Virtual Private Network_Final

download Virtual Private Network_Final

of 20

Transcript of Virtual Private Network_Final

  • 8/9/2019 Virtual Private Network_Final

    1/20

    Virtual Private Network

    Internal Guide: Created By:

    Mr. Pravin Madha Nisarg Khandhar

  • 8/9/2019 Virtual Private Network_Final

    2/20

    About VPNs

    Uses of VPNs

    Basic VPN Requirements

    Tunneling Basics

    Advanced Security Features

    UserAdministration

    Accounting,Auditing, and Alaraming

  • 8/9/2019 Virtual Private Network_Final

    3/20

    What is Virtual Private Network ? A virtual private network

    (VPN) is the extension of

    a private network that

    encompasses links

    across shared or publicnetworks like the Internet

    A VPN enables you to

    send data between two

    computers acrossinternet in a manner that

    emulates the point-to-

    point private link

    Private Network

    Virtual Private Network

  • 8/9/2019 Virtual Private Network_Final

    4/20

    Why VPN ?

    VPN connections allow users to connect in a securefashion to a remote corporate server

    VPN technology also allows a corporation to connectto branch offices or to other companies over a publicinternetwork (such as the Internet)

    VPN technology is designed to address issues

    surrounding the current business trend towardincreased telecommuting and widely distributed globaloperations

  • 8/9/2019 Virtual Private Network_Final

    5/20

    Uses of VPN

    Rather than making a long distance call to a corporate or outsourced

    network access server (NAS), the user calls a local ISP. Using theconnection to the local ISP (Internet Service Provider), the VPN

    software creates a virtual private network between the dial-up user

    and the corporate VPN server across the Internet

    Remote access over the Internet

  • 8/9/2019 Virtual Private Network_Final

    6/20

    (Continue)

    Using dedicated lines to connect a branch office to a corporate LAN

    Using a dial-up line to connect a branch office to a corporate LAN

    In both cases, branch office and corporate offices are connect to the

    Internet are local. The corporate hub router (i.e. VPN server) must

    be connected to a local ISP with a dedicated line

    Connecting networks over Internet

  • 8/9/2019 Virtual Private Network_Final

    7/20

    (Continue)

    VPNs allow the departments LAN to be physically connected to the

    corporate internetwork but separated by a VPN server

    By using a VPN, the network administrator can ensure that only

    authenticated users can establish a VPN with the VPN server and

    gain access to the protected resources of the department

    Connecting Computers over an Intranet

  • 8/9/2019 Virtual Private Network_Final

    8/20

    Basic VPN Requirements

    UserAuthentication

    Address Management

    Data Encryption

    Key Management

    Multiprotocol Support

  • 8/9/2019 Virtual Private Network_Final

    9/20

    Tunneling Basics

    Tunnelingis a method of using an internetworkinfrastructure to transfer data for one network overanother network

    The logical path through which the encapsulatedpackets travel through the internetwork is called atunnel

    Tunneling includes this entire process -encapsulation,transmission, and decapsulation of packets

  • 8/9/2019 Virtual Private Network_Final

    10/20

    (Continue)

    New tunneling technologies are:

    Point-to-Point Tunneling Protocol (PPTP)

    LayerTwo Tunneling Protocol (L2TP)

    IPSec tunnel mode

    Above Tunneling technology can be based on either a Layer 2 or aLayer 3 tunneling protocol

  • 8/9/2019 Virtual Private Network_Final

    11/20

    Tunneling Protocols

    For a tunnel to be established, both the tunnel clientand the tunnel server must be using the same

    tunneling protocol

    For Layer 2 tunneling technologies, such as PPTPand L2TP; both of the tunnel endpoints must agree tothe tunnel and must negotiate configuration variables

    Layer 3 tunneling technologies (i.e. IPSec) generallyassume that all of the configuration issues arepreconfigured

