Switch User Manual

7-1
VPN 3000 Concentrator Series User Guide
CHAPTER
7
Tunneling Protocols
Tunneling protocols are the heart of virtual private networking. The tunnels make it possible to use a
public TCP/IP network, such as the Internet, to create secure connections between remote users and a
private corporate network.
The secure connection is called a tunnel, and the VPN 3000 Concentrator Series uses tunneling protocols
to:
Negotiate tunnel parameters.
Establish tunnels.
Authenticate users and data.
Manage security keys.
Encrypt and decrypt data.
Manage data transfer across the tunnel.
Manage data transfer inbound and outbound as a tunnel endpoint or router.
The VPN Concentrator functions as a bidirectional tunnel endpoint: it can receive plain packets from the
private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where
they are unencapsulated and sent to their final destination; or it can receive encapsulated packets from
the public network, unencapsulate them, and send them to their final destination on the private network.
The VPN Concentrator supports the three most popular VPN tunneling protocols:
PPTP: Point-to-Point Tunneling Protocol.
L2TP: Layer 2 Tunneling Protocol.
IPSec: IP Security Protocol.
It also supports L2TP over IPSec, which provides interoperability with the Windows 2000 VPN client
and other remote-access clients that use that protocol.
This section explains how to configure the system-wide parameters for PPTP and L2TP, how to
configure IPSec LAN-to-LAN connections, and how to configure IKE proposals for IPSec Security
Associations and LAN-to-LAN connections.
To configure L2TP over IPSec, see
Configuration | System | Tunneling Protocols | IPSec | IKE Proposals, and
Configuration | User Management.