GPRS / 3G Services: VPN solutions supported
|
|
- Polly Dixon
- 8 years ago
- Views:
Transcription
1 GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper
2 Contents Page No Chapter No. 1. Executive summary 2. O2 Bearer Service 2.1. Introduction 2.2. Datalink 2.3. Resilient Datalink 2.4. VPN support 3. O2 Mobile Web service 3.1. Introduction 3.2. VPN support IPSec based VPN solutions PPTP and SSL based VPN solutions 3.3. IP addresses allocated to Mobile Web users 4. O2 Mobile Web VPN service 4.1. Introduction 4.2. VPN support Introduction IPSec, PPTP and SSL Based VPN Solutions 4.3. IP addresses allocated to Mobile Web VPN users 5. Service comparison 6. Glossary of terms
3 1. Executive summary Virtual Private Network (VPN) technology has emerged as one of the most effective and popular ways of allowing remote users to securely access corporate and Intranet resources. Many organisations already access their corporate network via fixed line technologies (e.g. PSTN, ISDN or a broadband connection) and are looking to capitalise on their existing investment in a VPN infrastructure. A VPN solution used in conjunction with O2 s GPRS/3G services allows people to connect to the LAN environment in a secure and simple manner whilst away from the office or home environment. Currently, O2 s GPRS/3G portfolio consists of three service offerings: O2 Bearer Service: O2 provides private circuit(s) to connect the customer network to O2 s network. The customer can select between 2 bearer service products: DataLink consists of a single leased line and a router installed on the Customer Premises Resilient DataLink resilience is provided via the use of two leased lines and two routers. O2 Mobile Web service: full Internet access is provided and VPN solutions can be used in conjunction with this service. O2 Mobile Web VPN service: this service was specifically introduced to allow customers to access their LAN environment via VPN technology. This paper provides a brief description of the O2 GPRS/3G services and considers how VPN solutions can be used in conjunction with each of these services. 3
4 2. O2 Bearer Service 2.1. Introduction O2 s Bearer Service offers business customers a high quality private mobile data connection to their own private domain. O2 s Bearer Service can be used to support both GPRS and 3G data traffic (e.g. the same infrastructure supports both 3G and GPRS users). Dynamic or static mobile device IP allocation. Private or Public IP Addresses for the mobile devices. This service is designed for customers that require a private connection to their company LAN, which will offer them the highest quality of service and most consistent data communications performance. The key aspects of O2 s Bearer Service are as follows: Each connection is defined by a unique, private Access Point Name (APN). Connectivity is provided via a physical leased line that connects the O2 network with the customer s LAN. Customers can define which Subscriber Identification Module (SIM) cards are able to access their APN. The service can be configured to precisely match a customer s requirements in terms of security for instance. The service does not provide any direct access to the Internet. All private Bearer Services connect to resilient GPRS Gateway Support Nodes (GGSN s) in the O2 network. The installation of this service offers customers the opportunity to design the mobile data connectivity service of their choice. Almost every aspect of the service can be configured to the customer s requirements as this is a private service that connects customers to the O2 GPRS and 3G networks directly, using physical leased line infrastructure. O2 s Bearer Service is delivered and managed end-toend by O2 to ensure the smoothest service delivery and shortest problem resolution timescales. O2 proactively monitor the status of the service and produce detailed usage reports to ensure suitable service levels are maintained at all times. The leased line infrastructure offers the highest level of availability via two basic types of physical connection: DataLink (refer to section 2.2) and Resilient DataLink (refer to section 2.3). Customers wishing to order O2 Bearer Services should discuss their options with their O2 Account Manager in the first instance. A detailed, Application For Service, form is used to capture customer requirements and service can be provided in 43 working days after this form has been processed. Customer configuration choices include: APN name (normally the same as their Internet registered Domain Name). Private (restricted) or Public (open) APN access. O2 or customer hosted RADIUS authentication. 4
