525Networking Configuration GuideAppendix AVPN overviewA VPN (Virtual Private Network) is a group of systems connected across various data-transfertechnologies that form a secure and private network.BCM uses the Internet and tunneling protocols to create secure VPNs. These secure extranetsrequire a protocol for safe transport from the BCM to another device through the Public DataNetwork (PDN). BCM uses the IPSec tunneling protocols.Extranets can connect:• mobile users to a fixed private network at their office over the PDN• private networks in the two branch offices of the same corporation over PDN• two divisions of the same corporation over the corporate intranetWhen connecting two branch offices, the use of a VPN over the public data network is veryefficient if the connection is required only intermittently or a dedicated point-to-point link isconsidered too expensive. Also, with the advent of business-to-business solutions, VPNs can bedeployed to provide secure connections between corporations.IPSec tunnelsIn the IPSec Specification, there are two tunnel modes defined: tunnel mode and transport mode.BCM supports only tunnel mode. Tunnel mode describes a method of packetizing TCP/IP trafficto create a virtual tunnel.Tunnels are created between servers, which are also known as gateways. This is called a BranchOffice Connection. The end nodes connect to each other through gateways. These gateways set upthe tunnel over the PDN on behalf of the end nodes. The establishment of the tunnel, and the PDNin between, is transparent to the end nodes which behave as if they are interacting through a router.Typically, the edge devices connecting the branches of a corporation to the ISP use VPN in thismode.BCM is compatible with the Nortel Services Edge Router (formerly known as Shasta 5000) andthe following versions of the Contivity VPN Client:• V_05_01• V_05_11• V_06_01• V_06_02• V_07_01The following describes configuring the tunnel portion of BCM using IPSec.
