SlideShare une entreprise Scribd logo

Full manual

Manu Venugopal
Manu Venugopal
Technologie
1  sur  24
Télécharger pour lire hors ligne
n/a October 2005 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Virtual Private Networking Basics
ii v1.0, October 2005 © 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this document are copyright Intoto, Inc. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Product and Publication Details Model Number: n/a Publication Date: October 2005 Product Family: Product Family Product Name: n/a Home or Business Product: n/a Language: English Publication Version Number: 1.0
iii v2.0, August 2005 Contents Virtual Private Networking Basics Chapter 1 About This Manual Audience, Scope, Conventions, and Formats ................................................................1-1 How to Use this Manual ..................................................................................................1-2 How to Print this Manual .................................................................................................1-2 Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? .................................................................................2-1 What Is IPSec and How Does It Work? ..........................................................................2-2 IPSec Security Features ..........................................................................................2-2 IPSec Components ..................................................................................................2-3 Encapsulating Security Payload (ESP) ....................................................................2-3 Authentication Header (AH) .....................................................................................2-4 Security Association .................................................................................................2-4 Key Management .....................................................................................................2-6 Understand the Process Before You Begin ....................................................................2-6 VPN Process Overview ..................................................................................................2-7 Network Interfaces and Addresses ..........................................................................2-7 Setting Up a VPN Tunnel Between Gateways .........................................................2-9 VPNC IKE Security Parameters ...................................................................................2-11 VPNC IKE Phase I Parameters ..............................................................................2-11 VPNC IKE Phase II Parameters .............................................................................2-11 Testing and Troubleshooting .........................................................................................2-12 Additional Reading .......................................................................................................2-12 Appendix A Worksheet Record Your Internet Connection Information ............................................................... A-1
iv v2.0, August 2005
About This Manual 1-1 v1.0, October 2005 Chapter 1 About This Manual This chapter describes the intended audience, scope, conventions, and formats of this manual. Audience, Scope, Conventions, and Formats This manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, and firewall technologies tutorial information is provided on the NETGEAR Web site. This manual uses the following typographical conventions: This manual uses the following formats to highlight special messages: Table 1-1. Typographical Conventions italics Emphasis, books, CDs, URL names bold User input fixed font Screen text, file and server names, extensions, commands, IP addresses Note: This format is used to highlight information of importance or special interest. Tip: This format is used to highlight a procedure that will save time or resources.
Virtual Private Networking Basics 1-2 About This Manual v1.0, October 2005 How to Use this Manual The HTML version of this manual includes the following: • Buttons, and , for browsing forwards or backwards through the manual one page at a time • A button that displays the table of contents. Double-click on a link in the table of contents to navigate directly to where the topic is described in the manual. • A button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters. How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents. • Printing a Chapter. Use the PDF of This Chapter link at the top left of any page. — Click the “PDF of This Chapter” link at the top right of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. — Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. — Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
Virtual Private Networking Basics About This Manual 1-3 v1.0, October 2005 • Printing the Full Manual. Use the Complete PDF Manual link at the top left of any page. — Click the Complete PDF Manual link at the top left of any page in the manual. The PDF version of the complete manual opens in a browser window. — Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
Virtual Private Networking Basics 1-4 About This Manual v1.0, October 2005
Virtual Private Networking Basics 2-1 v1.0, October 2005 Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. A VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access. The term VPN was originally used to describe a secure connection over the Internet. Today, however, VPN is also used to describe private networks, such as Frame Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS). A key aspect of data security is that the data flowing across the network is protected by encryption technologies. Private networks lack data security, which can allow data attackers to tap directly into the network and read the data. IPSec-based VPNs use encryption to provide data security, which increases the network’s resistance to data tampering or theft. IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. VPNs are traditionally used for: • Intranets: Intranets connect an organization’s locations. These locations range from the headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also very expensive compared to Internet-access technologies, such as DSL or cable. Because of this, organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to create these networks.
Virtual Private Networking Basics 2-2 Virtual Private Networking Basics v1.0, October 2005 • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization’s modem pool is one method of access for remote workers, but it is expensive because the organization must pay the associated long distance telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications to their organization. • Extranets: Extranets are secure connections between two or more organizations. Common uses for extranets include supply-chain management, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for extranet connections. IPSec-capable devices can be quickly and inexpensively installed on existing Internet connections. What Is IPSec and How Does It Work? IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit. IPSec Security Features IPSec is the most secure method commercially available for connecting network sites. IPSec was designed to provide the following security features when transferring packets across networks: • Authentication: Verifies that the packet received is actually from the claimed sender. • Integrity: Ensures that the contents of the packet did not change in transit. • Confidentiality: Conceals the message content through encryption.
