Chapter 7 VPN
For additional information, see the following topics:
•“IPSec Configuration” on page 184
•“L2TP Configuration” on page 208
•“PPTP Configuration” on page 212
About VPN
A Virtual Private Network (VPN) uses a public network infrastructure such as the Internet to link physically separate private networks together to form one large virtual private network. The data is kept private by using encryption.
A VPN uses packet encryption to tunnel across the public connection from the Initiation Point to the Termination Point.
•Initiation occurs when the user or device requests access to the remote company LAN. Tunnel initiation is usually accomplished using VPN client software on a PC, or through VPN support in an access router or Firewall, such as the X family.
•Termination refers to the point in the network at which the identity of the remote party is validated, the VPN tunnel is created, and the remote party enters the network. VPN termination is typically supported in routers, secure gateways, Internet Firewalls, or in software residing on a network server.
In general, for the purpose of configuration, VPNs can be broadly grouped into two main types:
•
•
VPN Connection Security Features
The X family uses three main security features to ensure the secure VPN connections: tunneling, authentication, and encryption. These features work together to protect network resources and guarantee secure private connections across the public network.
•Tunneling describes the link created between two endpoints in a VPN connection — for instance between an employee’s
o IPSec
o L2TP over IPSec (recommended) or L2TP o PPTP
182 X Family LSM User’s Guide V 2.5.1