1 / 12

VPN – Technologies and Solutions

VPN – Technologies and Solutions. CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui. Virtual Private Network (VPN). a private network constructed within a public network infrastructure, such as the global Internet two categories of VPNs

jeneil
Télécharger la présentation

VPN – Technologies and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui

  2. Virtual Private Network (VPN) a private network constructed within a public network infrastructure, such as the global Internet two categories of VPNs A remote access VPN enables remotely located employees to communicate with a central location. Site-to-site VPN interconnects two private networks via a public network such as the Internet

  3. Protocols used by VPN Point-to-Point-Tunneling Protocol (PPTP) simple VPN technology based on point-to-point protocol supports multiple encapsulation, authentication, and encryption. Layer 2 Tunneling Protocol (L2TP) combination of PPTP and Layer 2 Forwarding (L2F) Two types of L2TP L2TP Access Concentrator (LAC) L2TP Network Server (LNS) Internet Protocol Security (IPSec) framework for protecting the confidentiality and integrity of data in transit A common use of IPSec is the construction of a VPN

  4. IPSec Protocols IPSec defines new set of headers to be added to IP datagrams ESP - Confidentiality, data integrity, and data source authentication. (frc2406) AH - Data integrity, source authentication (frc2402)

  5. IPSec Modes Transport Mode Protect upper-layer protocol, endpints exposed IPSec header insert between IP header and upper layer protocol header Tunnel Mode Entire IP Packet is protected, become payload of new packet IPSec header is inserted between the outer and inner IP header. Used by gateway for VPN, perform encryption on behalf of host IPSec SA Relationship between entities on how to communicate securely. Unidirectional, two for each pair, one from A to B, and B to A Identified by a SPI, destination addr, security protocol identifier

  6. IPSec Phases SPD • Security Policy Database maintains IPSec Policy • Each entry defines the traffic to be protected, how to protect • Three actions on traffic match: discard, bypass and protect • IP traffic mapped to IPSec policy by selector IKE • Establish security parameters, authentication (SAs) between IPSec peers • IKE SAs defines the way in which two peers communicate, which algorithm to use to encrypt IKE traffic, how to authenticate the remote peers. • SPD instruct IKE what to establish, IKE establish IPSec SAs based on its own policy settings Phase 1 communication • Identify the peers. • Create IKE SAs by authentication and key exchange • One side offers a set of algorithm, other side accept or reject. Derive key material to use for IPSec with AH, ESP or both Phase 2 communication • IPSec SAs negotiations are under protection of IKE SAs created in phase 1 • IPSec shared key derived by using Diffie-Hellman or refresh shared secret.

  7. VPN Solutions Access VPN offers remote access to a company’s Intranet or Extranet. Example: employees who are on business trip or in home office Intranet VPN offers the Intranet connection. Example: Branch offices Extranet VPN offers the Extranet connection. Example: Business partners, customers

  8. VPN Solutions – Benefits Access VPN Economical: Internet access Vs. long distance dialup Secure Intranet VPN Economical: ISP Vs. dedicated connection Flexible: topological design, new office Reliable: Redundant ISP Secure Extranet VPN Same as Intranet VPN Management, Authentication and authorization

  9. VPN Example

  10. VPN Example - Extranet VPN

  11. Conclusion • Cheaper and Secure, Go for it!

  12. Q & A Any questions?

More Related