Let’s take a look at some of the technologies that are integral to virtual private networks.
VPN Technology Building Blocks
Business-ready VPNs rely on both security and QoS technologies. Let’s take a look at both of these in more detail.
Security
Deploying WANs on a shared network makes security issues paramount. Enterprises need to be assured that their VPNs are secure from perpetrators observing or tampering with confidential data passing over the network and from unauthorized users gaining access to network resources and proprietary information. Encryption, authentication, and access control guard against these security breaches.
Key components of VPN security are as follows:
- – Tunnels and encryption
- – Packet authentication
- – Firewalls and intrusion detection
- – User authentication
These mechanisms complement each other, providing security at different points throughout the network. VPN solutions must offer each of these security features to be considered a viable solution for utilizing a public network infrastructure.
Let’s start by looking at tunnels and encryption. We’re going to look in detail at Layer 2 Tunneling Protocol (L2TP), Generic Routing Encapsulation (GRE), for tunnel support, as well as the strongest standard encryption technologies available— IPSec, DES and 3DES.
Tunneling: L2F/L2TP
Layer 2 Forwarding (L2F) enables remote clients to gain access to corporate networks through existing public infrastructures, while retaining control of security and manageability. Cisco has submitted this new technology to the IETF for approval as a standard. It supports scalability and reliability features as discussed in later sections of this document.
L2F achieves private network access through a public system by building a secure “tunnel” across a public infrastructure to connect directly to a home gateway. The service requires only local dialup capability, reducing user costs and providing the same level of security found in private networks.
Using L2F tunneling, service providers can create a virtual tunnel to link customer remote sites or remote users with corporate home networks. In particular, a network access server at the POP exchanges PPP messages with the remote users and communicates by L2F requests and responses with the customer’s home gateway to set up tunnels. L2F passes protocol-level packets through the virtual tunnel between endpoints of a point-to-point connection.
Frames from remote users are accepted by the service provider POP, stripped of any linked framing or transparency bytes, encapsulated in L2F, and forwarded over the appropriate tunnel. The customer’s home gateway accepts these L2F frames, strips the L2F encapsulation, and processes incoming frames for the appropriate interface.
Layer 2 Tunneling Protocol (L2TP) is an extension to PPP. It is a draft IETF standard derived from Cisco L2F and Microsoft Point-to-Point Tunneling Protocol (PPTP). L2TP delivers a full range of security control and policy management features, including end-user security policy control. Business customers have ultimate control over permitting and denying users, services, or applications.