VIRTUAL PRIVATE NETWORK
description
Transcript of VIRTUAL PRIVATE NETWORK
![Page 1: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/1.jpg)
VIRTUAL PRIVATE NETWORK
By:
Tammy Be
Khoa Kieu
Stephen Tran
Michael Tse
![Page 2: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/2.jpg)
VPN Introduction
• Virtual private networking (VPN) in Microsoft Windows 2000 allows mobile users to connect over the Internet to a remote network.
• With virtual private networking, the user calls the local ISP and then uses the Internet to make the connection to the Network Access Server (NAS).
• Users only make a local call to the ISP instead of expensive long distance telephone calls to the remote access server.
![Page 3: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/3.jpg)
How VPN Works
• ISA Server is configured as a VPN Server• The local ISA VPN computer connects to its ISP• The remote VPN wizard runs on the ISA Server
on the remote network• The remote ISA Server VPN computer connects to
its ISP• When a computer on the local network
communicates with a computer on the remote network, data is encapsulated and sent through the VPN tunnel
![Page 4: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/4.jpg)
![Page 5: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/5.jpg)
Main Modules
• System Requirement
• VPN Requirement
• Microsoft Layer 2 Tunneling Protocols
• Cables/Service for Internet Connection
• How to Install and Enable VPN
• How to Configure the VPN Server
(Configure the Remote Access Server as a Router)
• How to Configure the VPN Client
![Page 6: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/6.jpg)
Module
System Requirement
![Page 7: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/7.jpg)
System Requirement
• Microsoft Windows 2000, Server
• Microsoft Windows 2000, Professional
![Page 8: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/8.jpg)
END OF SYSTEM REQUIREMENT MODULE
![Page 9: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/9.jpg)
Module
VPN Requirement
![Page 10: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/10.jpg)
VPN Requirement
• User Authentication
• Address Management
• Data Encryption
• Multi-Protocol Support
• Access Management
![Page 11: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/11.jpg)
User Authentication
• The solution must identify the user’s identity and only allow access to authorized users.
• The user account can be a local account on the VPN server or, in most cases, a domain account granted appropriate dial-in permissions.
• The default policy for remote access is “Allowed access if dial-in permission is enabled.”
![Page 12: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/12.jpg)
Address Management
• VPN must assign the client an IP address on the private network
• The VPN server can assign the clients IP address using DHCP or a static pool of IP addresses
• Clients typically will have an IP address from the ISP and an IP on the private network after the VPN connection is established
![Page 13: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/13.jpg)
Data Encryption
• Data sent and received over the Internet must be encrypted for privacy
• PPTP and L2TP use PPP-based data encryption methods
• Optionally you can use Microsoft Point-to-Point Encryption (MPPE), based on the RSA RCA algorithm
• Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server.
![Page 14: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/14.jpg)
Multi-Protocol Support
• Microsoft Layer 2 Tunneling Protocol supports multiple payload protocols, which makes it easy for tunneling clients to access their corporate networks using IP, IPX, and NetBUI.
![Page 15: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/15.jpg)
Access Management
• Manage addresses and name server– VPN must have IP address available to assign
to VPN client during the IP Control Protocol (IPCP) negotiation phase of the connection process.
– The IP address assigned to the VPN client is assigned to virtual interface of the VPN client.
• Manage access by user account• Manage access by group membership
![Page 16: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/16.jpg)
END OF VPN REQUIRMENT MODULE
![Page 17: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/17.jpg)
Module
Microsoft Layer 2 Tunneling Protocols
![Page 18: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/18.jpg)
Microsoft Layer 2 Tunneling Protocols
• PPTP – Point-to-Point Tunneling Protocol– Uses a TCP connection for tunnel maintenance and
generic routing encapsulated PPP frames for tunneled data.
– The payloads of the encapsulated PPP frames can be encrypted and/or compressed.