5 2.2. DataLink Connectivity for Bearer Service customers is via a single or multiple leased lines (128 kbit/s, 256 kbit/s, 512 kbit/s, 2 Mbit/s, 4 Mbit/s etc.), terminating on a single router that is installed, at the customer s premises. Once installed, the router presents an Ethernet connection to the customers LAN. Figure 1 details, at a top level, a typical GPRS/3G Bearer Service connection. Each DataLink can support multiple APNs, each with it s own Bearer Service definition. This is useful where customers wish to provide separacy of service to different internal departments, external customers or application user bases. Radius Server DHCP Server GRE Tunnel O2 Data Network Leased Line Firewall Corporate Network Remote User Figure 1: Top Level Overview of a typical GPRS/3G Bearer Service connection. 5
6 2.3. Resilient DataLink 2.4. VPN support For those customers requiring the very highest levels of availability, O2 offers a Resilient DataLink leased line option to Bearer Service customers. Two links and routers are provided as part of this solution. The two links and routers can be terminated at the same site. However, it is strongly recommended that they are deployed in different computer rooms which are served by different exchanges and duct routes. O2 does not impose any restrictions on the type of data or ports that can be used for data transfer between the mobile devices and the corporate network. Consequently, it is straightforward to use any type of VPN solution with O2 s bearer service. LAN connectivity is required between the two O2 routers and Hot Standby Routing Protocol (HSRP) provides resilience against router failure by allowing two or more routers to share the same virtual IP address (and MAC address) on the same Ethernet LAN segment. 6
7 3. O2 Mobile Web service 3.1. Introduction O2 s Mobile Web service allows customers to get onto the Internet via GPRS and/or 3G (refer to Figure 2). In this instance customers do not have their own APN. The key aspects of the service are detailed below: Users can surf the Internet, access FTP servers, access and generally utilise Internet resources. This is a public service and can be used by any O2 pay monthly customer. The APN associated with the service is mobile.o2.co.uk If customers have an Internet facing VPN gateway then they might already support remote access via the Internet. If this is the case they should be able to use the Mobile Web service to allow people to access their network via GPRS. By default Mobile Web users enjoy an optimised experience when accessing Internet content at no extra cost. This network hosted optimisation can speed up the delivery of Web pages by optimising graphic images and compressing text content. It can however degrade the image quality in Web pages and interfere with some other Internet applications. If this is experienced, the optimisation platform can be bypassed by changing the user name in the Mobile Web settings of the handset/device, as follows: Default settings includes optimisation: User name: o2web Password: password No optimisation required: User name: bypass Password: password The Mobile Web APN is associated with all new O2 pay monthly SIM cards. If customers do not wish this APN to be available to users they should specify this requirement prior to SIMs being provisioned. The O2 Mobile Web service uses private IP addressing and Port Address Translation (PAT) when users access Internet resources. PAT was defined by the Internet Engineering Task Force (IETF) as a way to convert private IP addresses to public routable Internet addresses and enables organisations to minimise the number of Internet IP addresses they require e.g. by using PAT, companies can connect thousands of systems/users to the Internet via a few IP addresses. The use of PAT has major implications as although PAT provides many benefits, some applications, including IPSec VPNs, can experience issues when PAT is being used. The issues surround trying to ensure packet integrity when a packet passes through a PAT device, in this instance the O2 firewall that is used in the Mobile Web environment, the original IP address is modified. This is not allowed when using IPSec VPN solutions, because any modification of the packet will result in a failed integrity check and will prevent the VPN tunnel from being created. As a consequence IPSec and PAT can function together only when PAT occurs before the packet is