Information Technology Reference
In-Depth Information
Enterprise VPNs
Here is a list of VPNs that can be found in enterprise environments:
IP Security (IPsec)
■
Cisco Easy VPN
■
Generic routing encapsulation (GRE)
■
Dynamic Multipoint Virtual Private Network (DMVPN)
■
Virtual tunnel interface (VTI)
■
Layer 2 Tunneling Protocol Version 3 (L2TPv3)
■
Service Provider Offerings
Here is a list of VPNs that can be found with most SPs:
Multiprotocol Label Switching (MPLS)
■
Metro Ethernet
■
Virtual Private LAN Services (VPLS)
■
Enterprise Managed VPN: IPsec
What is IPsec? IPsec is a network layer protocol suite for encrypting IP packets between
two hosts and thereby creating a secure “tunnel.” The IETF defined IPsec in RFC 4301.
IPsec uses open standards and provides secure communication between peers to ensure
data confidentiality, integrity, and authenticity through network layer encryption. IPsec
connections are commonly configured between firewalls, VPN appliances, or routers that
have IPsec features enabled. IPsec can scale from small to very large networks.
The IPsec protocols include Internet Security Association and Key Management Protocol
(ISAKMP), and two other IPsec IP protocols: Encapsulating Security Payload (ESP) and
Authentication Header (AH). IPsec uses symmetrical encryption algorithms to provide
data protection. These algorithms need a secure method to exchange keys to ensure that
the data is protected. Internet Key Exchange (IKE) ISAKMP protocols provide these func-
tions. ESP is used to provide confidentiality, data origin authentication, connectionless in-
tegrity, and anti-replay services. AH is used to provide integrity and data origin
authentication, usually referred to as just authentication.
In addition, IPsec can secure data from eavesdropping and modification using transforms
sets, which give you varying levels of strength for the data protection. IPsec also has sev-
eral Hash Message Authentication Codes (HMAC) available to provide protection from at-
tacks such as man-in-the-middle, packet-replay, and data-integrity attacks.
IPsec Direct Encapsulation
IPsec provides a tunnel mode of operation that enables it to be used as a standalone con-
nection method and is the most fundamental VPN design model. When you are using
The headend IPsec terminating device needs to use static IP addressing, but the remote
