Virtual Private Networking
104
9. Virtual Private Networking
Virtual Private Networking (VPN) enables two or more locations to communicate securely
and effectively, usually across a public network (e.g. the Internet) and has the following
key traits:
•
Privacy - no one else can see what you are communicating
•
Authentication - you know who you are communicating with
•
Integrity - no one else can tamper with your messages/data
Using VPN, you can access the office network securely across the Internet using Point-
to-Point Tunneling Protocol (PPTP), IPSec, GRE or L2TP. If you take your portable
computer on a business trip, you can dial a local number to connect to your Internet
access provider and then create a second connection (called a tunnel) into your office
network across the Internet and have the same access to your corporate network as if
you were connected directly from your office. Similarly, telecommuters can also set up a
VPN tunnel over their cable modem or DSL links to their local ISP.
VPN technology can also be deployed as a low cost way of securely linking two or more
networks, such as a headquarters LAN to the branch office(s). IPSec is generally the
most suitable choice in this scenario.
With the CyberGuard SG appliance you can establish a VPN tunnel over the Internet
using either PPTP, IPSec, GRE or L2TP. IPSec provides the best security; however
PPTP is the preferred protocol for integrating with existing Microsoft infrastructure. GRE
and L2TP VPNs will generally be used for specialized purposes only. The CyberGuard
SG appliance provides a PPTP server to enable remote Windows clients to securely
access your office network. Using the CyberGuard SG appliance’s PPTP client or IPSec
you can also connect your office network to one or more remote networks.
This chapter details how to configure the PPTP server and client and how to configure a
remote client to connect, how to establish an IPSec tunnel, and also provides an
overview of GRE and L2TP VPN tunneling.