encrypted. Whilst this will normally work fine in gateway-to-gateway communications, remote access solutions are problematic because the IPSec VPN client on a remote laptop will encrypt the packet before it travels to the PAT device, subsequently breaking the IPSec VPN connection. To enable IPSec VPNs to work with Network Address Translation (NAT) or PAT devices, a solution called NAT Traversal was developed it should be noted that this is sometimes also known as UDP encapsulation. The main technology behind this solution is UDP (User Data Protocol) encapsulation, wherein the IPSec packet is encapsulated inside a UDP/IP header, allowing NAT or PAT devices to change IP or port addresses without modifying the IPSec packet. In order for NAT Traversal to work properly the VPN solution (e.g. client and server) must be configured for NAT traversal working. 7
8 O2 Data Network O2 Mobile Web Service Firewall Remote User Radius Server (allocates Private IP Addresses) Internet Figure 2: Top Level Overview of O2 s Mobile Web Service. 8
9 3.2. VPN support IPSec based VPN solutions Unless customers wish to support split tunnelling they are recommended to use O2 s Mobile Web VPN service in conjunction with their IPSec based VPN solution (refer to section 4 for more information on O2 s Mobile Web VPN solution) PPTP and SSL based VPN solutions Customers can use Point-to-Point Tunnelling Protocol (PPTP) and SSL based VPN solutions in conjunction with O2 s Mobile Web Service. Split tunnelling is the process of allowing a remote VPN user to access the Internet at the same time that the user is allowed to access resources on the corporate LAN via the VPN solution. This method of network access enables the user to access remote resources, such as , at the same time as accessing the public network. An advantage of using split tunnelling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server. A disadvantage of this method is that the corporate LAN IP policy is not imposed on the user as they access the Internet directly. If IPSec VPN solutions are to be used in conjunction with O2 s Mobile Web service NAT Traversal, sometimes known as UDP encapsulation, must be utilised. NAT Traversal allows IPSec based VPN solutions to be used in situations where NAT and PAT are being utilised. However, it is not without its issues for example, private address space can overlap and create routing issues, and NAT Traversal is not supported with AH (Authenticated Header) IPSec connections. If customers are not sure whether their IPSec based VPN solution supports NAT Traversal they should consult with their VPN vendor or Systems Integrator. 9
10 3.3. IP addresses allocated to Mobile Web users Users are allocated a dynamic, private unregistered IP address when a data session is initiated. However, it should be noted that users of O2 s Mobile Web service will be allocated a public IP address, via an O2 Internet facing firewall, when they access Internet resources. The public IP addresses will be allocated from the following ranges: to to to
11 4. O2 Mobile Web VPN service 4.1. Introduction O2 s Mobile Web VPN service was specifically developed to allow customers to use their VPN solutions with GPRS and 3G assuming the customers VPN solution can be utilised via people connected to the Internet (refer to Figure 3). The key aspects of the service are as follows: Customers do not have their own APN. This is a public service and can be used by any O2 pay monthly customer. The APN associated with the service is vpn.o2.co.uk and a user name of user and password of password should be used. Users are allocated a public IP address and are on the Internet. Users cannot directly surf the Internet, access FTP servers, access or utilise Internet resources: At the request of customers the service was set-up so only VPN protocols can be used when users first establish their GPRS or 3G connection e.g. the firewall associated with the service will block all other traffic. Once the VPN session is in place, users will be able to browse the Intranet/Internet and access other corporate resources assuming the corporate security policy allows such transactions to take place. Split tunnelling will not work as users are not able to access Internet resources directly. It is possible to confirm connectivity exists between the VPN client and server via the ping command. O2 Data Network O2 Mobile Web VPN Service Firewall Remote User Radius Server (allocates Public IP addresses) VPN Server Internet VPN Tunnel Corporate Network Figure 3: A VPN Tunnel Established between a Remote User and the Corporate LAN. 11
