EasyManua.ls Logo

BinTec RS353a - Chapter 14 VPN; Ipsec

BinTec RS353a
620 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 14 VPN
A connection that uses the Internet as a "transport medium" but is not publicly accessible is
referred to as a VPN (Virtual Private Network). Only authorised users have access to such
a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported
over a VPN is encrypted.
A VPN allows field staff or staff working from home offices to access data on the company's
network. Subsidiaries can also connect to head office over VPN.
Various protocols are available for creating a VPN tunnel, e.g. IPSec or PPTP.
The connection partner is authenticated with a password, using preshared keys or certific-
ates.
With IPSec the data is encrypted using AES or 3DES, for example; with PPTP, you can
use MPPE.
14.1 IPSec
IPSec enables secure connections to be set up between two locations (VPN). This enables
sensitive business data to be transferred via an unsecure medium such as the Internet.
The devices used function here as the endpoints of the VPN tunnel. IPSec involves a num-
ber of Internet Engineering Task Force (IETF) standards, which specify mechanisms for the
protection and authentication of IP packets. IPSec offers mechanisms for encrypting and
decrypting the data transferred in the IP packets. The IPSec implementation can also be
smoothly integrated in a Public Key Infrastructure (PKI, see Certificates on page 99). IPSec
implementation achieves this firstly by using the Authentication Header (AH) protocol and
Encapsulated Security Payload (ESP) protocol and secondly through the use of crypto-
graphic key administration mechanisms like the Internet Key Exchange (IKE) protocol.
Additional IPv4 Traffic Filter
bintec elmeg gateways support two different methods of setting up IPSec connections:
a method based on policies and
a method based on routing.
The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This
allows for a very "fine-grained" filter to be applied to the IP packet, even at the level of the
protocol and the port.
bintec elmeg GmbH
14 VPN
bintec RS Series 351

Table of Contents

Related product manuals