From this it is possible to deduce that the two LANs must belong to separate subnets.ĭifferent standard protocols exist for constructing VPNs. Instead, in the second type of VPN, a single Layer 3 protocol can transit (generally IP) and the traffic is routed via static routes. Naturally the level 2 broadcast also propagates between the 2 LANs. In the first case the two LANs are generally bridged and thus any level 3 protocol (IP, IPX, Apple Talk) can pass through them. VPN tunnels can be classified based on whether they contain encapsulated Layer 2 (Data Link) packets or Layer 3 (Network) packets. In others words a VPN can be thought of as a virtual cable linking two LANs: it does not matter how many routers are necessary to cross over the Internet, the two LANs will appear separated by a single network segment. Thus the generalization of the VPN model seen in the previous paragraph is used.Ī lan-to-lan (or site-to-site) VPN is an encrypted tunnel which connects two LANs (geographically separated) via the Internet. On the other hand, since the public network is open and insecure, it does not guarantee confidentiality for the data travelling on it.
The presence of branch offices within an organization, combined with the high cost of dedicated communication lines has lead to the necessity of using Internet as a medium for data exchange. This type of VPN was selected because for the L2TP/IPSec there are clients for every platform and most Microsoft systems already include an integrated support. Authentication is via RADIUS in MS-CHAP2 with the same username and password used to authenticate for the Kerberos 5 services. To implement this type of VPN Zeroshell uses the L2TP/IPSec protocol. By doing this the remote client appears inside the firewall and can thus dialog with the LAN hosts without the risk of being filtered. A point to point connection is started within this tunnel with the two ends assigned IP addresses belonging to the organization. This type of connection includes an encrypted tunnel which, via Internet, connects the external client to a VPN server inside the LAN. The increasing mobility of users of an organization together with the need of these users to access their LAN as if they were physically connected even when far from their offices, has lead to the development of host to LAN VPNs.
0 kommentar(er)