12 The O2 Mobile Web VPN service does not include any optimisation capability, delivers public registered IP addresses to mobile devices and allows access only to VPN applications. The service offers businesses the ability to provide secure LAN access to their users via the Internet and control their usage through the application of their internal IT policy. Access to Mobile Web VPN can be requested via O2 Customer Services and is usually provisioned within 24 hours. 12
13 4.2. VPN support Introduction Unless customers wish to support split tunnelling (refer to section for a description of what is meant by the term split tunnelling) they are recommended to use O2 s Mobile Web VPN service in conjunction with their VPN solution IPSec, PPTP and SSL Based VPN Solutions As detailed in the following text IPSec, PPTP and SSL based VPN solutions will work in conjunction with O2 s Mobile Web VPN service. The protocols supported by the Mobile Web VPN service are as follows: Ping (allows people to confirm that connectivity exists between their device, a laptop for instance, and the VPN server). Protocol 50 (ESP). Protocol 51 (AH). Protocol 47 (GRE) (required to support PPTP) Layer 2 Tunnel Protocol (L2TP). The Mobile Web VPN service allows the ports detailed below to be used: UDP port 500 (IKE). TCP port 1723 (required to support PPTP). UDP port 4500 (required for NAT-T). UDP port 1701 (required to support: L2TP/IPSec). TCP port 259 (required to support: FW1_MEP Checkpoint NG FP3 MEP determines closest entry point only used if using NG FP3 Clients and more than one entry point into the network) TCP port 264 (required to support: FW1_topo Check Point VPN-1 SecuRemote Topology Requests.). UDP port 2746 (required to support: VPN1_IPSEC_ encapsulation Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol). UDP port 50000: required for Barron McCann X-Kryptor VPN solution. TCP port 50000: required for Barron McCann X-Kryptor VPN solution. UDP port 10000: many VPN solutions use this port when NAT traversal is being used. TCP port 10000: this is the default port used by Cisco VPN solutions when the IPSec over TCP option is selected. UDP 2233: used by the Shiva VPN solution. UDP 10025: used by the Shiva VPN solution. UDP 10026: used by the Shiva VPN solution. UDP 10027: used by the Shiva VPN solution. TCP 10027: used by the Shiva VPN solution. TCP 10028: used by the Shiva VPN solution. TCP port 389: used by AT&T s VPN service. TCP port 709: used by AT&T s VPN service. TCP port 5080: used by AT&T s VPN service. TCP port 443 (SSL). UDP port 443 (some VPN solutions require that a UDP port be used this port has been opened up for this purpose). UDP port 12000: used by Good Technology Mobile Messaging solution. TCP port 15000: used by Good Technology Mobile Messaging solution. O2 s Mobile Web VPN Solution can be used in conjunction with AT&T s Global VPN Solution. 13
14 4.3. IP addresses allocated to Mobile Web VPN users Users will be allocated a public IP address from the range to
15 5. Service comparison Table 1 summarises the differences between the O2 GPRS/3G services. Service Comparison Matrix Metric Bearer Service Mobile Web Mobile Web VPN APN Customers Choice mobile.o2.co.uk vpn.o2.co.uk Access Type Public or Private Public Public Number of devices supported Direct Internet Connectivity Unlimited Unlimited Unlimited Internet Connectivity via corporate LAN subject to IT policy Mobile IP Addresses Customers Choice Private (PAT) 1 Public IP Address Allocation Customers Choice Dynamic Dynamic Supported Protocols All Most Internet VPN Only Bearer Optimisation Customers Choice Optional No Content Optimisation Customers Choice Optional No TCP Inactivity Timeout UDP Inactivity Timeout Customers Choice Customers Choice Yes 60 minutes (normal operation) 10 minutes (load conditions) 10 minutes (normal operation) 15 seconds (load conditions) Internet Connectivity via corporate LAN subject to IT policy 60 minute 15 minute Access Lead Time 43 working days Immediate <24 hours Service Reach End to End Gateway only Gateway only Service Performance 2 Table 1: Service Comparison Matrix. O2 pro-actively monitors the status of the Bearer Service Best endeavours Best endeavours 1. Users are allocated a dynamic, private unregistered IP address. However, it should be noted that users of O2 s Mobile Web service will be allocated a public IP address, via an Internet facing firewall, when they access Internet resources. The public IP addresses will be allocated from the following ranges: to to to Although O2 endeavour to provide the highest level of service on all its GPRS/3G Services if problems are experienced with the public services (i.e. Mobile Web or Mobile Web VPN services) it is far more difficult to ascertain what is happening and where the problem lies for instance a number of ISPs may lie between O2 and the customer. Hence, the term, best endeavours is used in the table. 15
