Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Chapter 6 Using Security Technologies
Using a Virtual Private Network
Niagara Release 2.3
Niagara Networking & Connectivity Guide Revised: May 22, 2002
6–23
Using a Virtual Private Network
An alternate method of securely connecting Internet-attached Niagara hosts is
through the use of a virtual private network (VPN).
A VPN is an encrypted IP connection between hosts over a public infrastructure such
as the Internet or the public telephone network. A VPN embeds a special protocol
within the TCP/IP packets carried over the Internet. This concept of a second network
protocol within a primary protocol is called tunneling. The following tunneling
protocols are commonly found in VPN installations:
• PPTP (point-to-point tunneling protocol)
• IPSec (IP security protocol)
• L2TP (layer 2 tunneling protocol)
Along with encryption, many VPNs also include strong authentication of remote
users or hosts and ways to hide information about the private LAN from hosts on the
public network. A VPN can be between an individual computer and a LAN or can be
LAN-to-LAN. Many companies use a VPN for connecting traveling or teleworking
users, or for connecting small, remote sites to the corporate LAN.
Typically, a VPN architecture is comprised of:
• a client running software that is configured with parameters such as server IP
address and tunneling protocol. The client could be an individual workstation
(for computer-to-LAN VPNs), or another router or server (for LAN-to-LAN
VPNs).
• a server device that handles the client connection, authentication, and
decryption of the information from the client. A VPN server could be part of a
firewall, or be a separate device.
Some advantages of using VPNs include:
• the client actually becomes part of the remote LAN (it receives an IP address
on the remote LAN) and therefore has access to any resources on the LAN.
• cost can be lower than direct-dial (no extra telephone lines, RAS equipment to
maintain, or long distance charges).
• if using cable or DSL connection, transmission speed can be faster than using
direct-dial.
Some disadvantages include:
• overhead makes any VPN connection slower than a native (no VPN) dial-up or
cable/DSL connection.
• host will not connect if the Internet connection to the ISP or from the ISP to
primary site is down.