̈ Chapter 14: Virtual Private Networks—VPN LANCOM Reference Manual LCOS 3.50
297
Virtual Private Networks—
VPN
̈ When VPN clients are dialing in with the appropriate client software,
extended functions in the IKE handshake of LANCOM VPN allow the use
of different Preshared Keys (PSKs). Other conventional VPN client
connections can use a single common PSK, a situation that is a
compromise in terms of security.
̈ The use of LANCOM Dynamic VPN means that the headquarters with a
static IP address can be connected to external locations that have neither
fixed IP addresses nor flatrate Internet access. As these remote stations
generally do not use dynamic DNS services, they cannot be reached via an
IP address or via a name that can be resolved by DNS. The extensions
provided by LANCOM Dynamic VPN make it possible to use ISDN
signalling to establish connections.
Further information about these features can be found in the description of
the applications.
14.2.3 LANCOM VPN functions
This section lists all of the functions and properties of LANCOM VPN. This
overview will provide a great deal of information for VPN experts. It is very
compact, but contains a lot of complex, specialized terminology. Knowledge
of the technical basics of VPN are required to understand this section. Don't
worry: it's no problem if you skip this section. The information contained here
is not required to set up and use LANCOM VPN.
̈ VPN in accordance with IPSec standard
̈ VPN tunnel via leased lines, switched connections and IP networks
̈ IPSec main and aggressive mode
̈ LANCOM Dynamic VPN: Public IP addresses can be static or dynamic
(initiation of a connection towards remote sites with dynamic IP addresses
requires ISDN)
̈ IPSec protocols AH and ESP in transport and tunnel mode
̈ Hash algorithms:
୴ HMAC-MD5-96, Hash length 128 bit
୴ HMAC-SHA-1-96, Hash length 160 bit
̈ Symmetrical encryption methods
୴ AES, key length 128 bit
୴ Triple-DES, key length 168 bit
୴ Blowfish, key length 128 - 448 bit
୴ CAST, key length 128 bit