Elements of IPSec Remote Access

Previous page
Table of content
Next page

To have a successful remote access implementation, you need to make sure you have all the necessary ingredients. Namely, you are required to have the following: a remote client, VPN Concentrator, PPP or equivalent Layer 2 protocol, and IPSec, PPTP, or L2TP tunneling protocol. To illustrate these components, look at Figure 4.1, which displays a typical IPSec remote access scenario with Cisco components.

Figure 4.1. IPSec remote access scenario.

graphics/04fig01.gif

graphics/note_icon.gif

The examples presented throughout this book use private IP addresses for all interfaces. Realistically, in the real world, the public IP addresses that are assigned to the workstation, and possibly the public interface of the concentrator, would not be private IP addresses.


In this hypothetical remote access example, Mr. Ed, located at the remote end of the IPSec tunnel, is using a workstation with Internet connectivity to connect to the central location. The workstation's adapter that connects to the Internet utilizes PPP for a Layer 2 protocol and learns its public IP address of 172.16.1.2 dynamically from the ISP. To initiate the IPSec tunnel, as well as handle authentication and encryption services, Mr. Ed is required to install the Cisco VPN Unity Client on his workstation. The Unity Client initiates the IPSec tunnel to the VPN Concentrator's public interface IP address of 192.168.1.101. Assuming a typical configuration, the VPN Concentrator issues an internal IP address of 10.1.1.100 for the IPSec tunnel to the client via a DHCP server, configured pool, or per user assignment. When Mr. Ed needs to send secure data that is destined for a device or station at the main office, the Unity Client encapsulates (using ESP protocol in tunnel mode) the internal IP header and payload. In addition, the client creates a new IP header with the workstation adapter as the source address and the public IP address of the VPN Concentrator as the destination address for routability. When the VPN Concentrator receives the data, it removes the header, authenticates and decrypts the original packet, and delivers the datagram to the internal destination address of the original internal IP header.


Previous page
Table of content
Next page
CSVPN Exam Cram 2 (Exam 642-511)
CCSP CSVPN Exam Cram 2 (Exam Cram 642-511)
ISBN: 078973026X
EAN: 2147483647
Year: 2002
Pages: 185
Authors: David Minutella
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Strategies for Information Technology Governance
High-Speed Signal Propagation[c] Advanced Black Magic
The Complete Cisco VPN Configuration Guide
Quantitative Methods in Project Management
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy