3com 3031 Instruccion De Instalación
916
C
HAPTER
65: D
YNAMIC
VPN
■
It supports auto tunneling. Every node in DVPN maintains a public-private
address mapping table. The tunnel between two nodes is set up automatically.
On each client router you can only configure parameters for itself, including IP
address, UDP port ID, the VPN and server for it. And communication with other
clients can be set up even without any information about them. This is
significant in reducing management and maintenance works and probability of
errors.
address mapping table. The tunnel between two nodes is set up automatically.
On each client router you can only configure parameters for itself, including IP
address, UDP port ID, the VPN and server for it. And communication with other
clients can be set up even without any information about them. This is
significant in reducing management and maintenance works and probability of
errors.
■
It supports authentication and encryption technology. With this, DVPN can
protect data and network security effectively. DVPN provides registration
authentication mechanism and only those client devices which pass
authentication at server can access a specific VPN. In addition, mutual
authentication is provided when a tunnel is established between clients.
protect data and network security effectively. DVPN provides registration
authentication mechanism and only those client devices which pass
authentication at server can access a specific VPN. In addition, mutual
authentication is provided when a tunnel is established between clients.
It supports multiple domains on a same router, that is, one router can belong to
different VPN, or as client in one VPN and as server in another VPN. This not only
provides flexible networking, but also high-efficiency utility of network resources.
different VPN, or as client in one VPN and as server in another VPN. This not only
provides flexible networking, but also high-efficiency utility of network resources.
Fundamental Network
Architecture
DVPN is in client/server structure. For N access devices in a VPN, one is set as server
(with a fixed public IP address) and others are as clients, on which the public IP
address of the server is set manually. After the clients registered into the server,
session links are set up automatically, which is equivalent to a connected VPN
tunnel.
(with a fixed public IP address) and others are as clients, on which the public IP
address of the server is set manually. After the clients registered into the server,
session links are set up automatically, which is equivalent to a connected VPN
tunnel.
There are two types of tunneling modes: GRE DVPN encapsulation mode and UDP
DVPN encapsulation mode. When adopting UDP DVPN to encapsulate, DVPN can
traverse NAT gateway to establish a VPN tunnel.
DVPN encapsulation mode. When adopting UDP DVPN to encapsulate, DVPN can
traverse NAT gateway to establish a VPN tunnel.
Figure 224 Fundamental DVPN network architecture
Principle
In DVPN, DVPN proprietary protocol is used between member nodes. Both the
client and server have a mapping table, the core of the whole DVPN. The table
items include destination private address (Tunnel interface address), destination
public address (public IP address for MAN interface), destination UDP port ID (for
UDP protocol), session link state identifier. The following is a brief description of
interaction process between the server and a client.
client and server have a mapping table, the core of the whole DVPN. The table
items include destination private address (Tunnel interface address), destination
public address (public IP address for MAN interface), destination UDP port ID (for
UDP protocol), session link state identifier. The following is a brief description of
interaction process between the server and a client.
Registration stage
The client sends a register request packet to the server after its interface attributes
and server address are configured and it enters UP state. Upon receiving the
and server address are configured and it enters UP state. Upon receiving the
Internet
Client
client
Session
Session
Tunnel
Server