Transcript Presentation

Virtual Private Networks and
Network Address Translation
Objectives
Upon completion you will be able to:
• Understand the difference between an internet and an extranet
• Understand private, hybrid, and virtual private networks
• Understand how VPN can guarantee privacy
• Understand the mechanism of NAT
TCP/IP Protocol Suite
1
26.1 PRIVATE NETWORKS
A private network is designed to be used only inside an organization. It
allows access to shared resources and, at the same time, provides privacy.
The topics discussed in this section include:
Intranet
Extranet
Addressing
TCP/IP Protocol Suite
2
Table 26.1 Addresses for private networks
TCP/IP Protocol Suite
3
26.2 VIRTUAL PRIVATE
NETWORKS (VPN)
Virtual private network (VPN) is a technology for large organizations
that use the global Internet for both intra- and interorganization
communication, but require privacy in their intraorganization
communication.
The topics discussed in this section include:
Achieving Privacy
VPN Technology
TCP/IP Protocol Suite
4
Figure 26.1
TCP/IP Protocol Suite
Private network
5
Figure 26.2
TCP/IP Protocol Suite
Hybrid network
6
Figure 26.3
TCP/IP Protocol Suite
Virtual private network
7
Virtual private network
A typical VPN might have a main LAN at the corporate
headquarters of a company, other LANs at remote
offices or facilities and individual users connecting
from out in the field.
TCP/IP Protocol Suite
8
VPN Types:
•Remote Access VPN
•Intranet VPN
•Extranet VPN
TCP/IP Protocol Suite
9
Remote-Access VPN



Remote-Access VPN also called a virtual private
dial-up network (VPDN), is a user-to-LAN connection
used by a company that has employees who need to
connect to the private network from various remote
locations.
Intranet-based - If a company has one or more
remote locations that they wish to join in a single private
network, they can create an intranet VPN to connect LAN
to LAN.
Extranet-based - When a company has a close
relationship with another company (for example, a
partner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and that allows
all of the various companies to work in a shared
environment.
TCP/IP Protocol Suite
10
Figure 26.4
Tunneling
tunneling is the process of placing an entire packet within
another packet and sending it over a network. You can place a
packet that uses a protocol not supported on the Internet (such
as NetBeui) inside an IP packet and send it safely over the
Internet. Or you could put a packet that uses a private (nonroutable) IP address inside a packet that uses a globally unique
IP address to extend a private network over the Internet.
TCP/IP Protocol Suite
11
Figure 26.5
TCP/IP Protocol Suite
Addressing in a VPN
12
26.3 NETWORK ADDRESS
TRANSLATION (NAT)
Network address translation (NAT) allows a site to use a set of private
addresses for internal communication and a set of global Internet
addresses for communication with another site. The site must have only
one single connection to the global Internet through a router that runs
NAT software.
The topics discussed in this section include:
Address Translation
Translation Table
NAT and ISP
TCP/IP Protocol Suite
13
Figure 26.6
TCP/IP Protocol Suite
NAT
14
Figure 26.7
TCP/IP Protocol Suite
Address translation
15
Figure 26.8
TCP/IP Protocol Suite
Translation
16
Table 26.2 Five-column translation table
TCP/IP Protocol Suite
17
Figure 26.9
TCP/IP Protocol Suite
An ISP and NAT
18