About VPNs

In a private WAN connection, a path that is made with physically delimited media such as cables and wires directly connects two hosts. Only these hosts can exchange data because only they have access to the physical medium.

A VPN tunnel virtually simulates the privacy of a WAN connection while using an otherwise publicly available medium such as the Internet. In other words, what a private WAN connection controls physically — the data that can pass between two hosts — the VPN tunnel controls virtually.

Encryption and authentication algorithms provide this control for VPN tunnels. Each tunnel is defined by a unique authentication and/or encryption key. Only authorized peers can exchange data, because peers only accept data that is accompanied by a message digest, which was generated using the shared authentication key. A unique key may also encrypt data, effectively hiding it from potential eavesdroppers.

The Threat Management Services (TMS) zl Module supports the following options for VPNs:

  • Site-to-Site VPNs:

  • With IKE version 1

  • With manual keying

  • Client-to-Site VPNs

  • With IKE version 1

  • With manual keying

  • L2TP and L2TP Layer 2 Tunneling Protocol over IPsec — Client-to-Site VPNs only 

  • GRE Tunnels   (not secure)

  • GRE Generic Routing Encapsulation over IPsec (secure)

 

The TMS zl Module VPN gateway is compatible with the following VPN clients:

  • HP ProCurve

  • Microsoft Windows (2000, XP, Vista)

  • IPSecuritas for Macintosh OS X

The module can support up to 4800 concurrent VPN connections.