Vodatel Crossland
Virtual Private Network (VC-VPN)

DO you worry about sending confidential or sensitive information over the Internet? Vodatel Crossland is giving you a contemporary solution to solve your problem.

Vodatel Crossland Virtual Private Network Gateway (VC-VPN Gateway) is a robust and reliable solution that provides the highest levels of security for both gateway-to-gateway and client-to-gateway VPN connections. The VC-VPN Gateway uses the IP Security (IPSec) protocol suite to provide virtual private networking over the Internet.

VC-VPN has three major elements. The first two, Authentication Header (AH) and Encapsulation Security Payload (ESP), describe what functions IPSec will perform. AH verifies the authenticity of each packets contents, but it does not hide the contents of each packet. That's where ESP comes in - it encrypts the entire original packet, including headers, and places it in a new, larger packet (hence the term encapsulation).

For both AH and ESP modes, communicating partners need a safe way to exchange the security parameters they will use. The third major element in VC-VPN, Internet Key Exchange (IKE), is a set of procedures that IPSec compliant devices use to transfer these security keys. VC-VPN uses the most robust IPSec configuration, both AH and ESP together, along with IKE to handle key exchange.

In addition to the three basic pieces, IPSec compliant devices has many other possible bolt-on components. One major component is certificate authority (CA), which is a repository of authentication data. IPSec compliant devices can work with other kinds of directories too, including the Radius and TACACS user databases employed by remote access servers and the proprietary databases used by vendors of token authentication cards.

VC-VPN can be operated in one of two modes: gateway-to-gateway or client-to-gateway. If a company has multiple offices, there is a need to share data securely.

Without VC-VPN, each office required a costly leased line to ensure privacy. With VC-VPN, each site deploys a VC-VPN Gateway and then sends data over the public Internet. All traffic between VC-VPN Gateway rides in a virtual "tunnel". The tunnel both verifies the authenticity of sender and receiver and encrypts all traffic. There is no need to pay extra for a leased line set-up since most corporate offices have Internet access anyway.

In gateway-to-gateway configurations, the so-called tunnel endpoints are the external interfaces of the VPN gateways. All traffic between these endpoints is authenticated and encrypted. But traffic on the LAN side of each gateway travels in the clear, since the local networks are presumably trusted segments.

In client-to-gateway configurations, often used by road warriors and telecommuters who need secure access to office resources, moves one of the tunnel endpoints right onto the client's machine. It is important to note that AH, ESP and IKE mechanisms are the same on the client side and on the gateway side. The only difference is that one side of the transaction occurs on an end-user machine.

Four Service Modes of VC-VPN

Copyright 2001 Crossland Technology (Australia) Pty Ltd