Default VPN policy
Issue 4 May 2005
135
In tunnel mode (security gateways and VPNremote Client only), IP packets between members
are secured by encrypting and authenticating the entire packet, including the addressing
header. The encrypted and authenticated packet is then used as the payload of a new packet
with a new addressing header. This new addressing header specifies the IP addresses of
packet’s source and destination, whether they be two security gateways or a VPNremote Client
and a security gateway.
The choice between using transport and tunnel mode involves many factors, including the use
of private IP addresses for Groups and security concerns about the visibility of member
workstation IP addresses.
The following key management and packet mode combinations are supported:
●
SKIP in Transport or Tunnel mode.
●
IKE in Tunnel mode only.
Default VPN policy
Default VPN applies only to the IKE VPN and is used in conjunction with RADIUS
authentication. Only one VPN can be the default VPN in a domain. When you create a VPN,
you can enable this function.
Default Policy is an alternative method of external user authentication. This feature is suited for
large IKE-based VPNs where hundreds or even thousands of users are authenticated, or where
the ability to scale the VPN to large numbers of authenticated users is required. This default
VPN policy is applied to any remote user authenticated successfully by the external RADIUS
server.
When a remote user requests CCD from the security gateway, the security gateway’s RADIUS
client contacts the RADIUS server to authenticate the user. Upon successful authentication, the
CCD serer provides the default VPN policy to the user.
Source
Address
Dest.
Address
Payload
Dest VSU
IPSec/SKIP Overhead
IP Packet with Applied VPN Services
Tunnel Mode
Secured VPN IP Packet
or Client
Address
Src VSU
or Client
Address
Original IP Packet
Summary of Contents for 3.7
Page 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Page 4: ......
Page 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Page 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Page 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Page 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Page 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Page 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...