4. HISTORY
1960
Creation
of ARPANET
packet sw network
led to the devp of
TCP/IP
TCP/IP
At the internet level,
local nw and
devices could be
connected to the
universal network
1993
AT&T Bell Labs
created first version
of the modern VPN,
known as swIPe:
Software IP
encryption protocol.
1994
Wei Xu devp the
IPSec network,
which authenticate
and encrypts info
pkts shared online.
1996
Gurdeep Singh-Pall
created a Peer-to-
Peer Tunneling
Protocol (PPTP).
5. HOW DOES IT WORK ?
A VPN hides your IP address by letting the network redirect it through a specially configured
remote server run by a VPN host.
The VPN server becomes the source of your data.
Internet Service Provider (ISP) and other third parties cannot see which websites you visit or
what data you send and receive online.
A VPN works like a filter that turns all your data into "gibberish". Even if someone were to get
their hands on your data, it would be useless.
A VPN connection disguises your data traffic online and protects it from external access
6. WHY VPN?
ISP usually sets up your connection when you connect to the internet. It tracks you via an
IP address.
Network traffic is routed through your ISP's servers, which can log and display everything
you do online.
ISP may seem trustworthy, but it may share your browsing history with advertisers, the
police or government, and/or other third parties.
ISPs can also fall victim to attacks by cyber criminals: If they are hacked, your personal and
private data can be compromised.
This is especially important if you regularly connect to public Wi-Fi networks. You never
know who might be monitoring your internet traffic and what they might steal from you,
including passwords, personal data, payment information, or even your entire identity.
7. FEATURES
Encryption of your IP address: To send and receive information online without the risk of
anyone but you and the VPN provider seeing it.
Encryption of protocols: A VPN should also prevent you from leaving traces,
In the form of your internet history, search history and cookies.
The encryption of cookies is especially important because it prevents third parties from
gaining access to confidential information such as personal data, financial information and
other content on websites.
Kill switch: If your VPN connection is suddenly interrupted, your secure connection will also
be interrupted. A good VPN can detect this sudden downtime and terminate preselected
programs, reducing the likelihood that data is compromised.
Two-factor authentication: By using a variety of authentication methods, a strong VPN
checks everyone who tries to log in.
8. TYPES OF VPN
Personal VPN. These are used to create secure and private connections to the open internet, as well
as for bypassing firewalls and geographic internet restrictions.
Remote access VPN . Businesses use a remote access VPN, which enables employees to access the
company’s private network when traveling or working from home.
Mobile VPN. If the employee doesn’t have a consistent or stable internet connection, then a mobile
VPN might be used instead.
Site to site VPN. When there are multiple sites or multiple companies trying to connect to a single
private network (not just a single employee), then businesses will need to use a site-to-site VPN.
9. Client-to-Server VPN/ Remote access VPN
Config VPN client on the PC
This involves the user not being connected to the internet via his own ISP, but establishing a direct connection through
his/her VPN provider.
Instead of using the VPN to create an encryption tunnel to disguise the existing internet connection, the VPN can
automatically encrypt the data before it is made available to the user.
A remote access VPN lets you use the internet to connect to a private network, such as your company’s office network.
The internet is an untrusted link in the communication. VPN encryption is used to keep the data private and secure as it
travels to and from the private network.
REMOTE ACCESS VPN
10. REMOTE ACCESS VPN
To use a remote access VPN on your device you typically need to install client software or configure
your device’s operating system to connect to the VPN. There also needs to be a VPN server on the
network end of the connection.
There can be many client devices, as many different users can connect to the VPN server. Between
them, the client software and VPN server manage the VPN connection.
Wkg :
First, the VPN server checks that the user is allowed to access the network.
This might require the user to enter a password, or use biometrics such as a fingerprint to identify
themselves. In some solutions, security certificates can be used to automatically authenticate the
user in the background, enabling a faster connection. This is particularly helpful where the user
needs to connect to multiple VPN servers – to access different site networks
11. REMOTE ACCESS VPN
Once the user is authenticated, the client and server establish an encrypted tunnel between
them.
This is a wrapper of encryption that protects the traffic going over the internet. There are lots of
different VPN protocols that can be used to set up the encryption tunnel: IPsec and SSL are
two that are often used.
The user can now access resources through the VPN server.
This gives them access to a company’s internal network to access files or software
Examples. Access Server by OpenVPN, Cisco AnyConnect, Perimeter 81 Next-Gen Secure VPN
Solns
12. PERSONAL VPN
A personal VPN service connects you to a VPN server, which then acts as a middleman between your device and
the online services you want to access.
