Virtual Private Network (VPN)

Download Report

Transcript Virtual Private Network (VPN)

Virtual Private Network
(VPN)
SCSC 455
VPN
• A virtual private network that is established
over, in general, the Internet
– It is virtual because it exists as a virtual entity
within a public network
– It is private because it is confined to a set of
private users
Private Networks
vs.
Virtual Private Networks
• Employees can access the network (Intranet) from
remote locations.
• Secured networks.
• The Internet is used as the backbone for VPNs
• Saves cost tremendously from reduction of
equipment and maintenance costs.
• Scalability
Why is it a Virtual Private Network?
• From the user’s perspective, it appears as a
network consisting of dedicated network links
– These links appear as if they are reserved for the
VPN client
– Because of encryption, the network appears to be
private
Typical VPN Connection
Tunnel and Connections
• Tunnel
– The portion of the network where the data is
encapsulated
• Connection
– The portion of the network where the data is
encrypted
Application Areas
• In general, provide users with connection to
the corporate network regardless of their
location
• The alternative of using truly dedicated lines
for a private network are expensive
propositions
Some Common Uses of VPN
• Provide users with secured remote access over the
Internet to corporate resources
• Connect two computer networks securely over the
Internet
– Example: Connect a branch office network to the network
in the head office
• Secure part of a corporate network for security and
confidentiality purpose
Remote Access Over the Internet
Connecting Two Computer Networks
Securely
Basic VPN Requirements
• User Authentication
– VPN must be able to verify user authentication and allow only
authorized users to access the network
• Address Management
– Assign addresses to clients and ensure that private addresses
are kept private on the VPN
• Data Encryption
– Encrypt and decrypt the data to ensure that others on the not
have access to the data
• Key Management
– Keys must be generated and refreshed for encryption at the
server and the client
• Multi-protocol Support
– The VPN technology must support commons protocols on the
Internet such as IP, IPX etc.
VPN Implementation Protocols
• Point-to-Point Tunneling Protocol (PPTP) of
Layer 2 Tunneling Protocol (L2TP)
• IPSec
More on Tunneling
• Tunneling involves the encapsulation, transmission
and decapsulation of data packets
• The data is encapsulated with additional headers
• The additional headers provide routing information
for encapsulated data to be routed between the end
points of a tunnel
Tunneling
Point-to-Point Tunneling Protocol (PPTP)
• Encapsulate and encrypt the data to be sent
over a corporate or public IP network
Level 2 Tunneling Protocol
• Encrypted and encapsulated to be sent over a
communication links that support user
datagram mode of transmission
– Examples of links include X.25, Frame Relay and
ATM
IPSec Tunnel Mode
• Encapsulate and encrypt in an IP header for
transmission over an IP network
Layer 2 Tunneling Protocols
• PPTP
• L2TP
• Both encapsulate the payload in a PPP frame
Layer 3 Tunneling Protocol
• IPSec Tunneling Mode
– Encapsulates the payload in an additional IP
header
Other Important Protocols in VPN
• Microsoft Point-to-Point Encryption (MPPE)
• Extensible Authentication Protocol (EAP)
• Remote Authentication Dial-in User Service
(RADIUS)
Some Example Scenarios
•
•
•
•
•
VPN remote access for employees.
On-demand branch office access.
Persistent branch office access.
Extranet for business partners.
Dial-up and VPNs with RADIUS authentication
Router-to-Router Branch Office Connection
VPN Based Extranet
Dial-up and VPNS with RADIUS
Authentication