16 6. Glossary of terms APN DHCP FTP GPRS GSM IETF IP ISDN LAN L2TP NAT PAT PPTP PSTN SIM SSL TCP UDP URL VPN WAN Access Point Name Dynamic Host Configuration Protocol File Transfer Protocol General Packet Radio Service Global System for Mobile Communications Internet Engineering Task Force Internet Protocol Integrated Service Digital Network Local Area Network Layer 2 Tunnel Protocol Network Address Translation Port Address Translation Point-to-Point Tunnelling Protocol Public Switched Telephone Network Subscriber Identity Module Secure Sockets Layer Transmission Control Protocol User Datagram Protocol Uniform Resource Locator Virtual Private Network Wide Area Network All Rights Reserved. No part of this document may be copied, photocopied, reproduced, translated or reduced to any electronic or machine readable form without the prior permission of Telefonica UK Limited. 16
GPRS and 3G Services: Connectivity Options
GPRS and 3G Services: Connectivity Options An O2 White Paper Contents Page No. 3-4 5-7 5 6 7 7 8-10 8 10 11-12 11 12 13 14 15 15 15 16 17 Chapter No. 1. Executive Summary 2. Bearer Service 2.1. Overview
More informationø Mobile E-mail Solutions
ø Mobile E-mail Solutions An O2 White Paper Contents 1. Executive Summary.................................................4 2. Introduction........................................................5 3.
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationWAN Failover Scenarios Using Digi Wireless WAN Routers
WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationewon-vpn - User Guide Virtual Private Network by ewons
VPN : what is it? A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationNetwork Services Internet VPN
Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationGalileo International. Firewall & Proxy Specifications
Galileo International Technical Support Documentation Firewall & Proxy Specifications For Focalpoint, Viewpoint & Focalpoint Print Manager (GALILEO and APOLLO PRODUCTION SYSTEMS) Copyright Copyright 2001
More informationHowto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks
Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks How-to guides for configuring VPNs with GateDefender Integra Panda Security wants
More informationTechnical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?
FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationDigi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
More informationHOWTO: How to configure IPSEC gateway (office) to gateway
HOWTO: How to configure IPSEC gateway (office) to gateway How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of GateDefender Integra. For this
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationPowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationVirtual Private Network and Remote Access
Virtual Private Network and Remote Access Introduction A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A
More informationProtecting the Home Network (Firewall)
Protecting the Home Network (Firewall) Basic Tab Setup Tab DHCP Tab Advanced Tab Options Tab Port Forwarding Tab Port Triggers Tab DMZ Host Tab Firewall Tab Event Log Tab Status Tab Software Tab Connection
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationFirewalls and Virtual Private Networks
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
More informationAN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION
AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION DR. P. RAJAMOHAN SENIOR LECTURER, SCHOOL OF INFORMATION TECHNOLOGY, SEGi UNIVERSITY, TAMAN SAINS SELANGOR, KOTA DAMANSARA, PJU
More informationCreating a VPN Using Windows 2003 Server and XP Professional
Creating a VPN Using Windows 2003 Server and XP Professional Recommended Instructor Preparation for Learning Activity Instructor Notes: There are two main types of VPNs: User-to-Network This type of VPN
More informationNetwork Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
More informationA Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform
A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,
More information"Charting the Course...
Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content
More informationVPN Access over Mobile Web Support Overview
VPN Access over Mobile Web Support Overview Version 1.2 - November 2002 VPNAccessoverMobileWeb1.2b.doc Page 1 of 29 VPN Access over Mobile Web Contents 1 INTRODUCTION...4 2 VIRTUAL PRIVATE NETWORK (VPN)...5
More informationPre-lab and In-class Laboratory Exercise 10 (L10)
ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students
More informationRemote Connection Options For Monitoring, Troubleshooting and Maintenance of Control Devices for OEM Machine Builders
White Paper Remote Connection Options For Monitoring, Troubleshooting and Maintenance of Control Devices for OEM Machine Builders INSYS Microelectronics Coventry United Kingdom Introduction: Each year
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationRemote Connectivity for mysap.com Solutions over the Internet Technical Specification
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationDirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team
DirectAccess in Windows 7 and Windows Server 2008 R2 Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team 0 Introduction to DirectAccess Increasingly, people envision a world
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationUsing Remote Desktop Software with the LAN-Cell
Using Remote Desktop Software with the LAN-Cell Technote LCTN0010 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail:
More informationHow To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses
Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More information108Mbps Super-G TM Wireless LAN Router with XR USER MANUAL
108Mbps Super-G TM Wireless LAN Router with XR USER MANUAL Contents 1. Overview...1 1.1 Product Feature...1 1.2 System Requirements...1 1.3 Applications...1 2. Getting Start...2 2.1 Know the 108Mbps Wireless
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationHow To Learn Cisco Cisco Ios And Cisco Vlan
Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led
More informationConnecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003 Microsoft Corporation Published: March 2003 Abstract Business professionals today require access to information on their network from anywhere
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationConfiguring IPSec VPN Tunnel between NetScreen Remote Client and RN300
Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.
More informationCisco RV082 Dual WAN VPN Router Cisco Small Business Routers
Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers Secure Remote Access at the Heart of the Small Business Network Highlights Dual WAN connections for load balancing and connection redundancy
More informationUniversal Network Access Policy
Universal Network Access Policy Purpose Poynton Workmens Club makes extensive use of network ed Information Technology resources to support its research and administration functions and provides a variety
More informationImplementing Secured Converged Wide Area Networks (ISCW) Version 1.0
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
More informationNovatel U530 & U630 O2 Branded Datacards Installation instructions for: O2 version of Mobilink Software: Version 2.02.04.34
Novatel U530 & U630 O2 Branded Datacards Installation instructions for: O2 version of Mobilink Software: Version 2.02.04.34 This is the latest version of software has been specifically developed to optimise
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationMulti-Homing Security Gateway
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationPPTP Server Access Through The
PPTP Server Access Through The Firewall On The SureConnect 9003 DSLAM ATM Network ISP Internet PPTP Server Private IP: 192.168.1.3 Mask: 255.255.255.0 Default Gateway: 192.168.1.1 SureConnect 9003 Ethernet
More informationLevelOne WBR-3405TX. User`s Manual. 11g Wireless AP Router
LevelOne WBR-3405TX 11g Wireless AP Router User`s Manual Contents 1. Overview...4 1.1 Product Feature...4 1.2 System Requirements...4 1.3 Applications...4 2. Getting Start...5 2.1 Know the 11g Wireless
More informationMobile office opportunities
Mobile office opportunities www.northstream.se A way to tap the underserved business segment and to boost data usage Introduction Stimulating usage of non voice service and thereby increasing ARPU is operators
More informationConnecting Remote Offices by Setting Up VPN Tunnels
Connecting Remote Offices by Setting Up VPN Tunnels Cisco RV0xx Series Routers Overview As your business expands to additional sites, you need to ensure that all employees have access to the network resources
More informationNetwork Address Translation (NAT) Good Practice Guideline
Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell
More informationVPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide. http://www.peplink.com - 1 - Copyright 2015 Peplink
Peplink Balance http://www.peplink.com - 1 - Copyright 2015 Peplink Introduction Introduction Understanding Peplink VPN solutions Peplink's VPN is a complete, seamless system that tightly integrates your
