3com 3031 Instruccion De Instalación
874
C
HAPTER
62: C
ONFIGURING
VPN
applied to different service usage. For information on MPLS VPN refer to
Chapter 54 “BGP/MPLS VPN Configuration”.
Chapter 54 “BGP/MPLS VPN Configuration”.
Basic Networking
Application of VPN
Application of VPN
An enterprise that has an intranet established with VPN is shown in the following
figure.
figure.
Figure 205 Schematic diagram of VPN networking
It can be seen that enterprise internal resource sharers can access local ISP at its
POP (Point of Presence) server via PSTN/ISDN network or local network and access
the internal resources of the company. But when the traditional WAN networking
technology is applied, they need to be connected with a dedicated line to achieve
the same purpose. With virtual network established, remote end users and clients
in other cities can access enterprise internal resource without being authorized by
the local ISP, which will be significant for staffs on business trip and scattered
clients.
POP (Point of Presence) server via PSTN/ISDN network or local network and access
the internal resources of the company. But when the traditional WAN networking
technology is applied, they need to be connected with a dedicated line to achieve
the same purpose. With virtual network established, remote end users and clients
in other cities can access enterprise internal resource without being authorized by
the local ISP, which will be significant for staffs on business trip and scattered
clients.
To open VPN service for enterprise only requires a server setup for sharing the
resource to support VPN (e.g. a Windows NT server or a router supporting VPN).
The resource sharers connect to local POP server via PSTN/ISDN or LAN before they
directly call the remote server (VPN server) of the enterprise. The call process is
completed by ISP Network Access Server (NAS) and VPN server together.
resource to support VPN (e.g. a Windows NT server or a router supporting VPN).
The resource sharers connect to local POP server via PSTN/ISDN or LAN before they
directly call the remote server (VPN server) of the enterprise. The call process is
completed by ISP Network Access Server (NAS) and VPN server together.
Mechanism of VPN
Figure 206 VPN Access
As shown in the above figure, through PSTN/ISDN network, the remote user
accesses the ISP NAS (Network Access Server). After NAS server recognizes that
this is a VPN user by checking user name or access number, it establishes a
connection to the user’s destination VPN server via a ‘tunnel’ . Then NAS will
encapsulate the user data into IP packets and transmit it to the VPN server through
this tunnel. VPN server will remove the encapsulation to get the original data after
receiving this IP packet, and vice versa. On both sides of the tunnel, the packet can
be encrypted to make the other users on the Internet unable to read them, so it is
safe and reliable. For users, tunneling is a logical extension for their PSTN/ISDN
links and the operation is the same as the physical links.
accesses the ISP NAS (Network Access Server). After NAS server recognizes that
this is a VPN user by checking user name or access number, it establishes a
connection to the user’s destination VPN server via a ‘tunnel’ . Then NAS will
encapsulate the user data into IP packets and transmit it to the VPN server through
this tunnel. VPN server will remove the encapsulation to get the original data after
receiving this IP packet, and vice versa. On both sides of the tunnel, the packet can
be encrypted to make the other users on the Internet unable to read them, so it is
safe and reliable. For users, tunneling is a logical extension for their PSTN/ISDN
links and the operation is the same as the physical links.
POP
POP
POP
PC
PSTN/ISDN
Cooperator
Remote
Subscriber
Internet
ISP IP
Frame Relay
ATM
ISP IP
Frame Relay
ATM
Corporate
Headquarter
Headquarter
Internal Server
Remote User
Client
VPN
Subscriber
PSTN/ISDN
NAS
VPN Server
Remote User