Network Design for VaryNet Inc. In a nutshell, each site will have a router acting as an endpoint to an L2TP/IPSec tunnel

Authors Avatar

Network Design for VaryNet Inc.

In a nutshell, each site will have a router acting as an endpoint to an L2TP/IPSec tunnel. This will ensure that inter-site traffic is protected. Additionally, each router will provide NAT services for their respective site. This is a very basic depiction:


Some prerequisites must be in place to successfully implement an L2TP/IPSec/NAT infrastructure:

•You must have a version of IPSec that contains the L2TP—IPSec Support for NAT and PAT Windows Clients feature.

•You must understand Windows XP/2003 concepts and configuration requirements.

•You must understand Cisco IOS LNS routers concepts and configuration requirements.

•You must understand NAT and PAT concepts and configuration requirements.

•You must understand IPSec concepts and configuration requirements.

•You must understand L2TP concepts and configuration requirements

L2TP

The Layer 2 Tunnel Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for VPNs. VPNs allow users and telecommuters to connect to their corporate intranets or extranets. VPNs are cost-effective because users can connect to the Internet locally and tunnel back to connect to corporate resources. This not only reduces overhead costs associated with traditional remote access methods, but also improves flexibility and scalability.

Traditional dial-up networking services only support registered IP addresses, which limits the types of applications that are implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used. It also allows enterprise customers to outsource dial out support, thus reducing overhead for hardware maintenance costs and 800 number fees, and allows them to concentrate corporate gateway resources.

IPSec

IPSec VPN is an Enterprise Network deployed on a shared infrastructure using IPSec encryption technology. IPSec VPNs are used as an alternative to Wide Area Network (WAN) infrastructure that replace or augment existing private networks that utilize leased-line or Enterprise-owned Frame Relay and Asynchronous Transfer Mode (ATM) Networks. IPSec VPNs do not inherently change WAN requirements, such as support for multiple protocols, high reliability, and extensive scalability, but instead meet these requirements more cost-effectively and with greater flexibility.

Join now!

An IPSec VPN utilizes the most pervasive transport technologies available today: the public Internet, SP Internet Protocol (IP) backbones, and also SP Frame Relay and ATM networks. The equipment deployed at the edge of the Enterprise network and feature integration across the WAN primarily defines the functionality of an IPSec VPN, rather than definitions by the WAN transport protocol.

IPSec VPNs are deployed in order to ensure secure connectivity between the VPN sites. The VPN sites can be either a subnet or a host residing behind routers. Following are key components of this IPSec VPN designs:

Cisco high-end VPN routers ...

This is a preview of the whole essay