Symmetric Cryptographic Systems (page 2-3) Information Information Information Information Symmetric Vs. Asymmetric Cryptography (page 2-10) Key Space and Brute Force Attacks (page 2-13) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 30: Symmetric Vs. Asymmetric Cryptography

    DES, Triple Pass RSA, PGP DES, 3DES, rc4 Related Related Related Related Asymmetric Cryptographic Systems (page 2-9) Information Information Information Information Symmetric Cryptographic Systems (page 2-3) Key Space and Brute Force Attacks (page 2-13) 2-10 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 31: Diffie-Hellman Session Key Exchange

    The effort required to break keys with lengths of 512, 1024, or 2048 bits makes this attack impractical. The vulnerability of this type of key exchange protocol is the public key exchange. Hewlett-Packard Company Virtual Private Networking Concepts Guide 2-11...
  • Page 32 Related Related Related Related Triple Pass DES (page 2-5) Information Information Information Information 3DES (page 2-7) Packet Keys (page 3-8) 2-12 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 33: Key Space And Brute Force Attacks

    The higher the key space, the more difficult the encryption is to break. Related Related Related Related Symmetric Cryptographic Systems (page 2-3) Information Information Information Information Asymmetric Cryptographic Systems (page 2-9) Hewlett-Packard Company Virtual Private Networking Concepts Guide 2-13...
  • Page 34 Cryptographic Systems and Encryption Terminology Symmetric Vs. Asymmetric Cryptography (page 2-10) 2-14 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 35: Encapsulation And Packet Handling

    Packet Keys ............. .3-8 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 36 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 37: Encapsulation Overview

    The original packet is said to be encapsulated. Related Related Related Related Secure Profiles (page 3-2) Information Information Information Information ESP Encapsulation (page 3-4) SST Encapsulation (page 3-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 38: Secure Profiles

    VPN device before declaring the session terminated and attempting to renegotiate the tunnel. If you specify a timeout on one end of a tunnel, you must specify a keepalive on the other end of the tunnel. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 39 ESP authentication to none, and selecting a value for the Authentication Header (AH). Transport mode encrypts only the payload. Related Related Related Related SST Encapsulation (page 3-6) Information Information Information Information ESP Encapsulation (page 3-4) Encapsulation Overview (page 3-1) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 40: Esp Encapsulation

    0 and 64 bytes. This value specifies the length of the key to be used when hashing the packet to produce the authentication header. The longer the key, the more secure the authentication, but the more time-consuming to manually enter. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 41 ESP Encapsulation Related Related Related Related SST Encapsulation (page 3-6) Information Information Information Information Packet Handling (page 3-7) Packet Keys (page 3-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 42: Sst Encapsulation

    Related Related Related Related ESP Encapsulation (page 3-4) Information Information Information Information Packet Handling (page 3-7) Packet Keys (page 3-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 43: Packet Handling

    Prot Payload Data Port Port Figure: Simplified Packet Figure: Simplified Packet Figure: Simplified Packet Figure: Simplified Packet Related Related Related Related Packet Keys (page 3-8) Information Information Information Information Encapsulation Overview (page 3-1) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 44: Packet Keys

    Therefore, the nature of the packet is hidden from anyone intercepting the packet. The protocol has been modified and set to UDP. The original packet, if it was an http (www) packet, has its protocol set to Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 45 The frequency with which session keys are changed is called the crypto period. Related Related Related Related Packet Handling (page 3-7) The Template Concept Information Information Information Information Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 46 Encapsulation and Packet Handling 3-10 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 47: Authentication Methods

    Entrust Authentication........... . .4-6 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 48 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 49: Authentication Methods Overview

    Entrust by means of the Entrust Certificate Authority Related Related Related Related Challenge Phrase Authentication (page 4-2) Information Information Information Information SecurID Authentication (page 4-3) RADIUS Authentication (page 4-4) Entrust Authentication (page 4-5) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 50: Certificate Authentication

    Related Related Related Related SecurID Authentication (page 4-4) Information Information Information Information RADIUS Authentication (page 4-5) Challenge Phrase Authentication (page 4-3) Entrust Authentication (page 4-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 51: Challenge Phrase Authentication

    Related Related Related Related SecurID Authentication (page 4-4) Information Information Information Information RADIUS Authentication (page 4-5) Entrust Authentication (page 4-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 52: Securid Authentication

    SecurID access code. For further information on using SecurID, consult Security Dynamics' SecurID documentation. Related Related Related Related RADIUS Authentication (page 4-5) Information Information Information Information Challenge Phrase Authentication (page 4-3) Entrust Authentication (page 4-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 53: Radius Authentication

    It is not necessary to have a RADIUS Accounting Server to use the RADIUS method of authentication. Related Related Related Related Challenge Phrase Authentication (page 4-3) Information Information Information Information SecurID Authentication (page 4-4) Entrust Authentication (page 4-6) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 54: Entrust Authentication

