Upload
shonda-williamson
View
221
Download
0
Tags:
Embed Size (px)
Citation preview
Option 1: Standard, no VPN
Mobile-originate traffic only
Outbound traffic can be filtered by white listing IP addresses or ports (such as blocking all traffic except for customer's public-facing server)
Useful when there is no requirement to initiate a session to the cellular device
Option 2: PPTP VPNRequires PPTP client on every host initiating
session to the cellular device
Slightly less secure than IPsec VPN
Outbound traffic to internet can be filtered by white listing IP addresses or ports
Typically used for development or testing purposes
PPTP in Porthos account has access to all cellular connections in that account
Option 3a: Standard IPsec VPN
Only traffic intended directly for customer's LAN goes over the IPsec tunnel
Outbound traffic to internet can be filtered by whitelisting IP addresses or ports
Most popular and easiest type of IPsec to set up
Option 3b: Default-Gateway IPsec
All traffic goes through the tunnel to customer LAN
Customer can directly monitor/control cellular traffic out to internet themselves
Avoids customer IP addressing conflicts with Wyless network
Option 3c: GRE over IPsec VPN
Alternative to default-gateway IPsec
GRE allows use of dynamic routing protocols
“Split GRE” configuration can still allow cellular traffic directly to internet
Option 4: MPLS connectivity
alternative to GRE-IPSec
Requires customer provided router(s) and circuit(s) into our datacenter
Option 5: Public Static Addressing
Requires use of very limited public IP addresses
Allows mobile-terminate traffic without VPN
Least secure of any connectivity option
Outbound or inbound traffic can be filtered by whitelisting internet IP addresses or ports
Device is vulnerable to unsolicited bandwidth usage by random internet sources