Virtual Private Networking Basics Virtual Private Networking Basics 2-3 v1.0, October 2005 IPSec Components IPSec contains the following elements: • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key management and Security Association (SA) management. Encapsulating Security Payload (ESP) ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection. IPSec provides an open framework for implementing industry standard algorithms, such as SHA and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet, which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a packet has been tampered with. Furthermore, packets that are not authenticated are discarded and not delivered to the intended receiver. ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opposite process, called decryption, translates the message content from an unreadable format to a readable message. Encryption/ decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has an option to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header. Figure 2-1
Virtual Private Networking Basics 2-4 Virtual Private Networking Basics v1.0, October 2005 The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. Authentication Header (AH) AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. AH also provides optional anti-replay protection, which protects against unauthorized retransmission of packets. The authentication header is inserted into the packet between the IP header and any subsequent packet contents. The payload is not touched. Although AH protects the packet’s origin, destination, and contents from being tampered with, the identity of the sender and receiver is known. In addition, AH does not protect the data’s confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together. In the following table, IP HDR represents the IP header and includes both source and destination IP addresses. Security Association IPSec introduces the concept of the Security Association (SA). An SA is a logical connection between two devices transferring data. An SA provides data protection for unidirectional traffic by using the defined IPSec protocols. An IPSec tunnel typically consists of two unidirectional SAs, which together provide a protected, full-duplex data channel. The SAs allow an enterprise to control exactly what resources may communicate securely, according to security policy. To do this an enterprise can set up multiple SAs to enable multiple secure VPNs, as well as define SAs within the VPN to support different departments and business partners. Figure 2-2
Virtual Private Networking Basics Virtual Private Networking Basics 2-5 v1.0, October 2005 Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, but transport mode is used for host-to-host IPSec tunnel protection. A gateway is a device that monitors and manages incoming and outgoing network traffic and routes the traffic accordingly. A host is a device that sends and receives network traffic. • Transport Mode: The transport mode IPSec implementation encapsulates only the packet’s payload. The IP header is not changed. After the packet is processed with IPSec, the new IP packet contains the old IP header (with the source and destination IP addresses unchanged) and the processed packet payload. Transport mode does not shield the information in the IP header; therefore, an attacker can learn where the packet is coming from and where it is going to. Figure 2-1 and Figure 2-2 above show a packet in transport mode. • Tunnel Mode: The tunnel mode IPSec implementation encapsulates the entire IP packet. The entire packet becomes the payload of the packet that is processed with IPSec. A new IP header is created that contains the two IPSec gateway addresses. The gateways perform the encapsulation/decapsulation on behalf of the hosts. Tunnel mode ESP prevents an attacker from analyzing the data and deciphering it, as well as knowing who the packet is from and where it is going. Note: .AH and ESP can be used in both transport mode and tunnel mode. Figure 2-3
Virtual Private Networking Basics 2-6 Virtual Private Networking Basics v1.0, October 2005 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and receiver of a message can access it. IPSec requires that keys be re-created, or refreshed, frequently so that the parties can communicate securely with each other. IKE manages the process of refreshing keys; however, a user can control the key strength and the refresh frequency. Refreshing keys on a regular basis ensures data confidentiality between sender and receiver. Understand the Process Before You Begin This manual provides examples of how to configure a secure IPSec VPN tunnel. This document assumes the reader has a working knowledge of NETGEAR management systems. NETGEAR, Inc. is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor interoperability. The VPN Consortium has developed specific scenarios to aid system administrators in the often confusing process of connecting two different vendor implementations of the IPSec standard. The examples in this manual follow the addressing and configuration mechanics defined by the VPN Consortium. Additional information regarding inter-vendor interoperability may be found at http://www.vpnc.org/interop.html. It is a good idea to gather all the necessary information required to establish a VPN before you begin the configuration process. You should understand whether the firmware is up-to-date, all of the addresses that will be necessary, and all of the parameters that need to be set on both sides. Try to understand any incompatibilities before you begin, so that you minimize any potential complications which may arise from normal firewall or WAN processes. If you are not a full-time system administrator, it is a good idea to familiarize yourself with the mechanics of a VPN. The brief description below in this document will help. Other good sources include: • The NETGEAR VPN Tutorial – http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium – http://www.vpnc.org/ • The VPN bibliography in Additional Reading on page 2-12.
Virtual Private Networking Basics Virtual Private Networking Basics 2-7 v1.0, October 2005 VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the generic processes for connecting two gateways before diving into to the specifics. Network Interfaces and Addresses The VPN gateway is aptly named because it functions as a “gatekeeper” for each of the computers connected on the Local Area Network behind it. In most cases, each gateway will have a “public” facing address (WAN side) and a “private” facing address (LAN side). These addresses are referred to as the “network interface” in documentation regarding the construction of VPN communication. Please note that the addresses used in the example. Interface Addressing This document uses example addresses provided the VPN Consortium. It is important to understand that you will be using addresses specific to the devices that you are attempting to connect via IPSec VPN. It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct. Figure 2-4 Gateway A 22.23.24.2514.15.16.17 10.5.6.0/24 172.23.9.0/24 172.23.9.110.5.6.1 WAN IP WAN IP LAN IPLAN IP Gateway B VPNC Example Network Interface Addressing
