Cyclades ACS48 Network Hardware User Manual


 
4: Configuring the Web Interface
70 AlterPath Console Server User Manual
What is VPN
If you already understand how VPN works, skip this section and proceed to
the next procedure, Network > VPN Connections.
A VPN, or Virtual Private Network lets the Console Server and a whole
network communicate securely when the only connection between them is
over a third network which is not trustable. The method is to put a security
gateway machine in the network and create a security tunnel between the
Console Server and this gateway. The gateway machine and the Console
Server encrypt packets entering the untrusted net and decrypt packets leaving
it, creating a secure tunnel through it.
Often it may be useful to have explicitly configured IPsec tunnels between the
Console Server and a gateway of an office with a fixed IP address (in this case
every machine on the office network would have a secure connection with the
Console Server), or between the Console Server and the Console Server
administrator machine, which must, in this case, have a fixed IP address.
You can add this connection descriptor to both the Console Server and the
other end. This is the advantage of using left and right instead of using local
remote parameters.
If you give an explicit IP address for left (and left and right are not directly
connected), then you must specify leftnexthop (the router which Console
Server sends packets to in order to get them delivered to right). Similarly, you
may need to specify rightnexthop (vice versa).
The Role of IPsec
IPsec is used mainly to construct a secure connection (tunnel) between two
networks (ends) over a not-necessarily-secure third network. In ACS, the
IPsec is used to connect the ACS securely to a host or to a whole network--
configurations usually referred to as host-to-network and host-to-host tunnel.
Practically, this is the same thing as a VPN, but here one or both sides have a
degenerated subnet (i.e., only one machine).
The IPsec protocol provides encryption and authentication services at the IP
level of the network protocol stack. Working at this level, IPsec can protect
any traffic carried over IP, unlike other encryption which generally protects
only a particular higher-level protocol (PGP for mail, SSH for login, SSL for