• L2TP – Layer 2 Tunneling Protocol– Uses UDP and a series of L2TP messages for tunnel
maintenance.
![Page 19: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/19.jpg)
END OF MICROSOFT LAYER 2 TUNNELING PROTOCOL
![Page 20: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/20.jpg)
Module
Cables/Service for Internet Connection
![Page 21: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/21.jpg)
Cables/service for Internet Connection
• Should use a dedicated line such as T-1, Fractional T-1, or Frame Relay.
– T-1: a dedicated phone connection supporting data rates of 1.544Mbits per second, consists of 24 individual channels, each supports 64Kbits per second.
– Fractional T-1: One or more channels of a T-1 services, less bandwidth, and less expensive.
– Frame Relay: ( a way of utilizing existing T-1 and T-3 lines owned by a service provider), a packet-switching protocol for connecting devices on a WAN.
![Page 22: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/22.jpg)
END OF CABLES/SERVICE FOR INTERNET CONNECTION
MODULE
![Page 23: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/23.jpg)
Module
How to Install and Enable VPN
![Page 24: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/24.jpg)
Install and Enable VPN
• VPN is automatically installed when one installs Windows 2000
![Page 25: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/25.jpg)
![Page 26: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/26.jpg)
![Page 27: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/27.jpg)
![Page 28: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/28.jpg)
![Page 29: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/29.jpg)
![Page 30: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/30.jpg)
INTERNET CONNECTION NEDDED (DSL)CAN LEASE T-1 LINE
COMPANY WILL PROVIDE REALIP ADDRESS
![Page 31: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/31.jpg)
![Page 32: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/32.jpg)
![Page 33: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/33.jpg)
![Page 34: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/34.jpg)
END OF HOW TO INSTALL AND ENABLE VPN MODULE
![Page 35: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/35.jpg)
Module
How to Configure the VPN Server
![Page 36: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/36.jpg)
How to Configure the VPN Server(Configure the Remote Access Server as a Router) :
Preview
• Allow remote access server to forward traffic properly in side network.
• Allow other locations in the intranet to be reached from the remote access.
• Configure as router with static route or routing protocols.
![Page 37: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/37.jpg)
Steps for Configuring Remote Access Server as a Router
start Administrative Tools
Click Routing & Remote Access Right-click Server Name
Click PropertiesOn General tap
Click Enable This ComputerAs a Router
Select either LAN routingonly or LAN and demand dial routing
Ok
![Page 38: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/38.jpg)
END OF HOW TO CONFIGURE THE VPN SERVER MODULE
![Page 39: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/39.jpg)
Module
How to Configure the VPN Client
![Page 40: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/40.jpg)
![Page 41: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/41.jpg)
![Page 42: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/42.jpg)
![Page 43: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/43.jpg)
![Page 44: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/44.jpg)
![Page 45: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/45.jpg)
![Page 46: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/46.jpg)
![Page 47: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/47.jpg)
![Page 48: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/48.jpg)
END OF HOW TO CONFIGURE A VPN CLIENT
![Page 49: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/49.jpg)
Summary
• VPN must assign the client an IP address on the private network
• Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server
![Page 50: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/50.jpg)
Web Reference
• For more information on VPN, visit www.Microsoft.com – Keyword “VPN”
![Page 51: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/51.jpg)
Glossary
• Virtual Private Network (VPN)- a network that is constructed by using public wires to connect nodes.
• Tunneling- A technology that enables one network to send its data via another network's connections.
• Point-to-Point Tunneling Protocol (PPTP)- is used to ensure that messages transmitted from one VPN node to another are secure.
• Layer Two Tunneling Protocol (L2TP)- Provides data encryption, authentication, and integrity and IPSec.
![Page 52: VIRTUAL PRIVATE NETWORK](https://reader036.fdocuments.net/reader036/viewer/2022062804/568149bb550346895db6f196/html5/thumbnails/52.jpg)
END OF VPN PROJECT