8/9/2019 Virtual Private Network_Final
1/20
Virtual Private Network
Internal Guide: Created By:
Mr. Pravin Madha Nisarg Khandhar
8/9/2019 Virtual Private Network_Final
2/20
About VPNs
Uses of VPNs
Basic VPN Requirements
Tunneling Basics
Advanced Security Features
UserAdministration
Accounting,Auditing, and Alaraming
8/9/2019 Virtual Private Network_Final
3/20
What is Virtual Private Network ? A virtual private network
(VPN) is the extension of
a private network that
encompasses links
across shared or publicnetworks like the Internet
A VPN enables you to
send data between two
computers acrossinternet in a manner that
emulates the point-to-
point private link
Private Network
Virtual Private Network
8/9/2019 Virtual Private Network_Final
4/20
Why VPN ?
VPN connections allow users to connect in a securefashion to a remote corporate server
VPN technology also allows a corporation to connectto branch offices or to other companies over a publicinternetwork (such as the Internet)
VPN technology is designed to address issues
surrounding the current business trend towardincreased telecommuting and widely distributed globaloperations
8/9/2019 Virtual Private Network_Final
5/20
Uses of VPN
Rather than making a long distance call to a corporate or outsourced
network access server (NAS), the user calls a local ISP. Using theconnection to the local ISP (Internet Service Provider), the VPN
software creates a virtual private network between the dial-up user
and the corporate VPN server across the Internet
Remote access over the Internet
8/9/2019 Virtual Private Network_Final
6/20
(Continue)
Using dedicated lines to connect a branch office to a corporate LAN
Using a dial-up line to connect a branch office to a corporate LAN
In both cases, branch office and corporate offices are connect to the
Internet are local. The corporate hub router (i.e. VPN server) must
be connected to a local ISP with a dedicated line
Connecting networks over Internet
8/9/2019 Virtual Private Network_Final
7/20
(Continue)
VPNs allow the departments LAN to be physically connected to the
corporate internetwork but separated by a VPN server
By using a VPN, the network administrator can ensure that only
authenticated users can establish a VPN with the VPN server and
gain access to the protected resources of the department
Connecting Computers over an Intranet
8/9/2019 Virtual Private Network_Final
8/20
Basic VPN Requirements
UserAuthentication
Address Management
Data Encryption
Key Management
Multiprotocol Support
8/9/2019 Virtual Private Network_Final
9/20
Tunneling Basics
Tunnelingis a method of using an internetworkinfrastructure to transfer data for one network overanother network
The logical path through which the encapsulatedpackets travel through the internetwork is called atunnel
Tunneling includes this entire process -encapsulation,transmission, and decapsulation of packets
8/9/2019 Virtual Private Network_Final
10/20
(Continue)
New tunneling technologies are:
Point-to-Point Tunneling Protocol (PPTP)
LayerTwo Tunneling Protocol (L2TP)
IPSec tunnel mode
Above Tunneling technology can be based on either a Layer 2 or aLayer 3 tunneling protocol
8/9/2019 Virtual Private Network_Final
11/20
Tunneling Protocols
For a tunnel to be established, both the tunnel clientand the tunnel server must be using the same
tunneling protocol
For Layer 2 tunneling technologies, such as PPTPand L2TP; both of the tunnel endpoints must agree tothe tunnel and must negotiate configuration variables
Layer 3 tunneling technologies (i.e. IPSec) generallyassume that all of the configuration issues arepreconfigured
8/9/2019 Virtual Private Network_Final
12/20
Point-To-Point Tunneling Protocol PPTP encapsulates PPP frames in IP datagrams for transmission
over an IP internetwork, such as the Internet
PPTP can be used for remote access and router-to-router VPNconnections
PPTP uses a TCP connection for tunnel maintenance and a modifiedversion of Generic Routing Encapsulation (GRE) to encapsulate PPPframes for tunneled data
The payloads of the encapsulated PPP frames can be encryptedand/or compressed
8/9/2019 Virtual Private Network_Final
13/20
LayerTwo Tunneling Protocol L2TP=PPTP+L2F(Layer 2 Forwarding Protocol from Cisco)
L2TP encapsulates PPP frames to be sent over IP, X.25, FrameRelay, orAsynchronous Transfer Mode (ATM) n/ws
When configured to use IP as its datagram transport, L2TP can beused as a tunneling protocol over the Internet
L2TP over IP internetworks uses UDP and a series of L2TP messagesfor tunnel maintenance. L2TP also uses UDP to send L2TP-encapsulated PPP frames as the tunneled data
8/9/2019 Virtual Private Network_Final
14/20
Internet Protocol Security (IPSec)Tunnel Mode
IPSec is a Layer 3 protocol standard that supports the secured
transfer of information across an IP internetwork
IPSec tunnel mode uses the negotiated security method toencapsulate and encrypt entire IP packets for secure transfer across
a private or public IP internetwork
encrypted payload is then encapsulated again with a plain-text IP
header and sent on the internetwork for delivery to the tunnel server
IPSec tunnel mode has the following features and limitations:
It supports IP traffic only
It functions at the bottom of the IP stack; therefore, applications and
higher-level protocols inherit its behavior
8/9/2019 Virtual Private Network_Final
15/20
Tunneling
Types
A user or client computer can issue a VPN request toconfigure and create a voluntary tunnel. In this case,the users computer is a tunnel endpoint and acts asthe tunnel client
A VPN-capable dial-up access server configures andcreates a compulsory tunnel.With a compulsorytunnel, the users computer is not a tunnel endpoint.Another device, the dial-up access server, between
the users computer and the tunnel server is thetunnel endpoint and acts as the tunnel client
8/9/2019 Virtual Private Network_Final
16/20
Advanced Security Features
Internet facilitates the creation of VPNs from
anywhere, so networks need strong security features Authentication and encryption techniques are:
Symmetric or private-key encryption
Asymmetric or public-key encryption
Certificates
8/9/2019 Virtual Private Network_Final
17/20
UserAdministration
Tunnel server could maintain its own internal data base of per-user properties, such as names, passwords, and dial-in
permission attributes, so administratively prohibitive to maintainmultiple user accounts on multiple servers
The Remote Authentication Dial-in User Service (RADIUS)protocol is a popular method for managing remote userauthentication and authorization
RADIUS is a lightweight, UDP-based protocol. RADIUS serverscan be located anywhere on the Internet and provideauthentication and authorization for access VPN servers
8/9/2019 Virtual Private Network_Final
18/20
Accounting, Auditing, and Alarming
To properly administer a VPN system, network administratorsshould be able to track who uses the system, how many
connections are made, unusual activity, error conditions, andsituations that may indicate equipment failure
This information can be used forbilling, auditing, and alarm orerror-notification purposes
The tunnel server should provide all of this information, and the
system should provide event logs, reports, and a data storagefacility to handle the data appropriately.
8/9/2019 Virtual Private Network_Final
19/20
Summary
VPNs allow users or corporations to connect to remote servers,branch offices, or to other companies over a public internetwork,
while maintaining secure communications
In all of these cases, the secure connection appears to the useras a private network communicationdespite the fact that thiscommunication occurs over a public internetwork
VPN technology is designed to address issues surrounding the
current business trend toward increased telecommuting andwidely distributed global operations, where workers must beable to connect to central resources and communicate witheach other
8/9/2019 Virtual Private Network_Final
20/20
Questions ?????
Thank You
Top Related