The personal VPN – sometimes also called a ‘consumer’ or ‘commercial’ VPN – encrypts your connection, hides
your identity online, and lets you spoof your geographic location.
A personal VPN service differs from a remote access VPN in that it doesn’t give you access to a private network.
Instead, a personal VPN gives you access to the public internet, but over an encrypted connection.
13. PERSONNEL VPN
Streaming movies and TV shows videos that aren’t available in your geographic location..
Evading censorship and surveillance in authoritarian states, such as China and the UAE. The VPN gives
you access to content that is blocked by national firewalls, and hides your web traffic from state surveillance
systems.
Hiding your IP address to protect yourself from targeted Distributed Denial of Service (DDoS) attacks.
Gamers increasingly use short but intense DDoS attacks to block competitors and secure an unfair victory. A
VPN helps to avoid this.
Safeguarding your privacy online by stopping your internet service provider (ISP), governments, hackers,
and anyone else from snooping on your activity. ISPs sometimes throttle (or slow down) your connection if
they can see you are streaming games or movies. Using a VPN stops them from knowing what you’re doing
online.
Examples. OpenVPN, WireGuard ,ExpressVPN, NordVPN, CyberGhost, IPVanish, Surfshark
14. PERSONNEL VPN
Wkg
Install software from your VPN service provider onto your device.
Personal VPN apps are available on all sorts of devices, including smartphones. Alternatively,
you can install the software on your router to protect all the devices that connect to it.
Connect to a server in your VPN provider’s network.
Personal VPNs tend to have large server networks to choose from. If you just want to protect
your privacy, you should connect to a local server for the fastest speeds. If you want to unblock
streaming content, you need to choose a server in the country where that content is
accessible.
Browse the internet like normal.
While connected to the VPN, all your internet traffic goes through the service provider’s server.
Your connection is encrypted, your IP address is hidden, and you can access geographically
restricted content from other countries.
15. MOBILE VPN
While remote access VPNs let you connect to a local network from anywhere, they do assume that the user will
stay in one location. If the user disconnects, the IP tunnel closes.
A mobile VPN is a better option than a remote access VPN if the user is unlikely to have a stable connection, on the
same network, for the entire session.
With a mobile VPN, the VPN connection persists even if the user switches WiFi or cellular network, loses
connectivity, or switches their device off for a while.
16. MOBILE VPN
Mobile VPNs tend to be used to ensure consistent availability for mobile workers, or for the convenience
of having a VPN that tolerates connection changes. For example:
Firefighters and police officers can use a mobile VPN to stay connected to applications such as
vehicle registration databases, automatic vehicle location, and computer-aided dispatch, even as
they travel around.
Professionals working from home in an area with poor connectivity could use a mobile VPN to
maintain VPN access to the office all day, even when the connection is lost.
Wkg .
The user connects to the VPN and is authenticated.
Authentication options might include passwords, physical tokens such as smart cards, or biometric
devices such as fingerprint scanners. In some cases, certificates can be used so the authentication
happens automatically in the background.
The VPN tunnel is established between the user’s device and the server.
17. MOBILE VPN
In a remote access VPN, the VPN tunnel connects to the device’s physical IP address,
which is tied to its internet connection. In a mobile VPN, the VPN tunnel connects to
a logical IP address, which is tied to the device, and so is independent of the internet
connection.
The VPN connection persists as the user switches between different networks.
If the user is mobile, they might switch between networks (for example, between cellular
or WiFi networks). Their physical IP address can change, but the logical IP address the
VPN tunnel uses stays the same. The virtual network connection remains intact, so the
user can continue working seamlessly as long as they have any connection.
If the device is turned off to preserve the battery life, the VPN connection is still available
when the device is switched back on.
Examples. Bittium SafeMove Mobile VPN, Radio IP software
18. SITE TO SITE VPN
Site-to-site VPN
It is essentially a private network designed to hide private intranets and allow users of these secure
networks to access each other's resources.
Used when we have multiple locations, each with its own local area network (LAN) connected to the
WAN (Wide Area Network).
Useful, if we have two separate intranets between which we want to send files without users from
one intranet explicitly accessing the other.
19. SITE TO SITE VPN
Depending on who owns the networks being joined, there are generally two different forms of site-to-site
VPN:
Intranet-Based VPN: When the networks being connected belong to a single company, the
combined VPN is known as an intranet-based VPN. This enables a company to establish a single
wide area network (WAN) that spans two or more of its offices. Users in the company can access
resources from other sites as easily as if they were on their own site.
Extranet-Based VPN: When the networks being connected belong to different companies, the
combined VPN is known as an extranet-based VPN. An extranet VPN is used, for example, when a
company wants to connect to its supplier’s network, so they can trade more efficiently.
