IS200DSPXH1D模块备件,模块控制器
EW200工业蜂窝网关215第5章安全5.1 VPN虚拟专用网络(VPN)将专用网络扩展到公共网络,如互联网。它使计算机能够通过共享或公共网络发送和接收数据,就像它直接连接到专用网络一样,同时受益于专用网络的功能、安全和管理策略。这是通过使用专用连接、加密或两者的组合建立虚拟点对点连接来实现的。隧道技术通过使用封装协议、加密算法和哈希算法来支持网络信息的数据保密性、数据源认证和数据完整性。该产品系列支持不同的隧道技术,以在多个站点之间建立用于数据传输的安全隧道,例如IPsec、OpenVPN、L2TP(通过IPsec)、PPTP和GRE。此外,还支持一些高级功能,如完整隧道、隧道故障切换、隧道负载平衡、IPsec上的NetBIOS、NAT穿越和动态VPN。EW200工业蜂窝网关216 5.1.1 IPsec互联网协议安全(IPsec)是一种协议套件,用于通过认证和加密通信会话的每个IP分组来保护互联网协议(IP)通信。IPsec包括用于在会话开始时在代理之间建立相互认证以及协商会话期间要使用的加密密钥的协议。IPsec客户端和服务器之间建立IPsec VPN隧道。有时,我们称IPsec VPN客户端为发起方,IPsec VPN服务器为响应方。该网关可以充当不同的角色,并与各种远程设备建立多个隧道。在设置VPN连接之前,您可能需要决定隧道的场景类型。IPsec隧道方案要构建IPsec隧道,您需要输入远程网关全局IP和可选子网,如果IPsec对等方后面的主机可以访问远程站点或主机。在这种配置下,有四种情况:站点到Si您需要设置远程网关IP和两个网关的子网。IPsec隧道建立后,两个网关后面的主机可以通过隧道相互通信。站点到主机:站点到主机适用于子网中的客户端和应用程序服务器(主机)之间的隧道。如图所示,M2M网关后面的客户端可以通过站点到主机VPN隧道访问位于控制中心的主机“主机DC”。主机到站点对于单个主机(或移动用户)访问intranet中的资源,可以应用主机到站点方案。
EW200 Industrial Cellular Gateway 215 Chapter 5 Security 5.1 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. The tunnel techlogy supports data confidentiality, data origin authentication and data integrity of network information by utilizing encapsulation protocols, encryption algorithms, and hashing algorithms. The product series supports different tunneling techlogies to establish secure tunnels between multiple sites for data transferring, such as IPsec, OpenVPN, L2TP (over IPsec), PPTP and GRE. Additionally, some advanced functions, like Full Tunnel, Tunnel Failover, Tunnel Load Balance, NetBIOS over IPsec, NAT Traversal and Dynamic VPN, are also supported. EW200 Industrial Cellular Gateway 216 5.1.1 IPsec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. An IPsec VPN tunnel is established between IPsec client and server. Sometimes, we call the IPsec VPN client the initiator and the IPsec VPN server the responder. This gateway can be cond as different roles and establish a number of tunnels with various remote devices. Before going to set up the VPN connections, you may need to decide on the scenario type for the tunneling. IPsec Tunnel Scenarios To build an IPsec tunnel, you need to enter the remote gateway global IP, and optional subnet if the hosts behind IPsec peer can access the remote site or hosts. Under such configuration, there are four scenarios: Site to Si You need to set up remote gateway IP and subnet of both gateways. After the IPsec tunnel is established, hosts behind both gateways can communicate with each other through the tunnel. Site to Host: Site to Host is suitable for tunneling between clients in a subnet and an application server (host). As in the diagram, the clients behind the M2M gateway can access to the host "Host-DC" located in the control center through Site to Host VPN tunnel. Host to Si For a single host (or mobile user) to access the resources located in an intranet, the Host to Site scenario can be applied.
