Solved

What is a VPN Encryption Domain?

Posted on 2003-11-09
5
27,294 Views
Last Modified: 2013-05-23
Hello,
  I'm fairly new to VPNs and was wondering if anyone could shine the light on the meaning of an "encryption domain".  All is making sense in regards to tunneling and termination but the materials I've read thus far fail to elaborate on a term often seen in examples of brief setup parameters.  Are there any links you would recommend to better understand VPNs?  Thank You graciously!  Please Advise!

-JS
0
Comment
Question by:jsablan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Accepted Solution

by:
Scott_V earned 25 total points
ID: 9712388
0
 
LVL 3

Assisted Solution

by:UkWizard
UkWizard earned 25 total points
ID: 9712997
In summary, an encryption domain is the term referring to ALL the networks behind the firewall, that are routing though the VPN tunnel.

Eg. Encryption domain may be the 192.168.1.x, 192.168.2.x and 192.168.3.x networks. for example.


Simple as that.

Regards,
UkWizard.
0
 

Expert Comment

by:mvselm
ID: 9776919
The encryption domain refers to a concept where your site to site traffic is send over a virtual connection over an other network. Look at this "drawing"

Lets assume IP and Internet transmission

LAN1 ==> Firewall/VPN-router ====> Internet ====> Firewall/VPN-router ==> LAN2
               encryption here            transmission                decryption here

Now an IP packet from LAN1 is encrypted in the Firewall or VPN router. This  packet becomes then the payload of a new IP packet. This is routed over the Internet (or other transmission network). The payload but generally also the IP header is encrypted. One technique is IPsec tunneling. Encryption protocols like 3DES or AES (AES is much better but 3DES is more commonly used). You need to distribute the keys to both sites. You need to configure the tunnel endpoint (this is for the VPN-router where to send the encrypted traffic). All IP traffic can be routed over IPsec tunnels. But because packets are transmitted as the payload of other packets (this is called encapsulation) you add some extra overhead. Another header is added. Also the MTU (maximum transmission unit) reduces because now you have a payload + header + another header. Also remember that when you use protocols that generate small packets, like VoIP, that the extra  overhead more or less doubles the packet size so you  VoIP now needs twice the BW. All major router and FW vendors support this.

Another concept  is ISDN VPN techniques. Here is generally only the B-channel encrypted. So you can dial anywehre (unless the ISDN crypto uses a list of allowed numbers). The signalling is untouched (it can be filtered and/or proxied) but the B-channel is encrypted. There are various commercial ISDN cryptos on the market.

Hope this helps. Marc
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux MD5 Hash 7 66
Boot Camp 3 59
Exchange 2016 - not receiving mail 17 49
What is the fastest way to transfer data from one notebook to another 26 53
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question