Huawei Technologies Co. Ltd EM820W 사용자 설명서

the Internet by using the AR150&200&1200&2200, so the employees in the branch can access
the headquarters network.

The headquarters and branch use GRE VPN, MPLS/BGP IP VPNor IPSec VPN tunnels to
establish an intranet. The employees on a business trip set up IPSec VPN , L2TP VPN or SSL
VPN tunnels, and access the intranet after passing authentication.

Figure 2-2 VPN access

Employee on

business trip

GRE/MPLS /IPSEC VPN

I n t e rn e t

I n t e r n e t

I n t e rn e t

I n t e r n e t

L2TP/SSL/IPSEC VPN

GRE/MPLS /IPSEC VPN

Headquarters

Branch B

Branch A

DSVPN

2.3 Enterprise Intranet Security

The ARs, located between the enterprise intranet and the Internet, ensure information security
on the entire intranet and intranet LANs.

As shown in

Figure 2-3

, an intranet and the Internet are connected by the ARs. The users on

the Internet cannot access the intranet. To allow the users on the intranet to access the Internet,
configure network address translation (NAT) on the intranet. The financial department and
marketing department have individual LANs on the intranet. The ARs utilize a demilitarized
zone to protect the server on the external network. In addition, the application specific packet
filter (ASPF) firewall can be deployed to protect the intranet.

The ARs provide network access control (NAC) to restrict the access permissions of internal
users. This ensures that only authorized users can access the intranet.

Huawei AR G3 Series Enterprise Routers
Product Description

2 Network Applications

Issue 02 (2012-04-20)

Huawei Proprietary and Confidential