Introduction

Virtual private network (VPN) technology provides a channel for secure communications between internal networks over a public network (such as the Internet, for example) while providing features such as confidentiality and authentication. VPNs are commonly used to connect branch offices, mobile users, and business partners. The ability to connect private networks or hosts by securely tunneling through a public network infrastructure is very appealing. VPNs over the Internet provide solutions to various business problems, including economical connectivity between offices (using site-to-site VPNs) and the ability to provision connections quickly (simply by installing VPN hardware on an existing Internet connection instead of having to wait for a dedicated leased line or Frame Relay PVC to be installed). Remote access VPNs, on the other hand, provide connectivity for mobile workers or telecommuters, allowing them to dial into any ISP or use high-speed broadband connectivity at home or at a hotel to gain access to the corporate network.

The PIX firewall supports both site-to-site and remote access VPNs using various protocols: IPsec, L2TP, and PPTP. On the technical side, VPNs can be very complicated, and a single connection might be implemented using a combination of many protocols that work together to provide tunneling, encryption, authentication, access control, and auditing.

In this chapter, you will learn how to configure VPN on the PIX firewall. We will configure site-to-site VPNs (also known as office-to-office VPNs) using IPsec and IKE with pre-shared keys and digital certificates. You will also learn about manual IPsec and...