Scribd
Upload
59 views20 pages

Virtual Private Network: Internal Guide: Created By: Mr. Pravin Madha Nisarg Khandhar

Virtual Private Networks (VPNs) allow users to securely connect to remote networks over public networks like the Internet. VPNs use tunneling protocols to encapsulate and encrypt data packets, creating a virtual private connection between two endpoints. They enable remote access, connection of branch offices to a central network, and secure connections between businesses. Basic requirements for VPNs include user authentication, address management, data encryption, key management, and support for multiple protocols. Common tunneling protocols are PPTP, L2TP, and IPSec. Advanced security features include symmetric and asymmetric encryption, while user administration is often handled with RADIUS servers. VPNs also provide accounting, auditing, and alerting functions for network monitoring.

Uploaded by

Sunil Pillai
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
59 views20 pages

Virtual Private Network: Internal Guide: Created By: Mr. Pravin Madha Nisarg Khandhar

Virtual Private Networks (VPNs) allow users to securely connect to remote networks over public networks like the Internet. VPNs use tunneling protocols to encapsulate and encrypt data packets, creating a virtual private connection between two endpoints. They enable remote access, connection of branch offices to a central network, and secure connections between businesses. Basic requirements for VPNs include user authentication, address management, data encryption, key management, and support for multiple protocols. Common tunneling protocols are PPTP, L2TP, and IPSec. Advanced security features include symmetric and asymmetric encryption, while user administration is often handled with RADIUS servers. VPNs also provide accounting, auditing, and alerting functions for network monitoring.

Uploaded by

Sunil Pillai
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

Virtual Private Network

Internal Guide: Created By:


Mr. Pravin Madha Nisarg Khandhar
• About VPNs
• Uses of VPNs
• Basic VPN Requirements
• Tunneling Basics
• Advanced Security Features
• User Administration
• Accounting,Auditing, and Alaraming
What is Virtual Private Network ?
• A virtual private network Private Network
(VPN) is the extension of
a private network that
encompasses links
across shared or public
networks like the Internet
• A VPN enables you to
send data between two
computers across
internet in a manner that
emulates the point-to-
point private link
Virtual Private Network
Why VPN ?

• VPN connections allow users to connect in a secure


fashion to a remote corporate server
• VPN technology also allows a corporation to connect
to branch offices or to other companies over a public
internetwork (such as the Internet)
• VPN technology is designed to address issues
surrounding the current business trend toward
increased telecommuting and widely distributed global
operations
Uses of VPN
• Remote access over the Internet

• Rather than making a long distance call to a corporate or outsourced


network access server (NAS), the user calls a local ISP. Using the
connection to the local ISP (Internet Service Provider), the VPN
software creates a virtual private network between the dial-up user
and the corporate VPN server across the Internet
(Continue)
• Connecting networks over Internet

• Using dedicated lines to connect a branch office to a corporate LAN


• Using a dial-up line to connect a branch office to a corporate LAN
• In both cases, branch office and corporate offices are connect to the
Internet are local. The corporate hub router (i.e. VPN server) must be
connected to a local ISP with a dedicated line
(Continue)
• Connecting Computers over an Intranet

• VPNs allow the department’s LAN to be physically connected to the


corporate internetwork but separated by a VPN server
• By using a VPN, the network administrator can ensure that only
authenticated users can establish a VPN with the VPN server and
gain access to the protected resources of the department
Basic VPN Requirements

• User Authentication
• Address Management
• Data Encryption
• Key Management
• Multiprotocol Support
Tunneling Basics

• Tunneling is a method of using an internetwork


infrastructure to transfer data for one network over
another network
• The logical path through which the encapsulated
packets travel through the internetwork is called a
tunnel
• Tunneling includes this entire process -encapsulation,
transmission, and decapsulation of packets
(Continue)

• New tunneling technologies are:


– Point-to-Point Tunneling Protocol (PPTP)
– Layer Two Tunneling Protocol (L2TP)
– IPSec tunnel mode

