Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Niagara Release 2.3
Revised: May 22, 2002 Niagara Networking & Connectivity Guide
Chapter 6 Using Security Technologies
Using a Virtual Private Network
6–24
Niagara System Architectures
Figure 6-13 on page 6-25 provides examples of typical Niagara job configurations
(system architectures) for connecting Niagara hosts with a VPN. This drawing is
similar to those used in previous architecture discussions, but several sites at fictional
ABC company have been removed for simplicity.
Company ABC has implemented VPN server software on their firewall, and added a
new site (site 7). The router in site 7 has VPN client software, which has been
configured to provide a persistent VPN connection to the firewall in site 1. After the
router connects to the Internet, the client software connects to the VPN at site 1,
receiving new network settings as defined by the VPN server. The router (and by
extension, the JACE-NP) are now part of the LAN.
The company has also loaded and configured client software on the remote
engineering station to allow the off-site SI to maintain Niagara stations and hosts.
Formerly, this maintenance was handled through dial-up to the JACE-NP in site 1
(see Figure 4-2).
The engineering station connects to the Internet through its ISP, then initiates the
VPN client. The client connects to the company firewall and the engineering host
receives an IP address belonging to ABC company, joining its network. Until the
remote host disconnects the client software, all packets from the engineering host are
routed onto the ABC company’s network. The firewall has been configured to allow
the remote engineering station access only to the Niagara hosts available on the
company network, including those in sites 1, 2, and 7.
Things to Note
You should note the following things about using Niagara hosts with a VPN:
• You cannot use a VPN with a JACE-4/5 connected directly to an ISP. That is
because you cannot load VPN client software on a JACE-4/5. You can use a
JACE-4/5 with a VPN if the JACE connects to the Internet through an on-site
router that provides VPN services (as well as DHCP and NAT). This is similar
to the setup shown in site 7.
• You may be able to load VPN client software on a JACE-NP, if the software
can be configured to start automatically after connection by RAS to the ISP.
For more information about connecting a JACE-NP to an ISP with RAS, see
“Connecting Windows-based Hosts via Telephone Modem,” page 5-26.
Note This scenario has not been tested by Systems Engineering. We
recommend that you set up a pilot to test them before implementing in
a live job.
• Exact details on how to connect Niagara hosts using VPNs cannot be provided
due the many differences in VPN connection devices.