Appendix C - VPNs

Common VPN Situations

VPN Pass-throughFigure 78: VPN Pass-through

Here, a PC on the LAN behind the Router/Gateway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is only allowing the VPN connec- tion.

The PC software can use any VPN protocol supported by the remote VPN.

The remote VPN Server must support client PCs which are behind a NAT router, and so have an IP address which is not valid on the Internet.

The Router/Gateway requires no VPN configuration, since it is not acting as a VPN endpoint.

Client PC to VPN GatewayFigure 79: Client PC to VPN Server

In this situation, the PC must run appropriate VPN client software in order to connect, via the Internet, to the ADE-4300/ADW-4300 or other VPN Gateway. Once connected, the client PC has the same access to LAN resources as PCs on the local LAN (unless restricted by the network administrator).

IPsec is not the only protocol which can be used in this situation, but the ADE- 4300/ADW-4300 supports IPsec ONLY.

Windows 2000 and Windows XP include an IPsec VPN client program. However, configuration of this client program for use with the ADE-4300/ADW-4300 is very complex and beyond the scope of this document.

119