CHAPTER 25. IPSEC
256
© SAMSUNG Electronics Co., Ltd.
Traditionally, remote users could access the corporate LAN through dial-up
and ISDN lines which were terminated in the corporate remote access servers.
However, these point-to-point connection technologies do not scale well to the
growing number of remote users and the corresponding increase in the
infrastructure investments and maintenance costs.
A solution to meeting the needs of increasing numbers of remote users and for
controlling access costs is to provide remote access through the Internet using
firewalls and a Virtual Private Network(VPN). Internet Protocol
Security(IPSec) keeps the connection safe from unauthorized users.
In a typical IPSec remote access scenario, the mobile user has connectivity to
Internet and an IPSec VPN client loaded on their PC. The remote user
connects to the Internet through their Internet service provider and then
initiates a VPN connection to the IPSec security gateway(the VPN server) of
the corporate office, which is typically an always-on Internet connection.
One of the main limitations in providing remote access is the typical remote
user connects with a dynamically assigned IP address provided by the ISP.
IPSec uses the IP address of users as an index to apply the Internet Key
Exchange(IKE) and IPSec policies to be used for negotiation with each peer.
When the VPN client has a dynamic IP address, the VPN server cannot access
the policies based on the IP address of the client. Instead, the VPN server uses
the identity of the VPN client to access the policies.
Access Methods
Ubigate iBG3026 supports two types of IPSec remote access using VPNs.
Remote Access: User Group
One of the methods to achieve IPSec remote access in Ubigate iBG3026 is the
user group method. In this method, the administrator creates an IKE policy for
a logical group of users such as a department in an organization. Each user in
the group is identified with unique information that is uniquely configured in
the IKE policy. Also, an IPSec template is attached to the user group.
Once the VPN user is authenticated using IKE, the users dynamically-assigned
IP address is added to the destination address field in the IPSec template
attached to the user group. The VPN user now has the required IPSec policy
that allows access through the gateway to the corporate LAN.
Содержание Ubigate iBG3026
Страница 1: ......
Страница 16: ...INTRODUCTION XIV SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 32: ...TABLE OF CONTENTS XXX SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 34: ......
Страница 42: ...CHAPTER 1 Basic Configuration 8 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 64: ...CHAPTER 4 System Logging 30 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 70: ...CHAPTER 5 RMON Configuration 36 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 72: ......
Страница 94: ...CHAPTER 7 WAN Interfaces 58 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 110: ......
Страница 126: ...CHAPTER 10 Layer 2 Switching 88 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 156: ...CHAPTER 15 BGP 118 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 178: ...CHAPTER 17 VRRP 140 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 260: ...CHAPTER 20 VLAN forwarding with QoS 222 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 262: ......
Страница 268: ...CHAPTER 21 Authentication Authorization Accounting 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 288: ...CHAPTER 23 Firewall NAT 248 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 346: ......
Страница 378: ...CHAPTER 27 VoIP Gateway Management 336 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 706: ...CHAPTER 36 Management 664 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 716: ...CHAPTER 37 Survivable Telephony 674 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 718: ...EQBD 000026 Ed 00 ...