VPN: Switch, Router, and Firewall Tunneling Lowers Costs and Increases Network Security

A virtual private network (VPN) is a widely adopted technology that lets IT staff turn the Internet (or other exposed transport network) into a private network. Using encryption and authentication technologies to protect access, and tunnels (virtual circuits) for transmission, VPNs enable secure site-to-site, intranet, and remote access connections over IP. They can also increase wireless security.

VPNs cost-effectively extend the enterprise’s private wired network across the public network by using a router or firewall with multiple simultaneous VPN tunnels instead of requiring frame relay permanent virtual circuits, dial-up toll charges, or multiple leased lines and IP addresses (and their associated ongoing expenses). VPN tunneling establishes a virtual circuit across the Internet by encapsulating the original packets within special IP packets. VPN tunnels are transient—they exist only for the duration of the information exchange, further reducing the packets’ exposure to unauthorized access or attack.

VPNs do have limitations: They consume a lot of processing and network resources, may cause latency and degradation of network performance, and can expose all the resources within the enterprise network to the VPN user. 3Com recommends that IT staff adopt a policy that reserves VPNs for on-demand access to business applications and for infrequent, short-duration connectivity. 3Com also has developed innovative VPN technologies that mitigate some of VPNs’ limitations:

• Traffic shaping: A range of 3Com switch and router products, as well as service ports on some 3Com firewalls, can prioritize outbound and inbound traffic to ensure sufficient bandwidth for real-time applications such as voice and multimedia traffic.
• Hardware- and software-based encryption: 3Com routers and firewalls that use hardware to encrypt data speed up VPN performance.
• VPN pass-through and termination: 3Com firewalls can permit outbound tunneled traffic to pass through NAT, while local VPN tunnels can still be terminated.
• Extensive support for industry-standard VPN tunneling: 3Com routers and firewalls variously feature PPTP, L2TP, IPSec Layer 3, and MPLS Layer 2/3 VPN tunnel protocols, as well as GRE, IKE, and ISAKMP/Oakley VPN tunnel methods; a variety of 3Com wired and wireless switch products support SSL VPNs and SSL/SSH sessions.
• Extensive support for industry-standard VPN authentication: A variety of 3Com switch, firewall, secure NIC, and wireless products feature MD5 and SHA-1 authentication protocol support; 3Com router, switch, firewall, and wireless products variously support RADIUS, TACACS+, and X.509 for redundant external authentication.
• Extensive support for industry-standard VPN encryption algorithms: A wide range of 3Com router, switch, firewall, and secure NIC products feature AES, DES, and/or 3DES encryption; 3Com wireless products feature WEP and TKIP encryption that can be used for secure Layer 2 tunneling over a WLAN.