Chapter 7 VPN

For additional information, see the following topics:

“About VPN” on page 182

“IPSec Configuration” on page 184

“IKE Proposal” on page 198

“L2TP Configuration” on page 208

“PPTP Configuration” on page 212

About VPN

A Virtual Private Network (VPN) uses a public network infrastructure such as the Internet to link physically separate private networks together to form one large virtual private network. The data is kept private by using encryption.

A VPN uses packet encryption to tunnel across the public connection from the Initiation Point to the Termination Point.

Initiation occurs when the user or device requests access to the remote company LAN. Tunnel initiation is usually accomplished using VPN client software on a PC, or through VPN support in an access router or Firewall, such as the X family.

Termination refers to the point in the network at which the identity of the remote party is validated, the VPN tunnel is created, and the remote party enters the network. VPN termination is typically supported in routers, secure gateways, Internet Firewalls, or in software residing on a network server.

In general, for the purpose of configuration, VPNs can be broadly grouped into two main types:

Site-to-site. A VPN tunnel established between two X family devices, typically used for office-to- office connectivity.

Client-to-site. A VPN tunnel established between the X family and a VPN client application, typically used to connect off-site users to an office network.

VPN Connection Security Features

The X family uses three main security features to ensure the secure VPN connections: tunneling, authentication, and encryption. These features work together to protect network resources and guarantee secure private connections across the public network.

Tunneling describes the link created between two endpoints in a VPN connection — for instance between an employee’s home-office computer and the company network. Tunneling ensures that data exchanged across the link is encapsulated, or wrapped in protocols and data encryption methods which prevent unauthorized users from intercepting or corrupting the data. The X family provides three tunneling protocols to support VPN capabilities:

o IPSec

o L2TP over IPSec (recommended) or L2TP o PPTP

182 X Family LSM User’s Guide V 2.5.1