VPN Services
iNODE's VPN server allows to a remote network or remote users to connect to the local network (LAN). This service can operate over public networks thus reducing operational costs.
The iNODE supports two types of VPN connections:
- PPTP is used to establish a connection from a computer to the iNODE via the Internet. Employees can then access the server as if they were connected via the office LAN.
- IPSec is used to securely connect two or more iNODE together to create one large, secure network. Each server acts as a VPN Concentrator for each network.
As a VPN client, iNODE allows routing to the LAN through a VPN connection so that the local network can potentially be part of a unified private network.
PPTP
iNODE supports the PPTP protocol and is compatible with similar systems. To secure access to the private network iNODE offers a user authentication mechanism the blocks access to users after three consecutive failed login attempts.
The implementation of the PPTP Client and Server that has been integrated into iNODE allows the operation of LAN to LAN routing even if both sides use dynamic dial-up connections. When both connections are established the VPN is automatically enabled without requiring any intervention from the administrator.
The administrator has the option to set for each VPN user if a static or dynamic IP address will be used for the connection. In addition, the system is equipped with a wide variety of reports and statistics for the service making the administration of the sub-system as easy as possible.
IPSec
The IPSec protocol is from its nature complex enough in order to guaranty high levels of security. iNODE simplifies the parameterization of the protocol since the choice of cryptographic protocols is automated (IKE Negotiation Phases). It allows connections from equivalent IPSec systems or remote users (road-warriors). The supported symmetric cryptography protocols are 3DES, AES, Twofish, Serpent and Blowfish, the symmetric key protocol Diffie-Hellman group 5 and group 2 which is verified with the MD5 or SHA-1 algorithms. In addition, it supports PFS, ESP tunnel and transport mode.
The user authentication can be done with a preshared key or with x.509v3 electronic certificates that can be issued from a Public Key Infrastructure (PKI) or from iNODE's CA Management.
It also supports NAT traversal in case that an iNODE systems or the remote system's IPSec is using NAT to connect to the public network.iNODE is fully compatible with other IPSec systems such as Cisco IOS, Cisco PIX, Windows 200x/xp, Watchguard, Netscreen, SSH, Safenet, PGP.
^ top