• Above Tunneling technology can be based on either a Layer 2 or a


Layer 3 tunneling protocol
Tunneling Protocols

• For a tunnel to be established, both the tunnel client


and the tunnel server must be using the same
tunneling protocol
• For Layer 2 tunneling technologies, such as PPTP
and L2TP; both of the tunnel endpoints must agree to
the tunnel and must negotiate configuration variables
• Layer 3 tunneling technologies (i.e. IPSec) generally
assume that all of the configuration issues are
preconfigured
Point-To-Point Tunneling Protocol
• PPTP encapsulates PPP frames in IP datagrams for transmission over
an IP internetwork, such as the Internet
• PPTP can be used for remote access and router-to-router VPN
connections
• PPTP uses a TCP connection for tunnel maintenance and a modified
version of Generic Routing Encapsulation (GRE) to encapsulate PPP
frames for tunneled data
• The payloads of the encapsulated PPP frames can be encrypted
and/or compressed
Layer Two Tunneling Protocol
• L2TP=PPTP+L2F(Layer 2 Forwarding Protocol from Cisco)
• L2TP encapsulates PPP frames to be sent over IP, X.25, Frame
Relay, or Asynchronous Transfer Mode (ATM) n/ws
• When configured to use IP as its datagram transport, L2TP can be
used as a tunneling protocol over the Internet
• L2TP over IP internetworks uses UDP and a series of L2TP messages
for tunnel maintenance. L2TP also uses UDP to send L2TP-
encapsulated PPP frames as the tunneled data
Internet Protocol Security (IPSec)
Tunnel Mode
• IPSec is a Layer 3 protocol standard that supports the secured
transfer of information across an IP internetwork
• IPSec tunnel mode uses the negotiated security method to
encapsulate and encrypt entire IP packets for secure transfer across
a private or public IP internetwork
• encrypted payload is then encapsulated again with a plain-text IP
header and sent on the internetwork for delivery to the tunnel server
• IPSec tunnel mode has the following features and limitations:
– It supports IP traffic only
– It functions at the bottom of the IP stack; therefore, applications and
higher-level protocols inherit its behavior
Tunneling Types

• A user or client computer can issue a VPN request to


configure and create a voluntary tunnel. In this case,
the user’s computer is a tunnel endpoint and acts as
the tunnel client
• A VPN-capable dial-up access server configures and
creates a compulsory tunnel. With a compulsory
tunnel, the user’s computer is not a tunnel endpoint.
Another device, the dial-up access server, between
the user’s computer and the tunnel server is the
tunnel endpoint and acts as the tunnel client
Advanced Security Features

• Internet facilitates the creation of VPNs from


anywhere, so networks need strong security features
• Authentication and encryption techniques are:
– Symmetric or private-key encryption
– Asymmetric or public-key encryption
– Certificates
User Administration

• Tunnel server could maintain its own internal data base of per-
user properties, such as names, passwords, and dial-in
permission attributes, so administratively prohibitive to maintain
multiple user accounts on multiple servers
• The Remote Authentication Dial-in User Service (RADIUS)
protocol is a popular method for managing remote user
authentication and authorization
• RADIUS is a lightweight, UDP-based protocol. RADIUS servers
can be located anywhere on the Internet and provide
authentication and authorization for access VPN servers
Accounting, Auditing, and Alarming

• To properly administer a VPN system, network administrators


should be able to track who uses the system, how many
connections are made, unusual activity, error conditions, and
situations that may indicate equipment failure
• This information can be used for billing, auditing, and alarm or
error-notification purposes
• The tunnel server should provide all of this information, and the
system should provide event logs, reports, and a data storage
facility to handle the data appropriately.
Summary

• VPNs allow users or corporations to connect to remote servers,


branch offices, or to other companies over a public internetwork,
while maintaining secure communications
• In all of these cases, the secure connection appears to the user as
a private network communication—despite the fact that this
communication occurs over a public internetwork
• VPN technology is designed to address issues surrounding the
current business trend toward increased telecommuting and widely
distributed global operations, where workers must be able to
connect to central resources and communicate with each other
Questions ?????

Thank You

You might also like