Previous Page Next Page

Chapter 15. IPsec VPN

With the growing volume of information proliferating on the Internet and data traversing insecure channel mediums, information security and data privacy are becoming imperative. Secure communication is becoming increasingly important when sensitive data traverses insecure shared channels.

IPsec VPN (Internet Protocol Security, Virtual Private Network) is a standard defined by the IETF (Internet Engineering Task Force) that provides data confidentiality, authentication, and integrity for IP traffic at the network layer of the OSI (Open System Interconnection) model. The IPsec framework is one of the essential frameworks that is used for secure communication.

This chapter provides a basic overview of various types of VPN technologies and deployments. The major component of the chapter focuses on the IPsec Secure VPN framework and its implementation.

Virtual Private Network (VPN)

As discussed in Chapter 14, "Cryptography," VPN carries private traffic over a public or shared infrastructure (such as the Internet).

VPN employs the cryptographic and noncryptographic approaches necessary to create a secure communication over insecure channels.

Types of VPN Technologies

In recent years, the term VPN has taken on many meanings. Three types of distinctly different VPN technologies available today are the following:

Secure VPN (Cryptographic VPN)

With the rapid growth of global communication, the Internet and commonly shared mediums are now being used as the most common mode of communication. With this development, security has become a major concern for traffic traversing the shared medium. Cryptographic techniques evolved with dedicated protocols and standards to protect the privacy of traffic. These protocols and standards are rapidly growing in popularity and are increasingly being used by customers and service providers. Traffic is secured using encryption technology in a secure tunnel between the communicating peers. These are called secure VPNs.

Secure VPNs are commonly used to replace or augment existing point-to-point networks that utilize dedicated leased circuits or WAN networks over Frame Relay and ATM circuits.

Secure VPN technologies include

This chapter primarily focuses on IPsec Secure VPN.

Trusted VPN (Non-Cryptographic VPN)

The major characteristic of Trusted VPN is that it enables the service provider to offer a dedicated leased circuit or channel to a customer. Hence, pseudo point-to-point communication occurs in this scenario, thereby allowing networks to peer directly by using a dedicated leased circuit. This technique provides a sense of security and data privacy. When traffic traverses these dedicated point-to-point circuits, you have what is called a Trusted VPN.

Security and integrity of Trusted VPN traffic relies on the fact that the circuit is not shared, thereby providing the assurance that the circuit is dedicated to a single site for point-to-point communication. Service providers today offer several types of Trusted VPN services.

Trusted VPN technologies, which can generally be categorized into Layer 2 and Layer 3 VPNs, include the following:

Note

Trusted VPNs (Layer 2 and Layer 3 VPNs) will be discussed in Chapter 19, "Multiprotocol Label Switching VPN (MPLS VPN)."


Hybrid VPN

Hybrid VPN is the combination of both the Trusted and the Secure VPNs. This is an emerging concept that is slowly gaining momentum. The concept is to run a secure VPN tunnel as part of a trusted VPNā€”that is, a tunnel within a tunnel.

Note

It is important to understand that Secure VPN and Trusted VPN technologies do not technically overlay each other and can coexist in the same environment in a single service.


Types of VPN Deployment

VPN designs can be constructed in a variety of scenarios. The most common deployment scenarios are the following:

Previous Page Next Page