Switch User Manual
7-1
VPN 3000 Concentrator Series User Guide
CHAPTER
7
Tunneling Protocols
Tunneling protocols are the heart of virtual private networking. The tunnels make it possible to use a 
public TCP/IP network, such as the Internet, to create secure connections between remote users and a 
private corporate network.
The secure connection is called a tunnel, and the VPN 3000 Concentrator Series uses tunneling protocols 
to:
• Negotiate tunnel parameters.
• Establish tunnels.
• Authenticate users and data.
• Manage security keys.
• Encrypt and decrypt data.
• Manage data transfer across the tunnel.
• Manage data transfer inbound and outbound as a tunnel endpoint or router.
The VPN Concentrator functions as a bidirectional tunnel endpoint: it can receive plain packets from the 
private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where 
they are unencapsulated and sent to their final destination; or it can receive encapsulated packets from 
the public network, unencapsulate them, and send them to their final destination on the private network.
The VPN Concentrator supports the three most popular VPN tunneling protocols:
• PPTP: Point-to-Point Tunneling Protocol.
• L2TP: Layer 2 Tunneling Protocol.
• IPSec: IP Security Protocol.
It also supports L2TP over IPSec, which provides interoperability with the Windows 2000 VPN client 
and other remote-access clients that use that protocol.
This section explains how to configure the system-wide parameters for PPTP and L2TP, how to 
configure IPSec LAN-to-LAN connections, and how to configure IKE proposals for IPSec Security 
Associations and LAN-to-LAN connections.
To configure L2TP over IPSec, see 
Configuration | System | Tunneling Protocols | IPSec | IKE Proposals, and 
Configuration | User Management.










