Siemens Version: 1.2 manual 2.2.2 VPN, Security Services, Aug-05, escrypt GmbH

2. Security Services

and 3 on the security module. The packet filter controls the communication between the internal network and the external network (see Figure 2).

Figure 2: Firewall function of the security module

The firewall offers a packet filter adapted from OpenBSD for IP-packets with stateful packet inspection. Another packet filter for Non-IP-packets (Ethernet packets or Layer-2-packets) was developed by Siemens for the security module. There is also a bandwidth limitation in order to avoid denial of service (DoS) attacks and cache flooding.

2.2.2 VPN

The module also has the task to connect two or more internal networks to each other. This happens physically over the external network in such a way that messages from a protected device to another one are sent over the unprotected external network through a secure tunnel. In order to safeguard the confidentiality of the data, the security module can build up a VPN tunnel based on IPsec. When several bilateral tunnels are combined we call the resulting network a VPN as represented in Figure 3.