Filter
Top Products
Vigor3300 Series User’s Guide
93
3
3
.
.
6
6
V
V
P
P
N
N
a
a
n
n
d
d
R
R
e
e
m
m
o
o
t
t
e
e
A
A
c
c
c
c
e
e
s
s
s
s
S
S
e
e
t
t
u
u
p
p
This page allows you to setup the configuration of VPN and Remote Access to create a virtual
private network for security in the Internet.
A Virtual Private Network (VPN) is an extension of a private network that encompasses links
across shared or public networks like the Intranet. A VPN enables you to send data between
two hosts across a shared or public network in a manner that emulates the properties of a
point-to-point private link.
There are two types of VPN connections: remote dial-in access and LAN-to-LAN connection.
The “Remote dial-In Access” facility allows a remote access node, a NAT router or a single
computer to dial into a VPN router through the Internet to access the network resources of the
remote network. The “LAN-to-LAN Access” facility connects two independent LANs for
mutual sharing of network resources. For example, the head office network can access the
branch office network, and vice versa.
The VPN technology implemented in the Vigor3300 Series of broadband security routers
supports Internet-industry standards to provide customers with interoperable VPN solutions,
such as X.509 and DHCP over Internet Protocol Security (IPSec). This VPN feature is only
supported for Vigor 3300, Vigor3300V routers. IPSec is the security architecture for IP
networks. IPSec provides security services at the IP layer by enabling a system to select
required security protocols. It determines the algorithms to use for the services, and puts in
place any cryptographic keys required to provide the requested services. IPSec can be used to
protect one or more "paths" between a pair of hosts, between a pair of security gateways, or
between a security gateway and a host.
The Vigor3300 Series supports ESP Tunnel mode with IKE for key management. Internet Key
Exchange (IKE) Protocol, a key protocol in the IPSec architecture, is a hybrid protocol using
part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated