IPSec and Remote Access

Security is a major concern when using Remote Access since company data has be transferred over the internet. Using the tunnelling protocol L2TP (Layer 2 tunnelling protocol) a tunnel can be created through another network. Any data inside the tunnel can be protected using IPSec. A disadvantage of using L2TP is that only Windows 2000/XP clients can use it. L2TP uses certificates for authentication.

Use the buttons below to navigate through the lesson

Configuring IPSec for tunnel mode

Tunnels can also be constructed manually. To construct a tunnel two rules will need to be created on each end of the tunnel: One for inbound traffic and one for outbound traffic. Each side’s rule will have two filter lists with the tunnel endpoints being the router addresses.

Filter List 1:  Filter from any IP address to IP subnet 10.2.*  Tunnel endpoint of 10.2.0.254
Filter List 2:  Filter from IP subnet 10.2.* to any IP address,  Tunnel endpoint of 10.1.0.254

Tunnel Endpoints are specified when setting up a new Security Rule covered in the IPSec policies section.