147
Nortel VPN Router Configuration — Basic Features
Chapter 8
Configuring IPSec mobility and persistent mode
A large number of companies choose to secure access to their corporate networks
via VPN using the IPSec protocol. IPSec allows corporate employees, located
outside the corporate network to establish a secure tunnel to a private corporate
network through the Internet. With the growing popularity of wireless access, it is
important to have the ability to move freely among multiple networks without
losing a secure connection.
Currently, IPSec does not support this movement without tearing down and
reestablishing the VPN connection. Breaking and reestablishing a secure
connection could cause disruptions to applications running across the tunnel. For
example in Figure 29 on page 148, if a client has a wireless connection to the
Internet and has established a secure tunnel to the corporate private network via
access point 1 (AP1) and the client's connection to AP1 goes down for some
reason, the client roams to the access point 2 (AP2) and obtains a new IP address.
The VPN Router on the corporate network brings the secure IPSec connection
down because of a lack of response from client's original IP address and absence
of security associations (SA) for the new IP address. Thus, the client has to
reestablish a tunnel again via AP2. If the client had an open FTP session to the
server on the private side of the corporate network, this session would have been
closed.
To Next Page
Loading...