Implementation
Using an IPsec tunnel
Using a Dynamic MultiPoint VPN (DMVPN)
Using a Layer 3 VPN (L3VPN)
20. SITE TO SITE VPN
IPsec tunnel
An IPsec tunnel can be used to join sites together, in much the same way it connects individuals to a
private network within remote access VPNs.
In this case, however, the VPN is implemented by routers at the two or more sites that are
connecting to each other. For this reason, it’s sometimes also called a router-to-router VPN.
Whereas a remote access VPN creates a tunnel for one device to connect to the private network,
with a site-to-site VPN, the IPsec tunnel encrypts the traffic between the connected networks. This
can take two forms:
A route-based IPsec tunnel allows any traffic between the networks through. It’s like wiring the
networks together.
A policy-based IPsec tunnel sets up rules that decide what traffic is allowed through, and
which IP networks can talk to which other IP networks.
IPsec tunnels can be built using most firewalls and network routers.
21. SITE TO SITE VPN
Dynamic MultiPoint VPN (DMVPN)
The problem with IPsec tunnels is that IPsec connects two points to each other. In a site-to-site
network, for example, IPsec could be used to connect two routers to each other.
That doesn’t scale well in large companies with thousands of sites, where thousands of connections
might need to be established.
Instead, Cisco’s Dynamic MultiPoint VPN (DMVPN) technology offers a solution. It enables sites to
connect to the DMVPN hub router using dynamic IP addresses.
The network architecture is a hub-and-spoke design, which reflects the fact that most traffic goes
between branch sites (spokes) and the main site (hub), rather than between one branch and another.
Examples. Access Server by OpenVPN, Cisco’s Dynamic Multi Point VPN (DMVPN)
22. COMPARISON
Remote Access VPN Personal VPN Mobile VPN Site-to-Site VPN
Who Connects Where?
User connects to a
private network.
User connects to the
internet via a third-
party server.
User connects to a
private network.
Network connects to
another network.
Software Required?
Users usually need to
install software on their
device, or configure
their operating system.
Users install a VPN
service’s software onto
their device.
Users usually need to
install software on their
device, or configure
their operating system.
Users do not need to
run additional software.
Best Used For
Connecting to your
company’s network – or
any other private
network – from home
or another remote
location.
Protecting your privacy
and bypassing
geographic restrictions
online.
Achieving a consistent
connection to a private
network while using an
unstable internet
connection.
Joining up two or more
networks, to create a
combined single networ
23. BENEFITS
Secure encryption: to hide online activities on public networks
Disguising your whereabouts : VPN servers essentially act as your proxies on the internet.
To hide actual location
VPN services do not store logs of your activities
Potential record of user behavior remains permanently hidden
Access to regional content: Regional web content is not always accessible from
everywhere.
Services and websites often contain content that can only be accessed from certain parts
of the world.
Standard connections use local servers in the country to determine your location
With VPN location spoofing , you can switch to a server to another country and
effectively “change” your location.
Secure data transfer: If you work remotely, you may need to access important files on your
company’s network. VPN services connect to private servers and use encryption methods to
reduce the risk of data leakage.
24. CLI COMMANDS FOR SITE TO SITE VPN CONFIG
Initial step :
configure the topology
provide static routes
check the contv
Check the license of the router
enable
show version
check the security status
config terminal
license boot module c2900 technology-package securityk9
accept the end user license aggrement
do write
do reload
Router will boot after this and security version will be changed
25. CLI COMMANDS FOR SITE TO SITE VPN CONFIG
Part I : config IPSec parameters on Router 1
enable
config terminal
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key vpnpa55 address 10.2.2.2
crypto ipsec transform –set VPN-SET esp-aes esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
description VPN connection to R3
Set peer 10.2.2.2
Set transform –set VPN-SET
match address 100
exit
Interface s0/0/0
crypto map VPN-MAP
exit
26. CLI COMMANDS FOR SITE TO SITE VPN CONFIG
Part II : config IPSec parameters on Router 3
enable
config terminal
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key vpnpa55 address 10.1.1.12
crypto ipsec transform –set VPN-SET esp-aes esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
description VPN connection to R1
Set peer 10.1.1.2
Set transform –set VPN-SET
match address 100
exit
Interface s0/0/1
crypto map VPN-MAP
exit
27. Part III: test the contv of VPN
R1: show crypto ipsec sa
now ping from PC1 to PC3
again : show crypto ipsec sa
CLI COMMANDS FOR SITE TO SITE VPN CONFIG