Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual 3Com Router User Manual. The 3Com manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 601

    Page 601 42 CONFIGURING VPN This chapter covers the following topics: ■VPN Overview ■Basic Networking Applications of VPN ■Classification of IP VPN VPN OverviewVPN establishes private networks on public networks by creating a “virtual”, or logical network from resources of the existing network. Carriers can make use of their spare network resources to provide VPN service and profit from the network resources to the maximum extent. In addition: ■VPNs are used by enterprises or user groups to securely access... 
    42
CONFIGURING VPN
This chapter covers the following topics:
■VPN Overview
■Basic Networking Applications of VPN
■Classification of IP VPN 
VPN OverviewVPN establishes private networks on public networks by creating a “virtual”, or 
logical network from resources of the existing network. Carriers can make use of 
their spare network resources to provide VPN service and profit from the network 
resources to the maximum extent. In addition:
■VPNs are used by enterprises or user groups to securely access...

    Page 602

    Page 602 598CHAPTER 42: CONFIGURING VPN The VPN with service quality guarantee can provide different levels of service quality guarantees for users by charging for different services. Basic Networking Applications of VPNAn enterprise that has an intranet established with VPN is shown in the following figure. Figure 178 Schematic diagram of VPN networking In this configuration, the users who need the internal resources of enterprises, can access the POP (Point of Presence) server of local ISP via PSTN or... 
    598CHAPTER 42: CONFIGURING VPN
The VPN with service quality guarantee can provide different levels of service 
quality guarantees for users by charging for different services. 
Basic Networking 
Applications of VPNAn enterprise that has an intranet established with VPN is shown in the following 
figure.
Figure 178   Schematic diagram of VPN networking
In this configuration, the users who need the internal resources of enterprises, can 
access the POP (Point of Presence) server of local ISP via PSTN or...

    Page 603

    Page 603 Classification of IP VPN 599 Tunnel ProtocolsThe tunnel protocols can be divided into layer 2 tunneling protocols and layer 3 tunneling protocols depending on the layer at which the tunneling is implemented based on OSI model. Layer 2 tunneling protocol The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal tunnel. The current layer 2 tunneling protocols mainly include: ■Point-to-Point Tunneling Protocol (PPTP): supported by Microsoft Corporation, Lucent Technologies and... 
    Classification of IP VPN 599
Tunnel ProtocolsThe tunnel protocols can be divided into layer 2 tunneling protocols and layer 3 
tunneling protocols depending on the layer at which the tunneling is implemented 
based on OSI model.
Layer 2 tunneling protocol
The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal 
tunnel. The current layer 2 tunneling protocols mainly include: 
■Point-to-Point Tunneling Protocol (PPTP): supported by Microsoft Corporation, 
Lucent Technologies and...

    Page 604

    Page 604 600CHAPTER 42: CONFIGURING VPN ISP gateway and PPP session ends at NAS, it is unnecessary for the gateway at the user end to manage and maintain the status of every PPP session, thus improving system performance. Generally, Layer 2 and Layer 3 tunnel protocols are used independently so combining L2TP together with the IPSec protocol provides better performance and security for the users. Service PurposeVPNs are also classified according to the types of service they provide: ■Intranet VPN: In an... 
    600CHAPTER 42: CONFIGURING VPN
ISP gateway and PPP session ends at NAS, it is unnecessary for the gateway at the 
user end to manage and maintain the status of every PPP session, thus improving 
system performance.
Generally, Layer 2 and Layer 3 tunnel protocols are used independently so 
combining L2TP together with the IPSec protocol provides better performance and 
security for the users.
Service PurposeVPNs are also classified according to the types of service they provide:
■Intranet VPN: In an...

    Page 605

    Page 605 43 CONFIGURING L2TP VPDN and L2TP OverviewVirtual Private Dial Network (VPDN) is fulfilled with the help of dial-up and access services of public network (ISDN and PSTN), which provides access services for enterprises, small ISPs, and mobile offices. VPDN adopts private communication protocols with network encryption feature, so enterprises can establish safe VPNs on public networks. Branch employees can connect to their enterprises remote internal network through virtual encryption tunnels, while... 
    43
CONFIGURING L2TP 
VPDN and L2TP 
OverviewVirtual Private Dial Network (VPDN) is fulfilled with the help of dial-up and access 
services of public network (ISDN and PSTN), which provides access services for 
enterprises, small ISPs, and mobile offices.
VPDN adopts private communication protocols with network encryption feature, 
so enterprises can establish safe VPNs on public networks. Branch employees can 
connect to their enterprises remote internal network through virtual encryption 
tunnels, while...