  • 8/9/2019 Virtual Private Network_Final

    12/20

    Point-To-Point Tunneling Protocol PPTP encapsulates PPP frames in IP datagrams for transmission

    over an IP internetwork, such as the Internet

    PPTP can be used for remote access and router-to-router VPNconnections

    PPTP uses a TCP connection for tunnel maintenance and a modifiedversion of Generic Routing Encapsulation (GRE) to encapsulate PPPframes for tunneled data

    The payloads of the encapsulated PPP frames can be encryptedand/or compressed

  • 8/9/2019 Virtual Private Network_Final

    13/20

    LayerTwo Tunneling Protocol L2TP=PPTP+L2F(Layer 2 Forwarding Protocol from Cisco)

    L2TP encapsulates PPP frames to be sent over IP, X.25, FrameRelay, orAsynchronous Transfer Mode (ATM) n/ws

    When configured to use IP as its datagram transport, L2TP can beused as a tunneling protocol over the Internet

    L2TP over IP internetworks uses UDP and a series of L2TP messagesfor tunnel maintenance. L2TP also uses UDP to send L2TP-encapsulated PPP frames as the tunneled data

  • 8/9/2019 Virtual Private Network_Final

    14/20

    Internet Protocol Security (IPSec)Tunnel Mode

    IPSec is a Layer 3 protocol standard that supports the secured

    transfer of information across an IP internetwork

    IPSec tunnel mode uses the negotiated security method toencapsulate and encrypt entire IP packets for secure transfer across

    a private or public IP internetwork

    encrypted payload is then encapsulated again with a plain-text IP

    header and sent on the internetwork for delivery to the tunnel server

    IPSec tunnel mode has the following features and limitations:

    It supports IP traffic only

    It functions at the bottom of the IP stack; therefore, applications and

    higher-level protocols inherit its behavior

  • 8/9/2019 Virtual Private Network_Final

    15/20

    Tunneling

    Types

    A user or client computer can issue a VPN request toconfigure and create a voluntary tunnel. In this case,the users computer is a tunnel endpoint and acts asthe tunnel client

    A VPN-capable dial-up access server configures andcreates a compulsory tunnel.With a compulsorytunnel, the users computer is not a tunnel endpoint.Another device, the dial-up access server, between

    the users computer and the tunnel server is thetunnel endpoint and acts as the tunnel client

  • 8/9/2019 Virtual Private Network_Final

    16/20

    Advanced Security Features

    Internet facilitates the creation of VPNs from

    anywhere, so networks need strong security features Authentication and encryption techniques are:

    Symmetric or private-key encryption

    Asymmetric or public-key encryption

    Certificates

  • 8/9/2019 Virtual Private Network_Final

    17/20

    UserAdministration

    Tunnel server could maintain its own internal data base of per-user properties, such as names, passwords, and dial-in

    permission attributes, so administratively prohibitive to maintainmultiple user accounts on multiple servers

    The Remote Authentication Dial-in User Service (RADIUS)protocol is a popular method for managing remote userauthentication and authorization

    RADIUS is a lightweight, UDP-based protocol. RADIUS serverscan be located anywhere on the Internet and provideauthentication and authorization for access VPN servers

  • 8/9/2019 Virtual Private Network_Final

    18/20

    Accounting, Auditing, and Alarming

    To properly administer a VPN system, network administratorsshould be able to track who uses the system, how many

    connections are made, unusual activity, error conditions, andsituations that may indicate equipment failure

    This information can be used forbilling, auditing, and alarm orerror-notification purposes

    The tunnel server should provide all of this information, and the

    system should provide event logs, reports, and a data storagefacility to handle the data appropriately.

  • 8/9/2019 Virtual Private Network_Final

    19/20

    Summary

    VPNs allow users or corporations to connect to remote servers,branch offices, or to other companies over a public internetwork,

    while maintaining secure communications

    In all of these cases, the secure connection appears to the useras a private network communicationdespite the fact that thiscommunication occurs over a public internetwork

    VPN technology is designed to address issues surrounding the

    current business trend toward increased telecommuting andwidely distributed global operations, where workers must beable to connect to central resources and communicate witheach other

  • 8/9/2019 Virtual Private Network_Final

    20/20

    Questions ?????

    Thank You