Virtual Private Networking Basics 2-8 Virtual Private Networking Basics v1.0, October 2005 It will also be important to know the subnet mask of both gateway LAN Connections. Use the worksheet in Appendix A to gather the necessary address and subnet mask information to aid in the configuration and troubleshooting process. Firewalls It is important to understand that many gateways are also firewalls. VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Please refer to the firewall instructions for both gateways to understand how to open specific protocols, ports, and addresses that you intend to allow. Table 2-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing Gateway LAN or WAN VPNC Example Address Gateway A LAN (Private) 10.5.6.1 Gateway A WAN (Public) 14.15.16.17 Gateway B LAN (Private) 22.23.24.25 Gateway B WAN (Public) 172.23.9.1 Table 2-2. Subnet Addressing Gateway LAN or WAN Interface Name Example Subnet Mask Gateway A LAN (Private) Subnet Mask A 255.255.255.0 Gateway B LAN (Private) Subnet Mask B 255.255.255.0
Virtual Private Networking Basics Virtual Private Networking Basics 2-9 v1.0, October 2005 Setting Up a VPN Tunnel Between Gateways An SA, frequently called a tunnel, is the set of information that allows two entities (networks, PCs, routers, firewalls, gateways) to “trust each other” and communicate securely as they pass information over the Internet. The SA contains all the information necessary for Gateway A to negotiate a secure and encrypted communication stream with Gateway B. This communication is often referred to as a “tunnel.” The gateways contain this information so that it does not have to be loaded onto every computer connected to the gateways. Figure 2-5
Virtual Private Networking Basics 2-10 Virtual Private Networking Basics v1.0, October 2005 Each gateway must negotiate its Security Association with another gateway using the parameters and processes established by IPSec. As illustrated below, the most common method of accomplishing this process is via the Internet Key Exchange (IKE) protocol which automates some of the negotiation procedures. Alternatively, you can configure your gateways using manual key exchange, which involves manually configuring each paramter on both gateways. The IPSec software on Host A initiates the IPSec process in an attempt to communicate with Host B. The two computers then begin the Internet Key Exchange (IKE) process. IKE Phase I. a. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. b. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital certificates. c. A shared master key is generated by the Diffie-Hellman Public key algorithm within the IKE framework for the two parties. The master key is also used in the second phase to derive IPSec keys for the SAs. IKE Phase II. a. The two parties negotiate the encryption and authentication algorithms to use in the IPSec SAs. b. The master key is used to derive the IPSec keys for the SAs. Once the SA keys are created and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. Figure 2-6 VPN GatewayVPN Gateway 1) Communication request sent to VPN Gateway 2) IKE Phase I authentication 3) IKE Phase II negotiation 4) Secure data transfer 5) IPSec tunnel termination IPSec Security Association IKE VPN Tunnel Negotiation Steps
Virtual Private Networking Basics Virtual Private Networking Basics 2-11 v1.0, October 2005 Data transfer. Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IPSec tunnel termination. IPSec SAs terminate through deletion or by timing out. VPNC IKE Security Parameters It is important to remember that both gateways must have the identical parameters set for the process to work correctly. The settings in these examples follow the examples given for Scenario 1 of the VPN Consortium. VPNC IKE Phase I Parameters The IKE Phase 1 parameters used: • Main mode • TripleDES • SHA-1 • MODP group 1 • pre-shared secret of "hr5xb84l6aa9r6" • SA lifetime of 28800 seconds (eight hours) VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 seconds (one hour)
Virtual Private Networking Basics 2-12 Virtual Private Networking Basics v1.0, October 2005 Testing and Troubleshooting Once you have completed the VPN configuration steps you can use computers, which are located behind each of the gateways, to ping various addresses on the LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the NETGEAR gateway to determine if IKE negotiation is working. Common problems encountered in setting up VPNs include: • Parameters may be configured differently on Gateway A vs. Gateway B. • Two LANs set up with similar or overlapping addressing schemes. • So many required configuration parameters mean errors such as mistyped information or mismatched parameter selections on either side are more likely to happen. Additional Reading • Building and Managing Virtual Private Networks, Dave Kosiur, Wiley & Sons; ISBN: 0471295264. • Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick and Steven M. Bellovin, Addison-Wesley; ISBN: 0201633574. • VPNs A Beginners Guide, John Mains, McGraw Hill; ISBN: 0072191813. • [FF98] Floyd, S., and Fall, K., Promoting the Use of End-to-End Congestion Control in the Internet. IEEE/ACM Transactions on Networking, August 1999. Relevant RFCs listed numerically: • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. • [RFC 1483] Multiprotocol Encapsulation over ATM Adaptation Layer 5, Juha Heinanen, Telecom Finland, July 1993. • [RFC 2401] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, November 1998. • [RFC 2407] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, November 1998.
Virtual Private Networking Basics Virtual Private Networking Basics 2-13 v1.0, October 2005 • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, December 1998. • [RFC 2475] S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss, An Architecture for Differentiated Services, December 1998. • [RFC 2481] K. Ramakrishnan, S. Floyd, A Proposal to Add Explicit Congestion Notification (ECN) to IP, January 1999. • [RFC 2408] D. Maughan, M. Schertler, M. Schneider, J. Turner, Internet Security Association and Key Management Protocol (ISAKMP). • [RFC 2409] D. Harkins, D.Carrel, Internet Key Exchange (IKE) protocol. • [RFC 2401] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol.
Virtual Private Networking Basics 2-14 Virtual Private Networking Basics v1.0, October 2005
Worksheet A-1 v1.0, October 2005 Appendix A Worksheet Record Your Internet Connection Information Print these pages. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs. If you connect using a login name and password, enter the following: Login Name: ______________________________ Password: ____________________________ Service Name: _____________________________ Fixed or Static IP Address: If you have a static IP address, record the following information. For example, 169.254.141.148 could be a valid IP address. Fixed or Static Internet IP Address: ______ ______ ______ ______ Gateway IP Address: ______ ______ ______ ______ Subnet Mask: ______ ______ ______ ______ ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Primary DNS Server IP Address: ______ ______ ______ ______ Secondary DNS Server IP Address: ______ ______ ______ ______ Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or home. If you have not been given host or domain names, you can use the following examples as a guide: • If your main e-mail account with your ISP is aaa@xxx.yyy.com, then use aaa as your host name. Your ISP might call this your account, user, host, or system name. • If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name. ISP Host Name: _________________________ ISP Domain Name: _______________________ For Wireless Access: See the configuration worksheet in the Resource Manual for your NETGEAR wireless equipment.
Virtual Private Networking Basics A-2 Worksheet v1.0, October 2005

