3 - security, 1 – ipsec protocol suite – Perle Systems IOLINK-520 User Manual

Page 59

Advertising
background image

Applications

IOLINK-520 & IOLINK-PRO Installation & Applications Guide — 2.39

2.4.3 - Security

The IOLINK router provides a number of means of providing security on incoming and

outgoing traffic on a network. These methods include the IPsec protocol suite, access

password authentication, firewall limiting access to only designated device addresses, private

network address translation (NAT) and filtering for both incoming and outgoing traffic.

2.4.3.1 – IPSec Protocol Suite

The PPP IOLINK-520 & IOLINK-PRO support a number of features from the Internet

Protocol Security (IPSec) extensions that provide data encryption, authentication and

privacy. IPSec can be used to establish a secure Virtual Private Network (VPN) over a

public network. The connection through the unsecured public network between two routers

on a VPN is often referred to as a “tunnel”.

A VPN is set-up as a Security Association (SA) between the two routers (also known as

security gateways in this case) on either end of the desired secure connection. The SA

defines the security parameters that will be used between the two routers. Many of the

settings define “source” and “destination” parameters. These settings will be mirror images

on the partner routers; i.e. the “source” value for a parameter will become the “destination”

setting when configuring the partner router.

Each router on the VPN has a policy list which defines the SAs, the IPSec authentication

and encryption parameters, and the rules used to determine which packets are passed

through the interface. The IPSec policy is applied at the outbound interface of the router

and packets enter the tunnel at the outbound interface.

Figure 2 -12 Sample IPSec Application

The figure above illustrates an example if a VPN made up of two private address LANs joined

through the Internet by IPsec tunnels from router 1 to router 2 and router 2 to router 1. The routers

are set-up with numbered links, so that each routers Internet connection has a publicly known address

that is separate from the private LAN IP address for that router. Note that this example does not

LAN #1

LAN #2

Internet

Router 2

Internet IP
201.55.44.2

Router 1

Internet IP
199.22.33.1

192.168.10.1
through

192.168.10..255

10.10.10.1
through

10.10.10.127

Advertising
Popular Brands
Popular manuals