No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Feature Description - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Feature Description - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Features Related to VPN Implementation

Features Related to VPN Implementation


The VPN technology is generally used to share services between different departments of an enterprise over public networks. Nowadays, VPN users want to spend less time and energy on network maintenance, and require carriers to do this task. Therefore, when designing a VPN, consider network operability first.


VPNs allow enterprises to seamlessly extend their network management from LANs to public networks, even to clients and business partners. After delegating nonessential network management tasks to the carrier, enterprises still need to fulfill many network management tasks. A complete VPN management system is absolutely necessary.

VPN management includes security management, equipment management, configuration management, access control list (ACL) management, and QoS management.

VPN management offers the following benefits:

  • Reduced network risks

    After an intranet is extended to a public network using the VPN technology, the intranet faces new security risks and monitoring challenges. VPN management can guarantee the integrity of data resources on an intranet although; whereas allowing branches, clients, and business partners to access the intranet.

  • Increased scalability

    VPN management can quickly adapt to the increased numbers of clients and partners, such as upgrading network hardware and software, guaranteeing network quality, and maintaining security policies.

  • Improved cost-effectiveness

    VPN management can control operation and maintenance expenses although; whereas ensuring service scalability.

  • Enhanced reliability

    VPNs are established over public networks. Compared with traditional wide area networks (WANs) established using leased lines, VPNs have lower controllability. VPN management must be performed to guarantee network stability and reliability.


VPN implementation is simple, convenient, and flexible. However, network risks arise at the same time.

  • A traditional IP VPN faces serious risks, such as data obtaining, data tampering, and access of unauthorized users. Extranet VPNs face even more serious risks.

    The following solutions help to improve VPN security:

    • Tunneling and tunnel encryption

      The tunneling technology uses multi-protocol encapsulation to enhance VPN flexibility and provide P2P logical channels on connectionless IP networks. Tunnel encryption helps to protect data privacy and ensure that data is not intercepted or tampered with.

    • Data authentication

      On an insecure network, such as the public network used by a VPN, packets may be unlawfully intercepted and tampered with. As a result, the receiver may receive incorrect packets. Data authentication helps receivers to determine the integrity and authenticity of received data.

    • User authentication

      User authentication allows a VPN to permit the access of authorized users and deny the access of unauthorized users. Authentication, Authorization and Accounting (AAA)-capable NEs can authenticate users, authorize users for specific resources, and generate access records. User authentication greatly improves the security of access VPNs and extranet VPNs.

    • Firewalls and attack detection

      Firewalls help to filter packets and prevent unauthorized access. Attack detection helps to determine the validity of packets, implement security policies in real time, disconnect unauthorized sessions, and record unauthorized access.


    For more information about tunnel encryption, data authentication, user authentication, firewalls, and attack detection, see the NE deviceMid-End RouterFeature Description - Security.

  • MPLS VPNs are created on the basis of labels and forwarding tables on network side. If an MPLS network does not connect to the Internet, internal resources on the MPLS VPN are secure. MPLS VPNs can ensure data security to some extent.

    If an MPLS VPN needs to access the Internet, a channel with a firewall can be established to provide a secure connection for the VPN. The MPLS VPN is easy to manage because only one security policy is used.

    An MPLS VPN is a private network that has the same security level as an FR network. Generally, user devices do not need to be configured with Internet Protocol Security (IPsec) or tunnels. On an MPLS VPN, data transmission delay is low because packets do not need to be encapsulated or encrypted. A mesh VPN is easy to create if no tunnel configuration is required.

Updated: 2019-01-14

Document ID: EDOC1100058940

Views: 16389

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next