Recommandé

IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...Frank Altenburg
 
Using Information Technology
Using Information TechnologyUsing Information Technology
Using Information TechnologyUniversitas Teknokrat Indonesia
 
CIS 293 Effective Communication/tutorialrank.com
CIS 293 Effective Communication/tutorialrank.com CIS 293 Effective Communication/tutorialrank.com
CIS 293 Effective Communication/tutorialrank.comjonhson184
 
David nickerson resume--gd
David nickerson resume--gdDavid nickerson resume--gd
David nickerson resume--gdDave Nickerson
 
82 87
82 8782 87
82 87Ijarcsee Journal
 
Week2
Week2Week2
Week2trayyoo
 
Networking course khurram shahzad
Networking course khurram shahzadNetworking course khurram shahzad
Networking course khurram shahzadkhurrak_shahzad
 
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...Franziska Tanner
 

Recommandé

IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...Frank Altenburg
 
Using Information Technology
Using Information TechnologyUsing Information Technology
Using Information TechnologyUniversitas Teknokrat Indonesia
 
CIS 293 Effective Communication/tutorialrank.com
CIS 293 Effective Communication/tutorialrank.com CIS 293 Effective Communication/tutorialrank.com
CIS 293 Effective Communication/tutorialrank.comjonhson184
 
David nickerson resume--gd
David nickerson resume--gdDavid nickerson resume--gd
David nickerson resume--gdDave Nickerson
 
82 87
82 8782 87
82 87Ijarcsee Journal
 
Week2
Week2Week2
Week2trayyoo
 
Networking course khurram shahzad
Networking course khurram shahzadNetworking course khurram shahzad
Networking course khurram shahzadkhurrak_shahzad
 
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...
Connect2013: BP306 Connecting the Dots between IBM Domino, Notes 9 and IBM Co...Franziska Tanner
 
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...edirin aphunu
 
CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   bellflower44
 
A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)Tuan Yang
 
WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2Bruce Watson
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Networkhypknight
 
Big Data With Graphs
Big Data With GraphsBig Data With Graphs
Big Data With GraphsRed Pill Now
 
Telecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyTelecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
BES On Domino
BES On DominoBES On Domino
BES On DominoLisa Duke
 
EarthLink Business - Business Continuity
EarthLink Business - Business ContinuityEarthLink Business - Business Continuity
EarthLink Business - Business ContinuityMike Ricca
 
