Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Configuring Virtual Private Networks for Remote Clients and Networks

advertisement 
Configuring Virtual Private Networks
for Remote Clients and Networks
1
What Is Virtual Private Networking?
• Virtual private networking allows secure
remote access to resources on an
organization’s internal network for users
outside the network
• A VPN is a virtual network that enables
communication between a remote access
client and computers on the internal network
or between two remote sites separated by a
public network such as the Internet
2
Types of VPNs
Corporate
Site
• Remote Access VPN
– Provides access to
internal corporate
network over the
Internet
– Reduces long
distance, modem
bank, and technical
support costs
Internet
3
Types of VPN
Corporate Site
• Site-to-Site VPN
– Connects multiple
offices over Internet
– Reduces
dependencies on
frame relay and
leased lines
Internet
Branch
Office
4
Types of VPN
Corporate
Site
• Extranet VPN
– Provides business
partners access to
critical information
(leads, sales tools, etc)
– Reduces transaction
and operational costs
Internet
Partner #2
Partner #1
5
What a VPN needs
• VPNs must be encrypted
– so no one can read it
• VPNs must be authenticated
• No one outside the VPN can alter the VPN
• All parties to the VPN must agree on the security
properties
6
VPN Topology
• Operates at layer 2 or 3 of OSI model
– Layer 2 frame – Ethernet
– Layer 3 packet – IP
• Tunneling
– allows senders to encapsulate their data in IP
packets that hide the routing and switching
infrastructure of the Internet
– to ensure data security against unwanted viewers,
or hackers
7
VPN Components
Protocols:
• IP Security (IPSec)
– Transport mode
– Tunnel mode
• Point-to-Point Tunneling Protocol (PPTP)
– Voluntary tunneling method
– Uses PPP (Point-to-Point Protocol)
8
VPN Components
Protocols:
• Layer 2 Tunneling Protocol (L2TP)
– Exists at the data link layer of OSI
– Composed from PPTP and L2F (Layer 2
Forwarding)
– Compulsory tunneling method
9
VPN Components
Security:
• Authentication
– Determine if the sender is the authorized person
and if the data has been redirect or corrupted
– User/System Authentication
– Data Authentication
10
VPN Components
11
Configuring Virtual Private Networking
for Remote Clients
12
Creating a Remote Access PPTP VPN
Server
• Enabling the ISA Firewall’s VPN Server
component
• Creating an Access Rule allowing VPN Clients
access to the Internal network
• Enabling Dial-in Access for VPN User Accounts
• Testing a PPTP VPN Connection
13
Enable the VPN Server
Enable VPN
Client Access
Warning About address
assignment
14
Assigning IP Address Assignment for
Remote Users
• Remote users that will
be establishing a VPN
tunnel require an IP
address to properly
communicate through
the tunnel to the
internal network
15
Authenticating VPN Users
• Authenticating directly
against Active Directory
• Implement RADIUS
Authentication
• Authenticate against
local users
16
Working with and Creating Rules for
the VPN Clients Network
create default rules that
allow VPN clients
access into the network
17
RADIUS Authentication for VPN
Connections
Install the Internet Authentication Service
(IAS) for Active Directory RADIUS Support
18
Setting Up the ISA Server as an IAS
Client
Define a RADIUS
server shared key
19
Configuring ISA to Use IAS for
Authentication
Modify RADIUS server
settings for VPN client
access
Define a RADIUS server
shared key in ISA
20
Configuring an ISA VPN Connection to
Use PPTP
21
Creating Layer 2 Tunneling Protocol
(L2TP) VPN
Enter an IPSec pre-shared key.
22
Creating a Public Key Infrastructure
(PKI) for L2TP with IPSec Support
• Installing the Enterprise Root Certificate
Authority (CA)
• Configuring the Enterprise Root CA
• Requesting a Certificate for the ISA VPN Server
• Requesting a Certificate for the VPN Client
• Downloading the CA Certificate
• Exporting and Importing Certificates
23
Configuring Virtual Private Networking
for Remote Sites
24
Site-to-Site VPN Capabilities
• Point-to-Point Tunneling Protocol (PPTP)
• Layer 2 Tunneling Protocol (L2TP)
• IPSec Tunnel Mode
25
Preparing ISA Servers for Site-to-Site
VPN Capabilities
• Define the IP Address Assignment
• Enable VPN client access
• Create local VPN user accounts on both
servers, and enable dial-in access for those
accounts.
• Run through the Site-to-Site VPN wizard to
configure all necessary networks, network
rules, and access rules.
• Repeat the steps on the remote server.
26
Create VPN Site-to-Site
27
Configuring a Point-to-Point Tunneling Protocol
(PPTP) Site-to-Site VPN Between Two Remote
Offices
Create a PPTP Site-to-Site VPN
Connection
28
Configuring a Layer 2 Tunneling
Protocol (L2TP) Site-to-Site VPN
• Deciding Between Shared Key and PKI
• Configuring a PKI Infrastructure for PKI-Based
Certificate Encryption
• Requesting a Certificate for the ISA VPN Server
• Creating an L2TP/IPSec Site-to-Site VPN
Connection
29
Setting Up an IPSec Tunnel Mode VPN
Connection
30
Related documents
Peplink SpeedFusion
Peplink SpeedFusion
3.3d - mr-damon.com
3.3d - mr-damon.com
201193040347
201193040347
Chapter 13
Chapter 13
Network Connectivity Options
Network Connectivity Options
Ch. 6 - Teleworker Services - Information Systems Technology
Ch. 6 - Teleworker Services - Information Systems Technology
About GeoEdge - Fiddler Book
About GeoEdge - Fiddler Book
Welcome to the HSMM mesh Consortium - BBHN-RI
Welcome to the HSMM mesh Consortium - BBHN-RI
Workshop 5: IPSec Security
Workshop 5: IPSec Security
Download
advertisement