    Certificate Authority, and updates its own revocation by means of the Certificate Authority. Related Related Related Related SecurID Authentication (page 4-4) Information Information Information Information RADIUS Authentication (page 4-5) The Template Concept Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 55: Firewalls And Tunnels

    Tunnel Termination and Firewall Rules........5-31 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 56 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 57: Firewall And Tunnels Overview

    Related Related Related Related Firewall Functions (page 5-2) Information Information Information Information Tunnel Types (page 5-8) Tunnel Modes (page 5-20) Tunnel Termination and Firewall Rules (page 5-31) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 58: Firewall Functions

    This is called stateless filtering, since the VPN device does not remember that a packet passed through a filter rule. If a packet is considered invalid, it is simply not allowed entry to the red (trusted) network. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 59 Web servers usually listen on this port. Action Stateful Direction Inbound The group comes from the black (untrusted) and crosses to the red (trusted). Protocol HTTP is transported by means of TCP, not UDP. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 60 VPN device. Only if the packet is permitted by the firewall rule is it then routed to the destination computer according to the IP addressing information it carries. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 61 A Firewalled LAN Figure: Figure: A Firewalled LAN A Firewalled LAN Related Related Related Related One-Way Out Firewall Rules (page 5-24) Information Information Information Information One-Way In Firewall Rules (page 5-22) Tunnel Types (page 5-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 62: Filters

    Parameter Parameter Parameter Parameter Parameter Value Parameter Value Parameter Value Parameter Value Comments Comments Comments Comments Description Description Description Description Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 63 TCP, not UDP. Action permit You allow access. Related Related Related Related Firewall and Tunnels Overview (page 5-1) Information Information Information Information Tunnel Types (page 5-8) Tunnel Termination and Firewall Rules (page 5-31) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 64: Tunnel Types

    VPN devices is encrypted, it is as if the data is traveling in a tunnel. Related Related Related Related Site-to-Site Tunnels (page 5-9) Information Information Information Information Single-User Tunnels (page 5-12) Multiuser Tunnels (page 5-16) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 65: Site-To-Site Tunnels

    The mode of the tunnel specifies where the tunnel terminates. Finally, the IP route specifies which packets should enter the tunnel. The following example illustrates a secure tunnel, which secures all communication between two networks. Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 66 IP route IP route 192.168.10.0 10.1.1.0 255.255.255.0 255.255.255.0 198.53.144.120 205.250.128.240 Note that the tunnel has to be defined on both VPN devices. Therefore, when you specify the opposing VPN device on device 5-10 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 67 VPN device. Finally, the route statements tell the VPN devices which packets should enter the tunnel. Related Related Related Related Single-User Tunnels (page 5-12) Information Information Information Information Multiuser Tunnels (page 5-16) Tunnel Types (page 5-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-11...

  • Page 68: Single-User Tunnels

    The following table describes a tunnel that allows a remote user (called chris) full access to the red (trusted) network available through VPN device A, while not allowing access to the network available through VPN device B. 5-12 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 69 For example, to allow a remote user (called leslie) access to the Web server available through VPN device A while not allowing access to the rest of that network or to the network available Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-13...
  • Page 70 From IP address 10.1.1.193 User leslie is being assigned Client IP 10.1.1.193. From subnet mask 255.255.255.255 From application The application port port used to make the HTTP (www) request is usually unknown. 5-14 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 71 (trusted) network. Protocol HTTP is transported by means of TCP, not UDP. Related Related Related Related Site-to-Site Tunnels (page 5-9) Information Information Information Information Multiuser Tunnels (page 5-16) Tunnel Types (page 5-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-15...

  • Page 72: Multiuser Tunnels

    Note: If the ahuthentication method specified in the secure Note: Note: profile associated with a multiuser tunnel is a challenge phrase, the same challenge phrase must be given out to each member of the group. This is not recommended. 5-16 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 73 VPN Device A VPN Device A VPN Device B VPN Device B VPN Device A VPN Device A VPN Device B VPN Device B Parameters Parameters Parameters Parameters Group name sales No access Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-17...
  • Page 74 The Web Server’s IP address. To subnet mask 255.255.255.255 Access Web Server only. Parameter Parameter Parameter Parameter Parameter Value Parameter Value Comments Comments Parameter Value Parameter Value Comments Comments Description Description Description Description 5-18 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 75 (trusted) network. Protocol HTTP is transported by means of TCP, not UDP. Related Related Related Related Site-to-Site Tunnels (page 5-9) Information Information Information Information Single-User Tunnels (page 5-12) Tunnel Types (page 5-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-19...

  • Page 76: Tunnel Modes

    In this case, one network trusts the other while the trust is not reciprocated. 5-20 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 77 Figure: Firewalled LANs With Encrypted Tunnels Figure: Firewalled LANs With Encrypted Tunnels Figure: Firewalled LANs With Encrypted Tunnels Related Related Related Related Tunnel Types (page 5-8) Information Information Information Information Tunnel Termination and Firewall Rules (page 5-31) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-21...