More informationConfiguring Network Address Translation (NAT)
8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationLECTURE 4 NETWORK INFRASTRUCTURE
SYSTEM ADMINISTRATION MTAT.08.021 LECTURE 4 NETWORK INFRASTRUCTURE Prepared By: Amnir Hadachi and Artjom Lind University of Tartu, Institute of Computer Science amnir.hadachi@ut.ee / artjom.lind@ut.ee
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationVerizon Wireless White Paper. Verizon Wireless Broadband Network Connectivity and Data Transport Solutions
Verizon Wireless White Paper Verizon Wireless Broadband Network Connectivity and Data Transport Solutions Verizon Wireless White Paper Verizon Wireless Broadband Network Connectivity and Data Transport
More informationathenahealth Interface Connectivity SSH Implementation Guide
athenahealth Interface Connectivity SSH Implementation Guide 1. OVERVIEW... 2 2. INTERFACE LOGICAL SCHEMATIC... 3 3. INTERFACE PHYSICAL SCHEMATIC... 4 4. SECURE SHELL... 5 5. NETWORK CONFIGURATION... 6
More informationEvaluating Bandwidth Optimization Technologies: Bonded Internet
Evaluating Bandwidth Optimization Technologies: Bonded Internet Contents Channel Bonding and MLPPP Load Balancing and BGP Configuring Tunnels Traditional Bonding MetTel s Bonded Internet Service 3 4 5
More informationAppendix C Network Planning for Dual WAN Ports
Appendix C Network Planning for Dual WAN Ports This appendix describes the factors to consider when planning a network using a firewall that has dual WAN ports. This appendix contains the following sections:
More informationThis topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x
Configuring Remote-Access VPNs via ASDM Created by Bob Eckhoff This white paper discusses the Cisco Easy Virtual Private Network (VPN) components, modes of operation, and how it works. This document also
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationTable of Contents. Cisco Cisco VPN Client FAQ
Table of Contents Cisco VPN Client FAQ...1 Questions...1 Introduction...2 Q. Why does the VPN Client disconnect after 30 minutes? Can I extend this time period?...2 Q. I upgraded to Mac OS X 10.3 (known
More informationSwiftBroadband and IP data connections
SwiftBroadband and IP data connections Version 01 30.01.08 inmarsat.com/swiftbroadband Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure
More informationEXINDA NETWORKS. Deployment Topologies
EXINDA NETWORKS Deployment Topologies September 2005 :: Award Winning Application Traffic Management Solutions :: :: www.exinda.com :: Exinda Networks :: info@exinda.com :: 2005 Exinda Networks Pty Ltd.
More informationNote: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationChapter 4 Security and Firewall Protection
Chapter 4 Security and Firewall Protection This chapter describes how to use the Security features of the ProSafe Wireless ADSL Modem VPN Firewall Router to protect your network. These features can be
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationCisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers
Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationFirewall Defaults, Public Server Rule, and Secondary WAN IP Address
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationWholesale IP Bitstream on a Cable HFC infrastructure
Wholesale IP Bitstream on a Cable HFC infrastructure In order to understand the issues related to an ISP reselling Cable Based Internet access it is necessary to look at similarities and dissimilarities
More informationMillbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0
Millbeck Communications Secure Remote Access Service Internet VPN Access to N3 VPN Client Set Up Guide Version 6.0 COPYRIGHT NOTICE Copyright 2013 Millbeck Communications Ltd. All Rights Reserved. Introduction
More informationThe BANDIT Device in the Network
encor! enetworks TM Version A.1, March 2010 2013 Encore Networks, Inc. All rights reserved. The BANDIT Device in the Network The BANDIT II and the BANDIT III, ROHS-compliant routers in the family of BANDIT
More informationCisco Easy VPN on Cisco IOS Software-Based Routers
Cisco Easy VPN on Cisco IOS Software-Based Routers Cisco Easy VPN Solution Overview The Cisco Easy VPN solution (Figure 1) offers flexibility, scalability, and ease of use for site-to-site and remoteaccess
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationSecuring Networks with Cisco Routers and Switches 1.0 (SECURE)
Securing Networks with Cisco Routers and Switches 1.0 (SECURE) Course Overview: The Securing Networks with Cisco Routers and Switches (SECURE) 1.0 course is a five-day course that aims at providing network
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More informationVPN Wizard Default Settings and General Information
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
More informationSSVP SIP School VoIP Professional Certification
SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover
More information