Chapter 14 virtual private network configuration – Cyclades PR1000 User Manual

Cyclades-PR1000

Chapter 14 - Virtual Private Network Configuration

104

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION

The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security
between two or more networks connected through a public communications network. The basic concepts are
presented in Figure 14.1. An IP datagram is sent by a device on the LAN. The message arrives at the router. The
router has two tables. One with all the IP addresses contained in the Local Security Network and another with all
the IP addresses in the Remote Security Networks. If the source IP address is contained in the Local Security
Network list and the destination IP address is contained in the Remote Security Network list, the message is
encrypted and encapsulated. The only destination address is that for the remote gateway (defined in the Remote
Security Network list). Upon arrival at the remote gateway, the packet is unwrapped and sent to its destination.

......

......

......

......

......

....

PC

PC

Message

Message

Message

PR3000

PR4000

Header

Header with destination:

remote security gateway

IP Address

IP Datagram

sent by user

Conversion
performed by Router
with Cyclades’ VPN

As sent by

local Gateway

As received by
remote Gateway

Source IP Address

Destination IP Address

IP Options and Data

Encrypted IP Datagram

Header with destination:

remote security gateway

IP Address

Encrypted IP Datagram

Message

Header

Source IP Address

Destination IP Address

IP Options and Data

Local

Gateway

Remote

Gateway

Public

Network

FIGURE 14.1 CONVERSION PERFORMED BY CYCLADES’ VIRTUAL PRIVATE NETWORK UTILITY