User Manual
Intended Operation Environment (Including Deployment Options)
Tunneled Network Deployment
3
22 | 28
A6V11917735_en_b_41
3.3 Tunneled Network Deployment
VPN (https://en.wikipedia.org/wiki/Virtual_private_network) is a solution for making
a virtual network. A technique called
tunneling
is used in the VPN and enables
users to create a virtual network between two remote points on an existing public
IP network and communicate freely.
With tunneling technology, packets transmitted on a physical communication
medium (such as, conventional network cable or optical fiber) are encapsulated as
data of another protocol (such as, TCP/IP packets) without directly transmitting on
a physical network. Encryption and electronic signature can be added
simultaneously when encapsulating. Encapsulated data is transmitted through a
session called a
tunnel
between the start and end point of the VPN communication.
The other party who receives the encapsulated data removes the original packets
from the capsules. If data is encrypted when encapsulated, it must be decrypted. If
an electronic signature has been added, the user can check whether the contents
of the packet have been tampered during transmission by testing the integrity of
the electronic signature.
When VPN communication must be carried out, because the data transmitted
between the computer sending the data and the computer receiving the data
travels through the tunnel is sent encapsulated, unprotected data is never exposed
on the network.
Figure 7: Structure and operating principle of common VPN
Zone Border Protection and PACE PCs are
Single Points of Failure
for every
connected client. Therefore, for each installation, it must be determined whether it
is acceptable that multiple clients can be connected to one protection component
or the clients must be placed on separate zone boundaries protection components
and distributed to separate PACE PCs.
Client PC VPN Tunnel
Public IP Network
(for example,
the Internet)
Office LAN
Packets