Enterasys Networks X-PeditionTM Chapter 14: Configuring the Virtual Private Network

xxii

ADSL Hardware ........... .......................................................................................................................... 13-5

NIM Card .......................................................................................................................................... 13-5

ADSL on the Motherboard............................................................. ...................................................13-6

DSP Firmware .................................................................................................................................. 13-6

ADSL Data Framing ........................................ ....................................................................................... 13-6

ATM Support ................................................ .......................................................................................... 13-6

Virtual Circuits ............................................................................................................................ ...... 13-6

OAM Cells ............................................................................................................... .........................13-7

Performance Monitoring ................................................................................................................... 13-7

Class of Service...................................................................................... ..........................................13-7

DSLAM Compatibility ............ ................................................................................................................. 13-7

Access Concentrator Restrictions .......................... ................................................................................ 13-7

Inverse ARP ....................................... .................................................................................................... 13-8

QoS .............................................................................................................. ..........................................13-8

SNMP ............................................................................................................... ......................................13-8

Configuration Examples ............................................................................................................................... 13-8

PPPoE........................................................................................................................................... ... 13-8

PPPoA........................................................................................................................................... ... 13-9

IPoA........................................................... ..................................................................................... 13-10

Chapter 14: Configuring the Virtual Private Network

VPN Overview .... .......................................................................................................................................... 14-1

Internet Security Issues ................................................................................................. .........................14-1

How a Virtual Private Network Works .................................................................................................... 14-2

Ensuring VPN Security with IPSec/IKE/GRE ............................................................................................... 14-2

GRE over IPSec ........................................................................ .............................................................14-4

Defining VPN Encryption .................................................................................................. ......................14-5

Describing Public-Key Infrastructure (PKI) ............... .................................................................................... 14-5

Digital Signatures ............................................... .................................................................................... 14-5

Certificates ............................................................................................................. ................................14-6

Machine Certificates for the XSR ........................................................................................................... 14-6

CA Hierarchies ............................................. .......................................................................................... 14-7

Certificate Chains ......................................................................... ..........................................................14-7

RA Mode .................. .............................................................................................................................. 14-8

Pending Mode ................................................. ....................................................................................... 14-9

Enroll Password .............. ....................................................................................................................... 14-9

CRL Retrieval ......................................................................... ................................................................14-9

Renewing and Revoking Certificates .............. ....................................................................................... 14-9

DF Bit Functionality ................................................................................................................................... ... 14-9

VPN Applications ................................................................... ..................................................................... 14-10

Site-to-Site Networks ........................................................................................................................... 14-11

Site-to-Central-Site Networks .............................................................................................. .................14-11

NAT Traversal ............................................................................................................................ .... 14-11

Client Mode ................................................................................................................... .................14-12

Network Extension Mode (NEM) ....................................................................................................14-13

Remote Access Networks ............................... ..................................................................................... 14-13

Using OSPF Over a VPN Network ............................................................... ........................................14-14

OSPF Commands .......................................................................................................................... 14-14

Configuring OSPF Over Site-to-Central Site in Client Mode .......................................................... 14-14

Configuring OSPF over Site-to-Central Site in Network Extension Mode ...................................... 14-16

Server........................... .................................................................................... .............................. 14-17

Client ................................................................................................................ ..............................14-17

Configuring OSPF with Fail Over (Redundancy)........................................... .................................14-17