3com 3031 Instruccion De Instalación
876
C
HAPTER
62: C
ONFIGURING
VPN
gateway, which affects the load and scalability of the system.In addition, because
LCP and NCP negotiations of PPP are very time sensitive, the efficiency of IP tunnel
results in a series of problems, such as PPP session timeout. In contrast, a layer 3
tunnel ends at the ISP gateway and PPP session ends at NAS, so it is unnecessary
for the gateway at the user end to manage and maintain the status of every PPP
session, thus improving system performance.
LCP and NCP negotiations of PPP are very time sensitive, the efficiency of IP tunnel
results in a series of problems, such as PPP session timeout. In contrast, a layer 3
tunnel ends at the ISP gateway and PPP session ends at NAS, so it is unnecessary
for the gateway at the user end to manage and maintain the status of every PPP
session, thus improving system performance.
Generally, Layer 2 and Layer 3 tunnel protocols are used independently. However,
if they are used together, for instance using L2TP and IPSec simultaneously, better
performance and security can be provided for the users.
if they are used together, for instance using L2TP and IPSec simultaneously, better
performance and security can be provided for the users.
Classification of IP
VPN
VPN
IP VPN is the emulation of leased line services (remote dial-up and DDN) of WAN
equipment using IP facilities (including public Internet or private IP backbone
network). IP VPN classification is based on:
equipment using IP facilities (including public Internet or private IP backbone
network). IP VPN classification is based on:
■
Operation mode
■
Service Purpose
■
Classified according to
operation mode
CPE-based VPN (Customer Premises Equipment based VPN)
Users not only install expensive devices and specified authentication tools, but also
maintain complex VPN (e.g. channel maintenance, band width management,
etc.). Networking in this way features high complexity and low ability of service
extension.
maintain complex VPN (e.g. channel maintenance, band width management,
etc.). Networking in this way features high complexity and low ability of service
extension.
Network-based VPN (NBIP-VPN)
In a network-based VPN, the maintenance of VPN is allocated to the ISP, although
users are allowed to manage and control services to some extent. VPN functions
are mainly fulfilled on the equipment at the network side. This type of service
reduces the investments of the users, increases the flexibility and scalability of
services, bringing profits to the ISP.
users are allowed to manage and control services to some extent. VPN functions
are mainly fulfilled on the equipment at the network side. This type of service
reduces the investments of the users, increases the flexibility and scalability of
services, bringing profits to the ISP.
Classified according to
service purpose
VPNs are also classified according to the types of service they provide:
■
Intranet VPN: An intranet VPN, interconnects the remote branches of an
enterprise through the public network, it is an extended or substitute form of
traditional leased line or private networks.
enterprise through the public network, it is an extended or substitute form of
traditional leased line or private networks.
■
Access VPN: Access VPN provides a means to establish private connections with
the intranet or extranet of enterprises through the public networks for those
staff traveling on business, remote personnel and SOHO. Access VPN has two
types: client-initiated VPN connections and NAS-initiated VPN connections.
the intranet or extranet of enterprises through the public networks for those
staff traveling on business, remote personnel and SOHO. Access VPN has two
types: client-initiated VPN connections and NAS-initiated VPN connections.
■
Extranet VPN: Extranet VPN extends an intranet to partners and clients through
VPN so that different enterprises can build their VPNs using public networks.
VPN so that different enterprises can build their VPNs using public networks.
Classified according to
networking model
VPNs are classified by the type of networking model that they use:
■
Virtual Leased Line (VLL): VLL emulates the traditional leased line service with
the help of the IP network and hence providing asymmetrical and inexpensive
leased line service. For the users at both ends of the VLL, the VLL is similar to
the traditional leased line.
the help of the IP network and hence providing asymmetrical and inexpensive
leased line service. For the users at both ends of the VLL, the VLL is similar to
the traditional leased line.