1 / 31

Virtual Private Networks

Virtual Private Networks. An Economical Option for Broadband Connectivity. Virtual Private Networks. Darin Dugan dddugan@iastate.edu. Brian Webster bwebster@iastate.edu. Agenda. Current ISU Extension network Why do we need a Virtual Private Network? What is a Virtual Private Network?

wilona
Télécharger la présentation

Virtual Private Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks An Economical Option for Broadband Connectivity

  2. Virtual Private Networks Darin Dugan dddugan@iastate.edu Brian Webster bwebster@iastate.edu

  3. Agenda • Current ISU Extension network • Why do we need a Virtual Private Network? • What is a Virtual Private Network? • Types of VPNs, typical configurations • What ISU Extension has done • Lessons learned • Cost analysis • Conclusion

  4. Current ISU Extension network • 107 county and area offices • Frame-relay • 56k links aggregated into 3 T1s • Bandwidth unchanged since 1994 • Local file storage and network printing managed centrally from ISU campus

  5. Problems • Low speed • High cost

  6. Solutions • Increase spending (funding) • Find alternative technologies

  7. Increase spending • Increase state/federal appropriations • Pursue grants • Form strategic partnerships • Any way you cut it, this is a difficult thing to do

  8. Alternative technologies • Broadband options are increasingly common • A connection to the Internet is probably less costly than a connection to your central site • How to manage effectively? • Virtual Private Networks

  9. Why do we need a VPN? • Security • Remote management • Ability to “touch” workstations • Network identity • ISP service filtering and firewalls

  10. What is a Virtual Private Network? • According to Webopedia.com: a network that is constructed by using public wires to connect nodes. For example … using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

  11. What is a Virtual Private Network? • Uses a public network (the Internet) • Secured through encryption • Limited access • Logically acts like a traditional private network

  12. Benefits • Connection-independent • Comparable equipment cost • Secure – all data encrypted • Extend the network to anywhere

  13. Typical VPN tunnel • IPSec • 3DES encryption • Pre-shared keys • L2TP with IPSec • 3DES encryption • Digital certificates • Multi-protocol • PPTP • MPPE encryption

  14. Two types of VPNs • Remote-user • Usually software-based • Workstation to central site • Best for roaming users • Remote-site • Connect sites to each other • Hardware- or software-based • Best for entire office

  15. Typical frame-relay network Central Site (Campus) Internet physical and logical Remote Office (Field)

  16. Typical Internet-connected network Central Site (Campus) Internet physical and logical Remote Office (Field)

  17. Typical virtual private network Central Site (Campus) Internet logical physical Remote Office (Field)

  18. Split-tunneling • Two logical networks • VPN tunnel to central site • Direct to Internet (not tunneled) • Reduces bandwidth used at central site • Allows Internet access when central site is down • Could introduce security risks – bypasses central site firewall, policies, etc

  19. Split-tunneled VPN Central Site (Campus) Internet Remote Office (Field)

  20. Equipment options • Software-based • Linux, BSD, Windows 2000, etc • Re/use commodity PC hardware • Might perform double-duty as fileserver, etc • Hardware-based • Dedicated system • “Black box” • Alcatel, Check Point, Cisco, Intel, Network Associates, SonicWALL, others

  21. Hardware used • Cisco VPN devices • Familiar with Cisco brand • Most of ISU uses Cisco devices • State contract • Existing Cisco infrastructure

  22. Hardware used – central site • Cisco VPN 3030 Concentrator • Hardware-based encryption • Up to 1500 simultaneous tunnels • Up to 50 Mbit encrypted throughput • Appliance-like functionality • Does not use Cisco IOS

  23. Hardware used – remote sites • Cisco VPN 3002 Client • Hardware-based encryption • Up to 2 Mbit encrypted throughput • Appliance-like functionality • Does not use Cisco IOS • Two modes • Client mode – uses NAT to hide LAN • Network Extension Mode – LAN is fully routable

  24. Real-world testing • Positive results • DSL, cable, wireless, dial-up • About 10% overhead • Two active pilots • DSL – over three months • Wireless – over four months • Negative results • Satellite

  25. Lessons learned – VPN 3000 series • Easy to set up and configure • Reliability depends on service • Works well for both site-to-site and remote-user tunnels • Appliance-like functionality • Not as flexible as some other products • Does not properly support split-tunneling

  26. Other Cisco hardware choices • 1710 or 1720 for remote sites • Most flexible • Uses Cisco IOS • Up to 4 Mbit encrypted throughput • 3600, 7100 or 7200 series for central site • Most flexible • Uses Cisco IOS • Multi-purpose

  27. Cost Analysis • Frame-relay • 56 Kbit service • Line charges: $275k per year • Average $2570 per office per year • Average $214 per office per month • Remote site hardware: $1500 (each, approx.)

  28. Cost Analysis • Virtual Private Network (actual example) • 768/512 Kbit DSL service • $99.95 per office per month • $1200 per office per year • 20 service locations • Remote site hardware: $900 (each, approx.)

  29. Cost Analysis • Line cost savings: • $2570 - $1200 = $1370 per office per year • Hardware cost: • $1370 - $900 = $470 still saved! • Pays for itself within the first year • Bandwidth dramatically increased • After the first year, saves $25k+ per year

  30. More information • VPN Concepts • http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/vpnmon/1_x/1_0/using/vpnmcon.htm • Virtual Private Network Consortium • http://www.vpnc.org • Introduction to IPSec • http://www.cisco.com/warp/public/105/IPSECpart1.html • Various whitepapers • http://directory.google.com/Top/Computers/Security/Virtual_Private_Networks/Whitepapers/

  31. Questions Darin Dugan dddugan@iastate.edu Brian Webster bwebster@iastate.edu

More Related