virtual private network (vpn) scsc 455. vpn a virtual private network that is established over, in...
TRANSCRIPT
![Page 1: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/1.jpg)
Virtual Private Network (VPN)
SCSC 455
![Page 2: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/2.jpg)
VPN
• A virtual private network that is established over, in general, the Internet– It is virtual because it exists as a virtual entity
within a public network– It is private because it is confined to a set of
private users
![Page 3: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/3.jpg)
Private Networks vs.
Virtual Private Networks
• Employees can access the network (Intranet) from remote locations.
• Secured networks.• The Internet is used as the backbone for VPNs• Saves cost tremendously from reduction of
equipment and maintenance costs.• Scalability
![Page 4: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/4.jpg)
Why is it a Virtual Private Network?
• From the user’s perspective, it appears as a network consisting of dedicated network links– These links appear as if they are reserved for the
VPN client– Because of encryption, the network appears to be
private
![Page 5: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/5.jpg)
Typical VPN Connection
![Page 6: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/6.jpg)
Tunnel and Connections
• Tunnel– The portion of the network where the data is
encapsulated
• Connection– The portion of the network where the data is
encrypted
![Page 7: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/7.jpg)
Application Areas
• In general, provide users with connection to the corporate network regardless of their location
• The alternative of using truly dedicated lines for a private network are expensive propositions
![Page 8: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/8.jpg)
Some Common Uses of VPN
• Provide users with secured remote access over the Internet to corporate resources
• Connect two computer networks securely over the Internet– Example: Connect a branch office network to the network
in the head office
• Secure part of a corporate network for security and confidentiality purpose
![Page 9: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/9.jpg)
Remote Access Over the Internet
![Page 10: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/10.jpg)
Connecting Two Computer Networks Securely
![Page 11: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/11.jpg)
Basic VPN Requirements• User Authentication
– VPN must be able to verify user authentication and allow only authorized users to access the network
• Address Management – Assign addresses to clients and ensure that private addresses
are kept private on the VPN• Data Encryption
– Encrypt and decrypt the data to ensure that others on the not have access to the data
• Key Management– Keys must be generated and refreshed for encryption at the
server and the client• Multi-protocol Support
– The VPN technology must support commons protocols on the Internet such as IP, IPX etc.
![Page 12: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/12.jpg)
VPN Implementation Protocols
• Point-to-Point Tunneling Protocol (PPTP) of Layer 2 Tunneling Protocol (L2TP)
• IPSec
![Page 13: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/13.jpg)
More on Tunneling
• Tunneling involves the encapsulation, transmission and decapsulation of data packets
• The data is encapsulated with additional headers • The additional headers provide routing information
for encapsulated data to be routed between the end points of a tunnel
![Page 14: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/14.jpg)
Tunneling
![Page 15: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/15.jpg)
Point-to-Point Tunneling Protocol (PPTP)
• Encapsulate and encrypt the data to be sent over a corporate or public IP network
![Page 16: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/16.jpg)
Level 2 Tunneling Protocol
• Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission – Examples of links include X.25, Frame Relay and
ATM
![Page 17: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/17.jpg)
IPSec Tunnel Mode
• Encapsulate and encrypt in an IP header for transmission over an IP network
![Page 18: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/18.jpg)
Layer 2 Tunneling Protocols
• PPTP• L2TP• Both encapsulate the payload in a PPP frame
![Page 19: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/19.jpg)
Layer 3 Tunneling Protocol
• IPSec Tunneling Mode– Encapsulates the payload in an additional IP
header
![Page 20: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/20.jpg)
Other Important Protocols in VPN
• Microsoft Point-to-Point Encryption (MPPE)• Extensible Authentication Protocol (EAP)• Remote Authentication Dial-in User Service
(RADIUS)
![Page 21: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/21.jpg)
Some Example Scenarios
• VPN remote access for employees. • On-demand branch office access. • Persistent branch office access. • Extranet for business partners. • Dial-up and VPNs with RADIUS authentication
![Page 22: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/22.jpg)
Router-to-Router Branch Office Connection
![Page 23: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/23.jpg)
VPN Based Extranet
![Page 24: Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e195503460f94b065a6/html5/thumbnails/24.jpg)
Dial-up and VPNS with RADIUS Authentication