P-660HN-51 User’s Guide
147
CHAPTER 13
IPSec
13.1 Overview
A virtual private network (VPN) provides secure communications between sites without the expense of
leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access
control and auditing. It is used to transport traffic over the Internet or any insecure network that uses
TCP/IP for communication.
Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data
communications across a public network like the Internet. IPSec is built around a number of
standardized cryptographic techniques to provide confidentiality, data integrity and authentication at
the IP layer. The following figure is an example of an IPSec VPN tunnel.
Figure 74 VPN: Example
13.1.1 What You Can Do in this Chapter
• Use the Settings screen to view the configured IPSec policies and add, edit or remove a policy
(Section 13.2 on page 148).
• Use the Status screen to display and manage the current active VPN connections (Section 13.3 on
page 157).
13.1.2 What You Need to Know
A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a
contract indicating what security parameters the Zyxel Device and the remote IPSec router will use. The
first phase establishes an Internet Key Exchange (IKE) SA between the Zyxel Device and remote IPSec
router. The second phase uses the IKE SA to securely establish an IPSec SA through which the Zyxel
Device and remote IPSec router can send data between computers on the local network and remote
network. The following figure illustrates this.
To Next Page
Loading...
