HP BladeSystem bc2000 Cisco VPN Support for HP Thin Clients and Blade PCs - Page 3

Virtual Private Networks Advancements in computer networking have significantly changed the way people and organizations communicate and access information. Networks have become critical resources in many organizations, providing real-time communications and access, through both the Internet and enterprise intranets. As organizations take advantage of the benefits of making information available, they increasingly turn to virtual private networks (VPNs) to protect valuable proprietary information. They also might be responsible for complying with government regulations related to data privacy. VPN refers to an array of technologies that provide encryption and encapsulation of data through an otherwise unsecured network (such as the internet). However, both encryption and encapsulation are generic functions that can be performed by multiple technologies and can be combined in different implementation topologies. Thus, VPNs can vary widely from vendor to vendor. Cisco VPN Capabilities In this paper, we show how to use a CISCO VPN 3000 Concentrator to provide data tunneling (also known as data encapsulation) across a public TCP/IP network, such as the Internet, to create secure connections (tunnels) between remote users and a private corporate network. The VPN 3000 Concentrator functions as a bidirectional tunnel endpoint: • It can receive plain packets from the private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. Or • It can receive encapsulated packets from the public network, unencapsulate them, and send them to their final destination on the private network. The VPN 3000 concentrator supports the most popular VPN tunneling protocols: • PPTP: Point-to-Point Tunneling Protocol • L2TP: Layer 2 Tunneling Protocol • IPSec: IP Security Protocol • WebVPN: VPN via an HTTPS-enabled Web browser, does not require a client The concentrator also supports L2TP over IPSec, which provides interoperability with the VPN Client provided by Microsoft. The VPN 3000 Concentrator is interoperable with other clients that conform to L2TP/IPSec standards, but it does not formally support those clients. Implementation Prerequisites For the purpose of this white paper, we assume a basic network infrastructure is already in place. The reference implementation consists of HP BladeSystem bc2000 Blade PCs and HP BladeSystem bc2500 Blade PCs running Windows XP SP2. HP Compaq t5720 Thin Clients (t5720) running Windows XPe are used as access devices. The network topology for this reference implementation consists of a Cisco VPN 3000 concentrator sitting between two Class-C networks: 10.1.1.xxx/24 on the public interface and 10.2.2.x on the private interface. Details of the reference network can be found in Appendix A - CISCO 3560 Switch Configuration. 3