3.5 VPN

3.5 VPN

VPN (Virtual Private Network) is a private network established via the public network, generally via the Internet. However, the private network is a logical network without any physical network lines, so it is called Virtual Private Network.

With the wide application of the Internet, more and more data are needed to be shared through the Internet. Connecting the local network to the Internet directly, though can allow the data exchange, will cause the private data to be exposed to all the users on the Internet. The VPN (Virtual Private Network) technology is developed and used to establish the private network through the public network, which can guarantee a secured data exchange.

VPN adopts the tunneling technology to establish a private connection between two endpoints. It is a connection secured by encrypting the data and using point-to-point authentication. The following diagram is a typical VPN topology.

Figure 3-57 VPN – Network Topology

As the packets are encapsulated and de-encapsulated in the Router, the tunneling topology implemented by encapsulating packets is transparent to users. The tunneling protocols supported by TL-ER6020 contain Layer 3 IPsec and Layer 2 L2TP/PPTP.

3.5.1 IKE

In the IPsec VPN, to ensure a secure communication, the two peers should encapsulate and de-encapsulate the packets using the information both known. Therefore the two peers need to negotiate a security key for communication with IKE (Internet Key Exchange) protocols.

Actually IKE is a hybrid protocol based on three underlying security protocols, ISAKMP (Internet Security Association and Key Management Protocol), Oakley Key Determination Protocol, and SKEME Security Key Exchange Protocol. ISAKMP provides a framework for Key Exchange and SA (Security Association) negotiation. Oakley describes a series of key exchange modes. SKEME describes another key exchange mode different from those described by Oakley.

IKE consists of two phases. Phase 1 is used to negotiate the parameters, key exchange algorithm and encryption to establish an ISAKMP SA for securely exchanging more information in Phase 2. During phase 2, the IKE peers use the ISAKMP SA established in Phase 1 to negotiate the parameters for security protocols in IPsec and create IPsec SA to secure the transmission data.

-83-

Page 88
Image 88
TP-Link TL-ER6020 manual 3.5 VPN, 3.5.1 IKE

TL-ER6020 specifications

The TP-Link TL-ER6020 is a robust and efficient router designed for small to medium-sized businesses seeking reliable network performance and advanced features. Combining dual WAN capability with comprehensive security features, it ensures that businesses can maintain consistent and secure internet connectivity, even during peak usage times or in the event of a failure from one ISP.

One of the primary features of the TL-ER6020 is its dual WAN support, which allows users to connect two different internet sources. This not only enhances reliability through load balancing but also ensures redundancy. In cases where the primary WAN connection fails, the router can seamlessly switch to the secondary connection, minimizing downtime and maintaining business operations.

Security is a critical aspect of any network appliance, and the TL-ER6020 does not disappoint. It comes equipped with multiple security features, including advanced firewall capabilities, IP/MAC/URL filtering, and DoS attacks prevention. These tools work together to provide a secure network environment, safeguarding sensitive business data from unauthorized access and potential threats.

The router also supports VLAN (Virtual Local Area Network) technology, which allows businesses to segment their networks for better performance and security. By creating separate networks for different departments or functions, companies can enhance their network management and control traffic flow more efficiently.

Additionally, the TL-ER6020 features quality of service (QoS) capabilities that prioritize network traffic based on user needs. This ensures that critical applications, such as VoIP or video conferencing, receive the bandwidth they require for optimal performance, while less critical traffic is deprioritized during peak times.

For user management, the TL-ER6020 includes an intuitive web-based interface that simplifies configuration and monitoring. Administrators can easily manage network settings, view statistics, and troubleshoot issues without the need for extensive technical expertise.

In terms of physical specifications, the TL-ER6020 is built with reliability in mind, featuring cooling vents to prevent overheating and an efficient power supply. Its compact design allows for easy placement in various environments, whether in a server room or on a desk.

Overall, the TP-Link TL-ER6020 is a solid choice for businesses looking to build a secure, versatile, and high-performance network. Its combination of dual WAN capabilities, strong security features, VLAN support, and QoS make it a comprehensive solution for modern networking needs.