Chapter 16: Configuring Virtual Private Networks

Introduction

Many organizations are using virtual private networks (VPNs) over the Internet in order to have a secure channel for remote offices, business partners, and mobile users to access their internal networks. For many, the VPN is replacing dedicated Frame Relay circuits or dial-in VPN services for their organizational needs.

For example, your office headquarters may be in Hartford, Connecticut, but you have a small, remote office located in Tampa, Florida. You could set up a gateway-to-gateway VPN between these two offices so that they can share each other's resources on the network through an encrypted channel over the Internet. The communication between these two branches is secured by the endpoints of the connection, which are the firewalls at each location.

In this chapter, we discuss the different types of encryption available to you in VPN-1/FW-1 NG, and we'll explain this technology to you so that you'll understand how it is working. Check Point makes it easy to set up a VPN using their Policy Editor, and we show you how to configure VPNs between gateways and to mobile clients. Then we demonstrate how to install the SecuRemote client software. If you are interested in desktop security for the client, we will be covering that later in the book.

A bit of theory is necessary before beginning the process of describing how to set up VPNs with Check Point NG. You need to first understand the basics of encryption algorithms, key exchange, hash functions, digital signatures, and certificates before you can feel comfortable troubleshooting and deploying VPNs.