3Com Router 3000 Ethernet FamilyConfiguration Guide Chapter 1 VPN Overview3Com Corporation1-5which may not only overload the system but also decrease the scalability. Theintroduction of tunneling latency may incur such problems as PPP session timeout intime sensitive LCP and NCP negotiations of PPP. On the contrary, layer 3 tunnelterminates within ISP gateway, and PPP session terminates at NAS; thus user gatewayneeds not to manage and maintain status of each PPP session, and thereby reducessystem load.Normally, layer 2 tunneling protocols and layer 3 tunneling protocols are usedseparately. The reasonable combination of two types of protocols, however, maydeliver better security and functions (e.g. using L2TP and IPSec together).1.3 Classification of VPNIP VPN means emulating private line service of WAN (e.g. remote dial-up, DDN, etc.)over IP networks (including the Internet or dedicated IP backbone). IP VPN is classifiedas follows:I. Classified by operation mode1) CPE-based VPN (Customer Premises Equipment based VPN)Users not only have to install expensive devices and special authentication tools, butalso maintain complex VPN (e.g. channel maintenance, bandwidth management, etc.).Networking in this way features both high complexity and low service scalability.2) NBIP-VPN (Network-based VPN)The maintenance of VPN (permitting users to conduct service management and controlto some extent) is conducted by ISP, and all functions are implemented at networkdevice side, so as to reduce users’ investment, reinforce the flexibility and scalability ofservices, and bring new incomes to ISP.II. Classified by service application1) Intranet VPNIntranet VPN interconnects points distributed inside an enterprise by making use ofpublic network. It is an extended or substitute form of traditional private network orother enterprise network.2) Access VPNAccess VPN allows remote users like staff traveling on business and remote smalloffices to establish private network connections with the intranet and extranet of theirenterprise over a public network. Access VPN provides two types of connections:client-initiated VPN connection and NAS-initiated VPN connection.3) Extranet VPNExtranet VPN extends an enterprise network to suppliers, cooperators and clients byusing VPN, allowing different enterprises to construct VPN over public networks.