Chapter 18 VPN
A connection that uses the Internet as a "transport medium" but is not publicly accessible is
referred to as a VPN (Virtual Private Network). Only authorised users have access to such
a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported
over a VPN is encrypted.
A VPN allows field staff or staff working from home offices to access data on the company's
network. Subsidiaries can also connect to head office over VPN.
Various protocols are available for creating a VPN tunnel, e.g. IPSec or PPTP.
The connection partner is authenticated with a password, using preshared keys or certific-
ates.
With IPSec the data is encrypted using AES or 3DES, for example; with PPTP, you can
use MPPE.
18.1 IPSec
IPSec enables secure connections to be set up between two locations (VPN). This enables
sensitive business data to be transferred via an unsecure medium such as the Internet.
The devices used function here as the endpoints of the VPN tunnel. IPSec involves a num-
ber of Internet Engineering Task Force (IETF) standards, which specify mechanisms for the
protection and authentication of IP packets. IPSec offers mechanisms for encrypting and
decrypting the data transferred in the IP packets. The IPSec implementation can also be
smoothly integrated in a Public Key Infrastructure (PKI, see
Certificates
on page 113). The
funkwerk IPSec implementation achieves this firstly by using the Authentication Header
(AH) protocol and Encapsulated Security Payload (ESP) protocol, and secondly through
the use of cryptographic key administration mechanisms like the Internet Key Exchange
(IKE) protocol.
18.1.1 IPSec Peers
An endpoint of a communication is defined as peer in a computer network. Each peer of-
fers its services and uses the services of other peers.
A list of all configured IPSec peers is displayed in the
VPN
->
IPSec
->
IPSec Peers
menu.
Peer Monitoring
Funkwerk Enterprise Communications GmbH
18 VPN
R1xxx/R3xxx/R4xxx
281