6 Chapter 6 (Ii)
Upcoming SlideShare
Loading in...5

6 Chapter 6 (Ii)






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    6 Chapter 6 (Ii) 6 Chapter 6 (Ii) Presentation Transcript

    • WXGE6315 Virtual Private Network
    • Introduction
      • A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet .
      • It allows two or more private networks to be connected over a publicly accessed network.
      • VPNs have the same security and encryption features as a private network, while taking the advantage of the economies of scale and remote accessibility of large public networks.
      • Normally, we can send data between two computers across a shared or public network in a manner that emulates a point-to-point private link.
    • Introduction
      • To emulate a point-to-point link, data is encapsulated , or wrapped, with a header that provides routing information, which allows the data to traverse the shared or public network to reach its endpoint.
    • Introduction
      • There are two types of VPN technology in Windows 2000:
        • Point-to-Point Tunneling Protocol (PPTP)
          • PPTP uses user-level Point-to-Point Protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption.
        • Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPSec)
          • L2TP uses user-level PPP authentication methods and machine-level certificates with IPSec for data encryption.
    • VPN Connections
      • There are two types of VPN connections:
        • Remote access VPN connection
        • Router-to-router VPN connection
      • Remote access VPN connection
        • A remote access client (a single user computer) makes a remote access VPN connection that connects to a private network.
        • The VPN server provides access to the resources of the VPN server or to the entire network to which the VPN server is attached.
        • The remote access client (the VPN client) authenticates itself to the remote access server
        • (the VPN server) and, for mutual authentication, the server authenticates itself to the client .
    • VPN Connections
      • Router-to-router VPN connection
        • A router makes a router-to-router VPN connection that connects two portions of a private network.
        • The VPN server provides a routed connection to the network to which the VPN server is attached.
        • The calling router (the VPN client) authenticates itself to the answering router (the VPN server) and, for mutual authentication, the answering router authenticates itself to the calling router.
    • Types of VPN
      • Internet Based VPN
        • Remote Access over the Internet
          • By using the established physical connection to the local ISP , the remote access client initiates a VPN connection across the Internet to the organization's VPN server .
          • Once the VPN connection is created, the remote access client can access the resources of the private intranet.
        • Connecting networks over the Internet
          • When networks are connected over the Internet, a router forwards packets to another router across a VPN connection .
    • Types of VPN
        • Remote Access over the Internet
        • Connecting Networks over the Internet
    • Types of VPN
      • Using dedicated WAN links
        • The branch office routers are connected to the Internet by using local dedicated WAN links to a local ISP .
        • A router-to-router VPN connection is then initiated by either router across the Internet.
        • Once connected, routers can forward directed or routing protocol traffic to each other by using the VPN connection.
      • Using dial-up WAN links
        • By using the established connection to the local ISP , a router-to-router VPN connection is initiated by the branch office router to the corporate office router across the Internet.
        • The corporate office router acts as a VPN server and must be connected to a local ISP by using a dedicated WAN link .
    • Types of VPN
      • Intranet Based VPN
        • Remote Access over an Intranet
          • The department's network is physically connected to the organization intranet but separated by a VPN server .
          • Users on the organization intranet with the appropriate permissions can establish a remote access VPN connection with the VPN server and access the protected resources of the sensitive department's network.
    • Types of VPN
        • Remote Access over an Intranet
    • Types of VPN
        • Connecting Networks over an Intranet
    • Types of VPN
        • Connecting networks over an Intranet
          • Organizations with departments in separate locations, whose data is highly sensitive, may use a router-to-router VPN connection to communicate with each other.
          • The differences departments are connected to the common intranet with computers that can act as VPN clients or VPN servers .
          • Once the VPN connection is established , users on computers on either network can exchange sensitive data across the corporate intranet.
    • VPN Implementations
      • VPN implementations can be grouped into three primary categories:
        • Intranet VPNs
        • Remote Access VPNs
        • Extranet VPNs
      • Intranet VPNs
        • Secure communications between a company’s internal departments and its branch offices
        • Strong encryption to accommodate the high-speed links present in internal LANs
        • reliability to ensure the prioritization of mission-critical applications
    • VPN Implementations
        • Ease of administration to accommodate the changing requirements of new users, new offices and new applications.
    • VPN Implementations
      • Remote Access VPNs
        • Remote Access VPNs between a company and its remote and/or mobile employees.
        • Reliability and Quality of Service are important.
        • Strong authentication is critical.
        • Require centralized management and a high degree of scalability to handle the multitude of VPN links, as well as the vast number of users accessing the VPN.
    • VPN Implementations
    • VPN Implementations
      • Extranet VPNs
        • It require an open, standards-based solution to ensure interoperability with the various solutions that the business partners might implement.
        • Traffic control is important.