Product specifications
Chapter 6: Connection Management Efficient Networks
®
Router family
Command Line Interface Guide
Page 6-54 Efficient Networks
®
DES Encryption with Dynamic Key Exchange: When running an encrypted tunnel, the
encryption keys are dynamically exchanged to make it almost impossible to expose
the data.
Each tunnel is a virtual interface: All elements of NAT, DHCP, Firewall, routing,
bandwidth thresholds, inactivity time-outs, etc. can be configured on a per-tunnel
basis, and are independent "virtual" interfaces.
Secure VPN is ideally suited for "do-it-yourself" setup of LAN-to-LAN VPNs
using existing remote access hardware. Tunneling, multi-protocol support,
encryption, compression, flexibility, and a smart design will make you think that you
are configuring a dial-up device.
When it is necessary to connect several sites together with tunneling, there are two
options:
• Set up a central tunnel server as the hub for all tunnel clients to communicate
with other sites.
• Set up capability for each site to connect to all sites without going through a
central server.
The latter will distribute the load of network traffic based on site requirements and
connections will never suffer from a congested central server.
The following example describes how to configure two DSL routers for LAN-to-LAN
connectivity using the Internet as transport. L2TP Tunneling is used to create a PPP
session between the two WAN port IP addresses of the DSL routers. For data
security, DES Encryption with Diffie-Hellman key exchange is used to encrypt the
data that is sent into the L2TP tunnel. IP datagrams are routed between Corporate
and Branch Office. Other protocols can be transported, but are not considered in this
example. The diagram below depicts the setup.