    Page 606

    Page 606 602CHAPTER 43: CONFIGURING L2TP Figure 179 Networking diagram of typical VPDN application In this figure, LAC stands for L2TP Access Concentrator, which is a switch network device with a PPP end system and L2TP client-side processing ability. Usually, LAC is a NAS, which provides access service for users through PSTN/ISDN. LNS stands for L2TP Network Server, which is the device with a PPP end system and L2TP server-side processing ability. LAC resides between the LNS and the remote system (remote... 
    602CHAPTER 43: CONFIGURING L2TP 
Figure 179   Networking diagram of typical VPDN application
In this figure, LAC stands for L2TP Access Concentrator, which is a switch network 
device with a PPP end system and L2TP client-side processing ability. Usually, LAC is 
a NAS, which provides access service for users through PSTN/ISDN. LNS stands for 
L2TP Network Server, which is the device with a PPP end system and L2TP 
server-side processing ability.
LAC resides between the LNS and the remote system (remote...

    Page 607

    Page 607 VPDN and L2TP Overview603 The networking diagram of these two typical methods is illustrated in the following figure: Figure 180 Networking diagram of two typical methods of VPDN Overview of L2TPThe L2TP (Layer 2 Tunneling Protocol) supports transmitting PPP frames by tunneling, and the end of layer 2 data link and the PPP session can reside on different devices, communicating based on packet switching which extends the PPP model. Integrating the respective advantages of L2F protocol and PPTP, L2TP... 
    VPDN and L2TP Overview603
The networking diagram of these two typical methods is illustrated in the 
following figure:
Figure 180   Networking diagram of two typical methods of VPDN
Overview of L2TPThe L2TP (Layer 2 Tunneling Protocol) supports transmitting PPP frames by 
tunneling, and the end of layer 2 data link and the PPP session can reside on 
different devices, communicating based on packet switching which extends the 
PPP model. Integrating the respective advantages of L2F protocol and PPTP, L2TP...

    Page 608

    Page 608 604CHAPTER 43: CONFIGURING L2TP The L2TP header includes the information of tunnel and session IDs, which are used to identify different tunnels and sessions. The messages with the same tunnel ID and different session IDs is multiplexed in one tunnel. Tunnel ID and session ID are distributed to the opposite end of the tunnel. L2TP detects the connectivity of a tunnel using a Hello message. When the tunnel is idle for some time, LAC and LNS begin to transmit the Hello message to the opposite end. If... 
    604CHAPTER 43: CONFIGURING L2TP 
The L2TP header includes the information of tunnel and session IDs, which are 
used to identify different tunnels and sessions. The messages with the same tunnel 
ID and different session IDs is multiplexed in one tunnel. Tunnel ID and session ID 
are distributed to the opposite end of the tunnel.
L2TP detects the connectivity of a tunnel using a Hello message. When the tunnel 
is idle for some time, LAC and LNS begin to transmit the Hello message to the 
opposite end. If...

    Page 609

    Page 609 VPDN and L2TP Overview605 Figure 182 Call setup flow of L2TP channel V. Features of L2TP ■Flexible identity authentication mechanism and high security L2TP protocol by itself does not provide connection security, but it can depend on the authentication (e.g. CHAP and PAP) provided by PPP, so it has all security features of PPP. L2TP can be integrated with IPSec to fulfill data security, so it is difficult to attack the data transmitted with L2TP. As required by specific network security, L2TP... 
    VPDN and L2TP Overview605
Figure 182   Call setup flow of L2TP channel
V. Features of L2TP
■Flexible identity authentication mechanism and high security
L2TP protocol by itself does not provide connection security, but it can depend 
on the authentication (e.g. CHAP and PAP) provided by PPP, so it has all security 
features of PPP. L2TP can be integrated with IPSec to fulfill data security, so it is 
difficult to attack the data transmitted with L2TP. As required by specific 
network security, L2TP...

    Page 610

    Page 610 606CHAPTER 43: CONFIGURING L2TP addresses (RFC1918). The addresses allocated to remote users are private addresses belonging to an enterprise, thus the addresses can be easily managed and the security can also be improved. ■Flexible network charging Charging can be fulfilled at both LAC and LNS sides at the same time, that is, at ISP (to generate bills) and Intranet gateway (to pay for charge and audit). L2TP can provide such charging data as transmitted packet number, byte number, start time and... 
    606CHAPTER 43: CONFIGURING L2TP 
addresses (RFC1918). The addresses allocated to remote users are private 
addresses belonging to an enterprise, thus the addresses can be easily 
managed and the security can also be improved.
■Flexible network charging
Charging can be fulfilled at both LAC and LNS sides at the same time, that is, at 
ISP (to generate bills) and Intranet gateway (to pay for charge and audit). L2TP 
can provide such charging data as transmitted packet number, byte number, 
start time and...
    Start reading 3Com Router User Manual

    Related Manuals for 3Com Router User Manual

    All 3Com manuals