Internet vs intranet vs extranet
Internet vs intranet vs extranetInternet vs intranet vs extranet
Internet vs intranet vs extranetMohsinHusenManasiya
 
CCNA 4 Hierarchical Network Design
CCNA 4 Hierarchical Network DesignCCNA 4 Hierarchical Network Design
CCNA 4 Hierarchical Network DesignJonathan Alvarado Covarrubias
 
Unified Gateway product presentation
Unified Gateway product presentationUnified Gateway product presentation
Unified Gateway product presentationVivek Shenoy
 
EarthLink Business Hosted Voice
EarthLink Business Hosted VoiceEarthLink Business Hosted Voice
EarthLink Business Hosted VoiceMike Ricca
 
Windows 7 Features & Demos
Windows 7 Features & DemosWindows 7 Features & Demos
Windows 7 Features & DemosAmit Gatenyo
 
L25 network fundamentals
L25 network fundamentalsL25 network fundamentals
L25 network fundamentalsheidirobison
 
Suraido12
Suraido12Suraido12
Suraido12ringoattocin
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaaDhani Ahmad
 
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...0xdaryl
 
Policy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages TermsPolicy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages TermsAlison Cooper
 
Ch 02 variabel
Ch 02 variabelCh 02 variabel
Ch 02 variabelRiri Safitri
 
Week 3 pp
Week 3 ppWeek 3 pp
Week 3 ppAShank1964
 
Design Principles
Design PrinciplesDesign Principles
Design PrinciplesHaleigh Sills
 

Contenu connexe

Tendances

DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...edirin aphunu
 
CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   bellflower44
 
A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)Tuan Yang
 
WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2Bruce Watson
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Networkhypknight
 
Big Data With Graphs
Big Data With GraphsBig Data With Graphs
Big Data With GraphsRed Pill Now
 
BES On Domino
BES On DominoBES On Domino
BES On DominoLisa Duke
 
EarthLink Business - Business Continuity
EarthLink Business - Business ContinuityEarthLink Business - Business Continuity
EarthLink Business - Business ContinuityMike Ricca
 
Internet vs intranet vs extranet
Internet vs intranet vs extranetInternet vs intranet vs extranet
Internet vs intranet vs extranetMohsinHusenManasiya
 
Unified Gateway product presentation
Unified Gateway product presentationUnified Gateway product presentation
Unified Gateway product presentationVivek Shenoy
 
EarthLink Business Hosted Voice
EarthLink Business Hosted VoiceEarthLink Business Hosted Voice
EarthLink Business Hosted VoiceMike Ricca
 
Windows 7 Features & Demos
Windows 7 Features & DemosWindows 7 Features & Demos
Windows 7 Features & DemosAmit Gatenyo
 
L25 network fundamentals
L25 network fundamentalsL25 network fundamentals
L25 network fundamentalsheidirobison
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaaDhani Ahmad
 
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...0xdaryl
 

Tendances (18)

DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
DESIGN OF A WIRELESS COMMUNICATION SOFTWARE BETWEEN MULTIPLE CLIENTS AND A SI...
 
CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   CIS 293 Imagine Your Future/newtonhelp.com   
CIS 293 Imagine Your Future/newtonhelp.com   
 
A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)A Deep Dive in the World of IT Networking (Part 2)
A Deep Dive in the World of IT Networking (Part 2)
 
WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2WatsonBruce Ikadega sample 2
WatsonBruce Ikadega sample 2
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Network
 
Big Data With Graphs
Big Data With GraphsBig Data With Graphs
Big Data With Graphs
 
Telecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyTelecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technology
 
BES On Domino
BES On DominoBES On Domino
BES On Domino
 
EarthLink Business - Business Continuity
EarthLink Business - Business ContinuityEarthLink Business - Business Continuity
EarthLink Business - Business Continuity
 
Internet vs intranet vs extranet
Internet vs intranet vs extranetInternet vs intranet vs extranet
Internet vs intranet vs extranet
 
CCNA 4 Hierarchical Network Design
CCNA 4 Hierarchical Network DesignCCNA 4 Hierarchical Network Design
CCNA 4 Hierarchical Network Design
 
Unified Gateway product presentation
Unified Gateway product presentationUnified Gateway product presentation
Unified Gateway product presentation
 
EarthLink Business Hosted Voice
EarthLink Business Hosted VoiceEarthLink Business Hosted Voice
EarthLink Business Hosted Voice
 
Windows 7 Features & Demos
Windows 7 Features & DemosWindows 7 Features & Demos
Windows 7 Features & Demos
 
L25 network fundamentals
L25 network fundamentalsL25 network fundamentals
L25 network fundamentals
 
Suraido12
Suraido12Suraido12
Suraido12
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaa
 
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
JavaOne 2013 CON7370: Java Interprocess Communication Challenges in Low-Laten...
 

