1 Chapter 12: VPN Connectivity in Remote Access Designs Designs

Download Report

Transcript 1 Chapter 12: VPN Connectivity in Remote Access Designs Designs

Chapter 12: VPN Connectivity in
Remote Access Designs




Designs That Include VPN Remote Access
Essential VPN Remote Access Design
Concepts
Data Protection in VPN Remote Access
Designs
VPN Remote Access Design Optimization
1
VPN Remote Access Solutions
2
Routing and Remote Access and
VPN

Virtual private network (VPN) gives control over





Authorized user accounts
Security methods
Resources to be accessed
Uses Point-to-Point Tunneling Protocol (PPTP) and
Layer 2 Tunneling Protocol (L2TP)
VPN and Remote Authentication Dial-In User Service
(RADIUS) solutions differ in many ways.
3
Routing and Remote Access and
Windows 2000

Routing and Remote Access in Microsoft
Windows 2000 includes


Remote access client
Remote access server
4
VPN Clients and Servers
5
VPN Remote Access Design Review







Amount of data transmitted
Number of locations
Existing Internet connections
Plans for network growth
Number of simultaneous clients
Operating systems used by clients
Protocols used by clients
6
VPN Remote Access Design
Decisions





Integration into existing network
Hardware requirements for servers
Protection for confidential data
Availability to remote access users
Optimization of network traffic
7
VPN Remote Access Designs



A third party provides connectivity.
Cost reduction is an advantage.
Some dial-up security is not available.




Caller ID detection
Remote user callback
Authentication protocol for dial-up connection
Password security features
8
VPN Remote Access Scenario
9
Number of VPN Remote Access
Servers




Determine the maximum number of users.
Determine the sustained data rate.
Perform a pilot test.
Calculate the number of servers.
10
Placing VPN Remote Access Servers

Placement goals:






Centralize administration
Reduce costs
Reduce network traffic
Single location
Multiple locations
Adjacent to resources
11
Single Location Configuration


Provide enough PPTP or L2TP virtual ports.
Advantages



Centralized administration
Lower administration costs
Disadvantages


Increased network traffic on segments
No redundancy
12
Multiple Location Configuration


Provide enough PPTP or L2TP virtual ports.
Advantages



Reduced network traffic between locations
Redundancy
Disadvantages


Decentralized administration and support
Increased administration costs
13
Placing VPN Servers Near
Resources


Reduces the segments traversed
Improves performance for remote access
clients
14
Remote Access Client Support

Virtual ports




PPTP
L2TP
Transport protocols determined by client
needs
Network address assignment methods


Allocate manually
Allocate automatically using Dynamic Host
Configuration Protocol (DHCP)
15
Preventing Unauthorized Access



Restrict remote access to resources on the
server.
Use filters to restrict traffic on servers.
Place VPN servers for security



Outside the private network
On screened subnets
Within the private network
16
Placing VPN Servers Outside the
Private Network
17
Placing VPN Servers on Screened
Subnets
18
Placing VPN Servers Inside the
Private Network
19
Protecting Remote Access Data

Authenticate remote users.



Encrypt confidential data.



Local accounts
Active Directory directory service accounts
Microsoft Point-to-Point Encryption (MPPE)
Internet Protocol Security (IPSec)
Enforce remote access policies.
20
Enhancing Remote Access
Availability

Use redundant VPN remote access servers.




Network Load Balancing
Round robin DNS
Use multiple Internet connections.
Dedicate a computer to running Routing and
Remote Access.
21
Improving Remote Access
Performance


Upgrade hardware.
Distribute clients across multiple servers.



Use Network Load Balancing.
Use round robin DNS.
Dedicate a computer to running Routing and
Remote Access.
22
Chapter Summary






There are many advantages in using VPN for
remote access.
Consider the number of users and the data
rate.
Use multiple remote access servers.
Evaluate the needs of remote clients.
Protect private network resources.
Improve the availability and performance of
the design.
23