CU-VPN Status Campus-wide VPN Service March 21, 2007.
-
date post
21-Dec-2015 -
Category
Documents
-
view
217 -
download
3
Transcript of CU-VPN Status Campus-wide VPN Service March 21, 2007.
Overview
Provides VPN service for individuals remote to campus – provides encrypted session from the end user to the VPN concentrator
Uses incumbent AAA backend services
Roughly analogous to dial-up services
Service Scenarios
Internet to campus private address space connectivity.
Encryption for traditionally non-ciphered applications (e.g. file service).
Additional access control to campus service.
Scenario: campus private address space
CampusPrivateInternet
CampusPublic
Internet
InternetCampus Internet
Public and Private address
128.84.0.016128.253.0.0/16132.236.0.0/16
10.84.0.01610.253.0.0/1610.236.0.0/16
Scenario: campus private address space
CampusPrivateInternet
CampusPublic
Internet
Internet
Home/Remote Connectivity
No access to Private Servers
128.84.0.016128.253.0.0/16132.236.0.0/16
10.84.0.01610.253.0.0/1610.236.0.0/16
X
Scenario: campus private address space
CampusPrivateInternet
CampusPublic
Internet
Internet
Home/Remote Connectivity
VPN access to Private Servers
128.84.0.016128.253.0.0/16132.236.0.0/16
10.84.0.01610.253.0.0/1610.236.0.0/16
VPNServer
Scenario: encrypting non-encrypted services
CampusPrivateInternet
CampusPublic
Internet
Internet
Home/Remote Connectivity
Encryption of Web and FileService
128.84.0.016128.253.0.0/16132.236.0.0/16
10.84.0.01610.253.0.0/1610.236.0.0/16
VPNServer
Initial Goals
Windows and OSX support. Cisco VPN client software (IPSec). Login with campus NetID. Basic Login and Traffic accounting. Network Quarantine support. Dual, load-balancing servers. On-campus testing through RedRover
IPSec VPN Tunnels
IPSec requires Cisco VPN client. Native VPN clients not supported.
Split-tunnel routing. Tunnels campus-only traffic; all other remote traffic routes normally.
3rd Party client required to insure split-tunneling, streamline support
CU-VPN Pilot
Started December 2006 Twelve participating departments Responses positive, particularly
where no remote-access solution in place
Wrap-up early-April for general availability