En vedette

Policy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages TermsPolicy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages TermsAlison Cooper
 
Web design principles
Web design principlesWeb design principles
Web design principlesHaleigh Sills
 
Spectacle slides
Spectacle slidesSpectacle slides
Spectacle slidessemioticon
 
Important Dates in the History of Skiing
Important Dates in the History of SkiingImportant Dates in the History of Skiing
Important Dates in the History of Skiingbenjaminknott
 
Semiofest - a celebration of semiotic thinking
Semiofest - a celebration of semiotic thinkingSemiofest - a celebration of semiotic thinking
Semiofest - a celebration of semiotic thinkingsemioticon
 
What is cognitive semiotics
What is cognitive semioticsWhat is cognitive semiotics
What is cognitive semioticssemioticon
 
Studying Effectively in College
Studying Effectively in CollegeStudying Effectively in College
Studying Effectively in Collegebenjaminknott
 
Writing narratives
Writing narrativesWriting narratives
Writing narrativesAShank1964
 
Development of occlusion AND dentition
Development of occlusion AND dentitionDevelopment of occlusion AND dentition
Development of occlusion AND dentitionpratiklovehoney
 
Poligoonoossss
PoligoonoossssPoligoonoossss
Poligoonoosssskielsar90
 

En vedette (16)

Policy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages TermsPolicy Primer: Facebook Pages Terms
Policy Primer: Facebook Pages Terms
 
Ch 02 variabel
Ch 02 variabelCh 02 variabel
Ch 02 variabel
 
Week 3 pp
Week 3 ppWeek 3 pp
Week 3 pp
 
Design Principles
Design PrinciplesDesign Principles
Design Principles
 
Web design principles
Web design principlesWeb design principles
Web design principles
 
Spectacle slides
Spectacle slidesSpectacle slides
Spectacle slides
 
Important Dates in the History of Skiing
Important Dates in the History of SkiingImportant Dates in the History of Skiing
Important Dates in the History of Skiing
 
Semiofest - a celebration of semiotic thinking
Semiofest - a celebration of semiotic thinkingSemiofest - a celebration of semiotic thinking
Semiofest - a celebration of semiotic thinking
 
What is cognitive semiotics
What is cognitive semioticsWhat is cognitive semiotics
What is cognitive semiotics
 
Ortho wires part iii
Ortho wires part iiiOrtho wires part iii
Ortho wires part iii
 
Xylitol
XylitolXylitol
Xylitol
 
Studying Effectively in College
Studying Effectively in CollegeStudying Effectively in College
Studying Effectively in College
 
Biostatics ppt
Biostatics pptBiostatics ppt
Biostatics ppt
 
Writing narratives
Writing narrativesWriting narratives
Writing narratives
 
Development of occlusion AND dentition
Development of occlusion AND dentitionDevelopment of occlusion AND dentition
Development of occlusion AND dentition
 
Poligoonoossss
PoligoonoossssPoligoonoossss
Poligoonoossss
 

Similaire à Full manual

Virtual private network full manual
Virtual private network full manualVirtual private network full manual
Virtual private network full manualKumar
 
IRJET- ALPYNE - A Grid Computing Framework
IRJET- ALPYNE - A Grid Computing FrameworkIRJET- ALPYNE - A Grid Computing Framework
IRJET- ALPYNE - A Grid Computing FrameworkIRJET Journal
 
The Security Of Cloud Computing
The Security Of Cloud ComputingThe Security Of Cloud Computing
The Security Of Cloud ComputingJulie May
 
IRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless PaymentIRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless PaymentIRJET Journal
 
The network and on premise edge
The network and on premise edgeThe network and on premise edge
The network and on premise edgeDESMOND YUEN
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersMark Benson
 
Enterprise networking course work under NCC Education
Enterprise networking course work under NCC EducationEnterprise networking course work under NCC Education
Enterprise networking course work under NCC EducationMd. Mahbub Alam
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanTariq Mustafa
 
IRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET Journal
 
Network concepts and wi fi
Network concepts and wi fiNetwork concepts and wi fi
Network concepts and wi fiDeepak John
 
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...Microsoft Private Cloud
 
preparing network connections
preparing network connectionspreparing network connections
preparing network connectionsaibad ahmed
 
preparing network connections
preparing network connectionspreparing network connections
preparing network connectionsaibad ahmed
 
Foundry Management System Desktop Application
Foundry Management System Desktop Application Foundry Management System Desktop Application
Foundry Management System Desktop Application Dharmendra Sid
 
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...IRJET Journal
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PROIDEA
 
