Operation Manual
The VPN Protocol IPsec
38 NetWAYS/ISDN – 3 Remote Access with NetWAYS/ISDN
Authenticity
When a connection is opened, the communicating par-
ties must be identified to ensure that all data comes
from the authentic source, and is not simply being re-
played by an interceptor, for example.
Integrity
The VPN must ensure that data cannot be modified by
third parties (as in “man-in-the-middle” attacks) on its
way through Internet.
The VPN Protocol IPsec
A protocol used to set up VPN connections must bring with it
the following characteristics:
Support for security mechanisms that guarantee priva-
cy, authenticity and integrity as described above.
The ability to connect through a tunnel.
The IPsec suite provides these characteristics, and is there-
fore used by NetWAYS/ISDN as the standard VPN protocol.
IPsec is a network-layer (ISO OSI Layer 3) protocol, and
hence independent of the underlying infrastructures. Howev-
er, IPsec is limited to the IP network protocol. In other words,
only IP data can be transported over an IPsec-based VPN.
IPsec permits two different operating modes: Tunnel Mode
and Transport Mode. Transport Mode does not create a tun-
nel, and strictly speaking does not provide a virtual private
network. Only Tunnel Mode is used in VPN connections.
In Tunnel Mode, a tunnel is set up through a public network.
In other words, the IP packets are encapsulated before
transmission. Each IP packet, with its complete IP header, is
transmitted as the payload of a new IPsec packet. The new
packet also has its own IP header. In this way both single
computers and whole networks using private IP addresses
can communicate over the public Internet.
netways-e.book Seite 38 Freitag, 28. November 2003 3:51 15