Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
261262263264265266267268269270
XSR Users Guide 229
Chapter 11 VPN Overview
Configuring the Virtual Private Network
How a Virtual Private Network Works
VPNs provide an advanced combination of tunneling, encryption,
authentication and access control technologies and services to carry traffic
over the Internet, a managed IP network or a provider's backbone.
Traffic reaches these backbones using any combination of access technologies,
including Ethernet, T1, Frame Relay, ISDN, or simple dial access. VPNs use
familiar networking technology and protocols. The client sends a stream of
encrypted packets to a remote server or router, except instead of going across
a dedicated line (as in the case of WANs), the packets traverse a tunnel over a
shared network.
The initial idea behind using this method was for a company to reduce its
recurring telecommunications charges that are shouldered when connecting
remote users and branch offices to resources at a firm’s headquarters.
Using this VPN model, packets headed toward the remote network will reach
a tunnel initiating device, which can be anything from an extranet router to a
laptop PC with VPN-enabled dial-up software. The tunnel initiator
communicates with a VPN terminator, or a tunnel switch, to agree on an
encryption scheme. The tunnel initiator then encrypts the package for
security before transmitting to the terminator, which decrypts the packet and
delivers it to the appropriate destination on the network.
The XSR provides Remote Access support for the connection of remote clients
and gateways in a topology where PPTP or L2TP protocols are employed. The
XSR also provides Site-to-Site tunnel support in a topology where routers
occupy each end of a connection. Site-to-site tunnels, also known as peer-to-
peer tunnels, employ IPSec as the main security provider.
The XSR’s site-to-site connectivity allows a branch office to divest multiple
private links and move traffic over a single Internet connection. Since many
sites use multiple lines, this can be a very useful application, and it can be
deployed without adding additional equipment or software.
The XSR supports 50 site-to-site tunnels or remote access clients with 32-
Mbytes of SDRAM DIMM installed and 200 tunnels/clients when upgraded
with the 64-Mbyte SDRAM DIMM.