Networking Today Chapter 1 Networking Today Chapter 1
Networking Today Chapter 1 Networking Today Chapter 1Networking Today Chapter 1 Networking Today Chapter 1
Networking Today Chapter 1 Networking Today Chapter 1TnNguyn57021
 

Similaire à Full manual (20)

Virtual private network full manual
Virtual private network full manualVirtual private network full manual
Virtual private network full manual
 
IRJET- ALPYNE - A Grid Computing Framework
IRJET- ALPYNE - A Grid Computing FrameworkIRJET- ALPYNE - A Grid Computing Framework
IRJET- ALPYNE - A Grid Computing Framework
 
En35793797
En35793797En35793797
En35793797
 
The Security Of Cloud Computing
The Security Of Cloud ComputingThe Security Of Cloud Computing
The Security Of Cloud Computing
 
IRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless PaymentIRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless Payment
 
The network and on premise edge
The network and on premise edgeThe network and on premise edge
The network and on premise edge
 
Cloud 101 for Embedded Designers
Cloud 101 for Embedded DesignersCloud 101 for Embedded Designers
Cloud 101 for Embedded Designers
 
RFP-Final3
RFP-Final3RFP-Final3
RFP-Final3
 
Enterprise networking course work under NCC Education
Enterprise networking course work under NCC EducationEnterprise networking course work under NCC Education
Enterprise networking course work under NCC Education
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
 
IRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing Databases
 
Network concepts and wi fi
Network concepts and wi fiNetwork concepts and wi fi
Network concepts and wi fi
 
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...
Microsoft India - Technical Overview of Direct Access in Windows 7 and Window...
 
preparing network connections
preparing network connectionspreparing network connections
preparing network connections
 
preparing network connections
preparing network connectionspreparing network connections
preparing network connections
 
Foundry Management System Desktop Application
Foundry Management System Desktop Application Foundry Management System Desktop Application
Foundry Management System Desktop Application
 
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...
IRJET- A Detailed Study and Analysis of Cloud Computing Usage with Real-Time ...
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
 
Zoom user manual
Zoom user manualZoom user manual
Zoom user manual
 
Networking Today Chapter 1 Networking Today Chapter 1
Networking Today Chapter 1 Networking Today Chapter 1Networking Today Chapter 1 Networking Today Chapter 1
Networking Today Chapter 1 Networking Today Chapter 1
 

Dernier

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Dernier (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Full manual

