Overview of tunnel protocols

The gateway uses the Internet and remote connectivity to create secure extranets, or Virtual Private Networks (VPNs). Remote connectivity through the public data network (PDN) requires a protocol for safe transport and a connection from the remote user's PC to the PDN. The gateway uses the most popular tunneling protocols: IPSec, PPTP, L2TP, and L2F.

To form a tunnel, the following takes place:

• The remote user establishes a connection with the PDN point-of-presence (POP), typically through an Internet Service Provider (ISP).
• After the Internet connection is up, the remote user launches a second connection that specifies a connection to a gateway. Instead of a telephone number to establish the link, the second connection uses an IP address (or a name if the IP address has been entered into a Domain Name Service server). This second connection could use either the Point-to-Point Tunneling Protocol (PPTP) or the IP Security (IPSec) tunneling protocol.
• Tunnels built using L2F are slightly different. The tunnel begins at a piece of networking equipment (network access server or NAS) located at the ISP instead of the remote user's PC. The user simply dials into the ISP with a telephone number that causes an L2TP or L2F tunnel to connect directly to a specific corporation. This is similar to a traditional remote dial service except that the modems are maintained by the ISP and not the corporation.

All tunneling protocols are enabled on the public and private networks by default. Because data in tunnels is encrypted, the default setting guarantees that all interactions with the gateway are private. By leaving IPSec, PPTP, L2TP, and L2F enabled on the private side, you can establish tunneled connections to the gateway using any of the tunnel types from within your corporation. To prevent tunnel connections of a particular type (for all users, including administrators), you can simply disable the tunnel type.

For example, if you want to use IPSec as your only public tunneling protocol, then disable the Public selection for PPTP, L2TP, and L2F.

To configure tunnel access to the gateway:

1. Go to the ServicesAvailable screen.
2. Select the tunnel type.

See Configuring Basic Features for the Contivity Secure IP Services Gateway for more information on configuring tunnels. See the appropriate chapter in this book for steps on how to change default tunnel protocol settings.