1 / 30

Configuring Virtual Private Networks for Remote Clients and Networks

Configuring Virtual Private Networks for Remote Clients and Networks. What Is Virtual Private Networking?. Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network

javier
Télécharger la présentation

Configuring Virtual Private Networks for Remote Clients and Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuring Virtual Private Networks for Remote Clients and Networks

  2. What Is Virtual Private Networking? • Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network • A VPN is a virtual network that enables communication between a remote access client and computers on the internal network or between two remote sites separated by a public network such as the Internet

  3. Types of VPNs Corporate Site • Remote Access VPN • Provides access to internal corporate network over the Internet • Reduces long distance, modem bank, and technical support costs Internet

  4. Types of VPN Corporate Site • Site-to-Site VPN • Connects multiple offices over Internet • Reduces dependencies on frame relay and leased lines Internet Branch Office

  5. Types of VPN Corporate Site • Extranet VPN • Provides business partners access to critical information (leads, sales tools, etc) • Reduces transaction and operational costs Internet Partner #2 Partner #1

  6. What a VPN needs • VPNs must be encrypted • so no one can read it • VPNs must be authenticated • No one outside the VPN can alter the VPN • All parties to the VPN must agree on the security properties

  7. VPN Topology • Operates at layer 2 or 3 of OSI model • Layer 2 frame – Ethernet • Layer 3 packet – IP • Tunneling • allows senders to encapsulate their data in IP packets that hide the routing and switching infrastructure of the Internet • to ensure data security against unwanted viewers, or hackers

  8. VPN Components Protocols: • IP Security (IPSec) • Transport mode • Tunnel mode • Point-to-Point Tunneling Protocol (PPTP) • Voluntary tunneling method • Uses PPP (Point-to-Point Protocol)

  9. VPN Components Protocols: • Layer 2 Tunneling Protocol (L2TP) • Exists at the data link layer of OSI • Composed from PPTP and L2F (Layer 2 Forwarding) • Compulsory tunneling method

  10. VPN Components Security: • Authentication • Determine if the sender is the authorized person and if the data has been redirect or corrupted • User/System Authentication • Data Authentication

  11. VPN Components

  12. Configuring Virtual PrivateNetworking forRemote Clients

  13. Creating a Remote Access PPTP VPN Server • Enabling the ISA Firewall’s VPN Server component • Creating an Access Rule allowing VPN Clients access to the Internal network • Enabling Dial-in Access for VPN User Accounts • Testing a PPTP VPN Connection

  14. Enable the VPN Server Enable VPN Client Access Warning About address assignment

  15. Assigning IP Address Assignment for Remote Users • Remote users that will be establishing a VPN tunnel require an IP address to properly communicate through the tunnel to the internal network

  16. Authenticating VPN Users • Authenticating directly against Active Directory • Implement RADIUS Authentication • Authenticate against local users

  17. Working with and Creating Rules for the VPN Clients Network create default rules that allow VPN clients access into the network

  18. RADIUS Authentication for VPNConnections Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support

  19. Setting Up the ISA Server as an IAS Client Define a RADIUS server shared key

  20. Configuring ISA to Use IAS for Authentication Modify RADIUS server settings for VPN client access Define a RADIUS server shared key in ISA

  21. Configuring an ISA VPN Connection to Use PPTP

  22. Creating Layer 2 Tunneling Protocol (L2TP) VPN Enter an IPSec pre-shared key.

  23. Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support • Installing the Enterprise Root Certificate Authority (CA) • Configuring the Enterprise Root CA • Requesting a Certificate for the ISA VPN Server • Requesting a Certificate for the VPN Client • Downloading the CA Certificate • Exporting and Importing Certificates

  24. Configuring Virtual Private Networking for Remote Sites

  25. Site-to-Site VPN Capabilities • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP) • IPSec Tunnel Mode

  26. Preparing ISA Servers for Site-to-Site VPN Capabilities • Define the IP Address Assignment • Enable VPN client access • Create local VPN user accounts on both servers, and enable dial-in access for those accounts. • Run through the Site-to-Site VPN wizard to configure all necessary networks, network rules, and access rules. • Repeat the steps on the remote server.

  27. Create VPN Site-to-Site

  28. Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote Offices Create a PPTP Site-to-Site VPN Connection

  29. Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN • Deciding Between Shared Key and PKI • Configuring a PKI Infrastructure for PKI-Based Certificate Encryption • Requesting a Certificate for the ISA VPN Server • Creating an L2TP/IPSec Site-to-Site VPN Connection

  30. Setting Up an IPSec Tunnel Mode VPN Connection

More Related