  • Page 78: One-Way In Firewall Rules

    To subnet mask 255.255.255.255 The mail must arrive at this IP address only. To application port The SMTP mail server listens on this port. 5-22 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 79 Protocol SMTP is transported by means of TCP, not UDP. Related Related Related Related Inbound Proxy (page 5-28) Information Information Information Information Outbound Proxy (page 5-26) One-Way Out Firewall Rules (page 5-24) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-23...

  • Page 80: One-Way Out Firewall Rules

    From application The application port port used to make the HTTP (www) request is usually unknown. To IP address 0.0.0.0 This address allows you to go to any Web site on the Internet. 5-24 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 81 Protocol HTTP is transported by means of TCP, not UDP. Related Related Related Related Inbound Proxy (page 5-28) Information Information Information Information Outbound Proxy (page 5-26) One-Way In Firewall Rules (page 5-22) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-25...

  • Page 82: Outbound Proxy

    From application The application port port used to make the HTTP (www) request is usually unknown. To IP address 0.0.0.0 This address allows you to go to any Web site on the Internet. 5-26 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 83 HTTP is transported by means of TCP, not UDP. Related Related Related Related Inbound Proxy (page 5-28) Information Information Information Information One-Way Out Firewall Rules (page 5-24) One-Way In Firewall Rules (page 5-22) Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-27...

  • Page 84: Inbound Proxy

    Inbound and Outbound Proxies If you want to allow SMTP mail from people on the Internet to be sent into a mail server, define an inbound proxy as described in the following table. 5-28 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 85 To application port The SMTP mail server listens on this port. Protocol SMTP is transported by means of TCP, not UDP. Related Related Related Related Outbound Proxy (page 5-26) Information Information Information Information Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-29...
  • Page 86 Firewalls and Tunnels One-Way Out Firewall Rules (page 5-24) One-Way In Firewall Rules (page 5-22) 5-30 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 87: Tunnel Termination And Firewall Rules

    VPN device. Because the tunnel bypasses the (Trusted) (Trusted) (Trusted) (Trusted) firewall, the destination addresses of the traffic are examined Network Network Network Network only for the purpose of routing the packets to their destination. Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-31...
  • Page 88 Figure: Tunnel Terminates in the Black (Untrusted) Network Figure: Tunnel Terminates in the Black (Untrusted) Network Figure: Tunnel Terminates in the Black (Untrusted) Network Figure: Tunnel Terminates in the Black (Untrusted) Network 5-32 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 89 (Untrusted) (Untrusted) (Untrusted) (Untrusted) Network, Network, Network, Network, Destined for the Destined for the Destined for the Destined for the Black Black Black Black (Untrusted) (Untrusted) (Untrusted) (Untrusted) Network Network Network Network Hewlett-Packard Company Virtual Private Networking Concepts Guide 5-33...
  • Page 90 Network, Destined for the Black (Untrusted) Network Related Related Related Related Tunnel Modes (page 5-20) Information Information Information Information One-Way Out Firewall Rules (page 5-24) One-Way In Firewall Rules (page 5-22) The Template Concept 5-34 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 91: Load Balancing And Redundancy

    Redundancy ............. .6-2 Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 92 Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 93: Load Balancing

    Secure profile (must dialup dialup be previously defined) Tunnel mode IP route Not required Not required Related Related Related Related Redundancy (page 6-2) Information Information Information Information Tunnel Modes (page 5-20) Tunnel Types (page 5-8) Hewlett-Packard Company Virtual Private Networking Concepts Guide...

  • Page 94: Redundancy

    VPN device to send its replies to. In other words, a different set of Client IPs is used on each gateway. An example of redundancy is shown in the following figure. Figure: Figure: Enterprise Redundancy Enterprise Redundancy Figure: Figure: Enterprise Redundancy Enterprise Redundancy Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 95 Tunnel mode IP route Not required Not required Related Related Related Related Load Balancing (page 6-1) Information Information Information Information Tunnel Modes (page 5-20) Tunnel Types (page 5-8) The Template Concept Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 96 Load Balancing and Redundancy Hewlett-Packard Company Virtual Private Networking Concepts Guide...
  • Page 97 Index Index Index Index Numerics Numerics Numerics Numerics E E E E ........... 3DES Encapsulating Security Payload (ESP) ......... AH key length A A A A ....authentication headers ........AH key length ......... iv length ..........algorithms See also encapsulation See also secure profiles ........
  • Page 98 ..................key pairs 2-10 redundancy .................. key spaces 2-13 routing tables L L L L S S S S ........ – limited access secure profiles ..............multiuser tunnels 5-17 algorithms ............single-user tunnels 5-13 encapsulation ................
  • Page 99 Index Index Index Index ..limited access with multiuser 5-17 ..limited access with single-user 5-13 ........... modes 5-20 ....... – multiuser 5-16 5-19 ......– single-user 5-12 5-15 ........site-to-site .......... trusted 5-20 ........untrusted 5-20 U U U U ......

Table of Contents