IPsec VPN Overview
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
807
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
IPSEC ENABLED VPN
Internet Protocol Security (IPsec) provides enhanced security features, such as
confidentiality and more comprehensive authentication. IPsec has two encryption
modes: tunnel and transport. Tunnel mode encrypts the header and the payload
of each packet while the transport mode encrypts only the payload. Systems that
are IPsec compliant can take advantage of this protocol.
IPSEC CONNECTION TYPES
This section lists various types of IPsec connections:
• “NAT-pass-through”
• “Host to Host”
• “Host to Subnet”
• “Subnet to Subnet”
NAT-
PASS-THROUGH
This connection is for an individual computer behind a firewall to make a
connection to a remote computer or network. The firewall that is protecting the
individual computer does not participate in the VPN connection or authenticate it,
but rather allows the connection "through" the firewall. A home connection that is
connected to a company network is an example of this type of connection.
H
OST TO HOST
This connection is for connecting two computers together. The subnet declaration
is not used in the connection configuration. This is commonly used as a second
tunnel between subnet-to-subnet gateway for WINS and/or DNS services that are
impossible for the gateway machines to participate in through the subnet tunnel.
H
OST TO SUBNET
This connection is for a single computer to connect to a remote network. This is
typically known as the "Road Warrior" connection and the remote computer is not
behind a firewall. The IP address that the remote computer will be using is
normally not known for configuration.