Using a Nokia VPN appliance as a gateway, independent corporate LANs can be connected through the
Internet. The gateway encrypts sensitive data and creates a secure tunnel between each site. There's no need
to install and configure encryption software on each host on each network: the Nokia VPN gateway performs
the encryption on behalf of the LAN or host groups behind it. Data traveling over the public segment of the
connection is encrypted; on the internal network behind the gateway, it is not. All of this VPN
functionality is completely transparent to end users, and all existing applications are supported.
The need for remote network access is growing continuously. Traveling professionals and employees working from home often require resources located on their corporate networks. And a growing number of businesses are sharing controlled access to their networks among their most important partners.
With remote access capabilities built in, Nokia VPN gateways can extend enterprise VPNs to remote users at home, on the road and within partner companies. All that is required is installation of Check Point VPN-1 SecuRemote client software on the remote workstation or laptop in question. Windows 95 and Windows NT users simply connect to their corporate networks via dial-up or fixed Internet connections, and the SecuRemote client software establishes a secure VPN tunnel between the client and the VPN gateway.
SecuRemote encrypts and decrypts data at the network layer, enabling it to support all applications transparently. There is no need to change existing applications on the client workstation or laptop. SecuRemote can interface with any existing network adapter or TCP/IP stack, and can be connected to multiple VPN sites.
Integrated encryption on Nokia VPN appliances ensures that data is practically impossible to be read by unauthorized third parties. Nokia VPN appliances support and automatically negotiate the use of the strongest possible encryption and data-authentication algorithms between communicating parties. These include DES and Triple DES for data encryption and SHA-1 and MD5 for data authentication. Nokia VPN appliances also support several key management protocols, including the industry-standard Internet Key Exchange (IKE, also called ISAKMP/Oakley).
Rather than issue a unique encryption key for each pair of VPN users in large-scale VPN deployments, Nokia VPN solutions use a Public Key Infrastructure (PKI) to generate a public key for each individual or application. In this way, Nokia solutions enable organizations to automate such critical VPN functions as adding and deleting users and managing encryption keys.
Data authentication verifies the origin and integrity of all information transmitted over the VPN. User
authentication confirms the identities of all remote users, and access to corporate networks is granted only
after a password-protected authentication sequence has been completed successfully.
