1 secure access from a remote pc, such as a telecommuter connecting to an office network
2 secure access between two networks, such as a branch office and a main office
these applications are described below.
accessing network resources from a vpn client pc
vpn client remote access allows a remote pc to connect to your network from any location on the internet. in this case, the remote pc is one tunnel endpoint, running vpn client software. the netgear vpn-enabled router on your network is the other tunnel endpoint, as shown below.
in some cases, the client pc may connect to the internet through a local non-vpn-enabled router, as shown below:
if the non-vpn router is performing nat, it must support “vpn-passthrough” of ipsec-encoded data.
linking two networks together
a vpn between two netgear vpn-enabled routers is a good way to connect branch offices and business partners over the internet, offering an affordable, high-performance alternative to leased site-to-site lines. the vpn also provides access to remote network resources when nat is enabled and remote computers have been assigned private ip addresses.
additional reading
1 building and managing virtual private networks, dave kosiur, wiley & sons; isbn: 0471295264
2 firewalls and internet security: repelling the wily hacker, william r. cheswick and steven m. bellovin, addison-wesley; isbn: 0201633574
3 vpns a beginners guide, john mains, mcgraw hill; isbn: 0072191813
4 ff98] floyd, s., and fall, k., promoting the use of end-to-end congestion control in the internet. ieee/acm transactions on networking, august 1999.
relevant rfcs listed numerically:
1 [rfc 791] internet protocol darpa internet program protocol specification, information sciences institute, usc, september 1981.
2 [rfc 1058] routing information protocol, c hedrick, rutgers university, june 1988.
3 [rfc 1483] multiprotocol encapsulation over atm adaptation layer 5, juha heinanen, telecom finland, july 1993.
4 [rfc 2401] s. kent, r. atkinson, security architecture for the internet protocol, rfc 2401, november 1998.
5 [rfc 2407] d. piper, the internet ip security domain of interpretation for isakmp, november 1998.
6 [rfc 2474] k. nichols, s. blake, f. baker, d. black, definition of the differentiated services field (ds field) in the ipv4 and ipv6 headers, december 1998.
7 [rfc 2475] s. blake, d. black, m. carlson, e. davies, z. wang, and w. weiss, an architecture for differentiated services, december 1998.
8 [rfc 2481] k. ramakrishnan, s. floyd, a proposal to add explicit congestion notification (ecn) to ip, january 1999.
9 [rfc 2408] d. maughan, m. schertler, m. schneider, j. turner, internet security association and key management protocol (isakmp).
10 [rfc 2409] d. harkins, d.carrel, internet key exchange (ike) protocol.
11 [rfc 2401] s. kent, r. atkinson, security architecture for the internet protocol.