Chapter 8, Configuring ipsec mobility and persistent mode, Chapter 8 configuring – Panasonic 7 User Manual

147

Chapter 8
Configuring

IPSec mobility and persistent mode

A large number of companies choose to secure access to their corporate networks

via VPN using the IPSec protocol. IPSec allows corporate employees, located
outside the corporate network to establish a secure tunnel to a private corporate
network through the Internet. With the growing popularity of wireless access, it is

important to have the ability to move freely among multiple networks without
losing a secure connection.

Currently, IPSec does not support this movement without tearing down and
reestablishing the VPN connection. Breaking and reestablishing a secure

connection could cause disruptions to applications running across the tunnel. For
example in Figure 29 on page 148, if a client has a wireless connection to the
Internet and has established a secure tunnel to the corporate private network via

access point 1 (AP1) and the client's connection to AP1 goes down for some

reason, the client roams to the access point 2 (AP2) and obtains a new IP address.

The VPN Router on the corporate network brings the secure IPSec connection

down because of a lack of response from client's original IP address and absence
of security associations (SA) for the new IP address. Thus, the client has to

reestablish a tunnel again via AP2. If the client had an open FTP session to the

server on the private side of the corporate network, this session would have been

closed.

Nortel VPN Router Configuration — Basic Features