  • 1. n/a October 2005 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Virtual Private Networking Basics
  • 2. ii v1.0, October 2005 © 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this document are copyright Intoto, Inc. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Product and Publication Details Model Number: n/a Publication Date: October 2005 Product Family: Product Family Product Name: n/a Home or Business Product: n/a Language: English Publication Version Number: 1.0
  • 3. iii v2.0, August 2005 Contents Virtual Private Networking Basics Chapter 1 About This Manual Audience, Scope, Conventions, and Formats ................................................................1-1 How to Use this Manual ..................................................................................................1-2 How to Print this Manual .................................................................................................1-2 Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? .................................................................................2-1 What Is IPSec and How Does It Work? ..........................................................................2-2 IPSec Security Features ..........................................................................................2-2 IPSec Components ..................................................................................................2-3 Encapsulating Security Payload (ESP) ....................................................................2-3 Authentication Header (AH) .....................................................................................2-4 Security Association .................................................................................................2-4 Key Management .....................................................................................................2-6 Understand the Process Before You Begin ....................................................................2-6 VPN Process Overview ..................................................................................................2-7 Network Interfaces and Addresses ..........................................................................2-7 Setting Up a VPN Tunnel Between Gateways .........................................................2-9 VPNC IKE Security Parameters ...................................................................................2-11 VPNC IKE Phase I Parameters ..............................................................................2-11 VPNC IKE Phase II Parameters .............................................................................2-11 Testing and Troubleshooting .........................................................................................2-12 Additional Reading .......................................................................................................2-12 Appendix A Worksheet Record Your Internet Connection Information ............................................................... A-1
  • 5. About This Manual 1-1 v1.0, October 2005 Chapter 1 About This Manual This chapter describes the intended audience, scope, conventions, and formats of this manual. Audience, Scope, Conventions, and Formats This manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, and firewall technologies tutorial information is provided on the NETGEAR Web site. This manual uses the following typographical conventions: This manual uses the following formats to highlight special messages: Table 1-1. Typographical Conventions italics Emphasis, books, CDs, URL names bold User input fixed font Screen text, file and server names, extensions, commands, IP addresses Note: This format is used to highlight information of importance or special interest. Tip: This format is used to highlight a procedure that will save time or resources.
  • 6. Virtual Private Networking Basics 1-2 About This Manual v1.0, October 2005 How to Use this Manual The HTML version of this manual includes the following: • Buttons, and , for browsing forwards or backwards through the manual one page at a time • A button that displays the table of contents. Double-click on a link in the table of contents to navigate directly to where the topic is described in the manual. • A button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters. How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents. • Printing a Chapter. Use the PDF of This Chapter link at the top left of any page. — Click the “PDF of This Chapter” link at the top right of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. — Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. — Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
  • 7. Virtual Private Networking Basics About This Manual 1-3 v1.0, October 2005 • Printing the Full Manual. Use the Complete PDF Manual link at the top left of any page. — Click the Complete PDF Manual link at the top left of any page in the manual. The PDF version of the complete manual opens in a browser window. — Click the print icon in the upper left of the window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
  • 8. Virtual Private Networking Basics 1-4 About This Manual v1.0, October 2005
  • 9. Virtual Private Networking Basics 2-1 v1.0, October 2005 Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. A VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access. The term VPN was originally used to describe a secure connection over the Internet. Today, however, VPN is also used to describe private networks, such as Frame Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS). A key aspect of data security is that the data flowing across the network is protected by encryption technologies. Private networks lack data security, which can allow data attackers to tap directly into the network and read the data. IPSec-based VPNs use encryption to provide data security, which increases the network’s resistance to data tampering or theft. IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. VPNs are traditionally used for: • Intranets: Intranets connect an organization’s locations. These locations range from the headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also very expensive compared to Internet-access technologies, such as DSL or cable. Because of this, organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to create these networks.
  • 10. Virtual Private Networking Basics 2-2 Virtual Private Networking Basics v1.0, October 2005 • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization’s modem pool is one method of access for remote workers, but it is expensive because the organization must pay the associated long distance telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications to their organization. • Extranets: Extranets are secure connections between two or more organizations. Common uses for extranets include supply-chain management, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for extranet connections. IPSec-capable devices can be quickly and inexpensively installed on existing Internet connections. What Is IPSec and How Does It Work? IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit. IPSec Security Features IPSec is the most secure method commercially available for connecting network sites. IPSec was designed to provide the following security features when transferring packets across networks: • Authentication: Verifies that the packet received is actually from the claimed sender. • Integrity: Ensures that the contents of the packet did not change in transit. • Confidentiality: Conceals the message content through encryption.
  • 11. Virtual Private Networking Basics Virtual Private Networking Basics 2-3 v1.0, October 2005 IPSec Components IPSec contains the following elements: • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides authentication and integrity. • Internet Key Exchange (IKE): Provides key management and Security Association (SA) management. Encapsulating Security Payload (ESP) ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection. IPSec provides an open framework for implementing industry standard algorithms, such as SHA and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet, which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a packet has been tampered with. Furthermore, packets that are not authenticated are discarded and not delivered to the intended receiver. ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opposite process, called decryption, translates the message content from an unreadable format to a readable message. Encryption/ decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has an option to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header. Figure 2-1
  • 12. Virtual Private Networking Basics 2-4 Virtual Private Networking Basics v1.0, October 2005 The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. Authentication Header (AH) AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. AH also provides optional anti-replay protection, which protects against unauthorized retransmission of packets. The authentication header is inserted into the packet between the IP header and any subsequent packet contents. The payload is not touched. Although AH protects the packet’s origin, destination, and contents from being tampered with, the identity of the sender and receiver is known. In addition, AH does not protect the data’s confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together. In the following table, IP HDR represents the IP header and includes both source and destination IP addresses. Security Association IPSec introduces the concept of the Security Association (SA). An SA is a logical connection between two devices transferring data. An SA provides data protection for unidirectional traffic by using the defined IPSec protocols. An IPSec tunnel typically consists of two unidirectional SAs, which together provide a protected, full-duplex data channel. The SAs allow an enterprise to control exactly what resources may communicate securely, according to security policy. To do this an enterprise can set up multiple SAs to enable multiple secure VPNs, as well as define SAs within the VPN to support different departments and business partners. Figure 2-2
  • 13. Virtual Private Networking Basics Virtual Private Networking Basics 2-5 v1.0, October 2005 Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, but transport mode is used for host-to-host IPSec tunnel protection. A gateway is a device that monitors and manages incoming and outgoing network traffic and routes the traffic accordingly. A host is a device that sends and receives network traffic. • Transport Mode: The transport mode IPSec implementation encapsulates only the packet’s payload. The IP header is not changed. After the packet is processed with IPSec, the new IP packet contains the old IP header (with the source and destination IP addresses unchanged) and the processed packet payload. Transport mode does not shield the information in the IP header; therefore, an attacker can learn where the packet is coming from and where it is going to. Figure 2-1 and Figure 2-2 above show a packet in transport mode. • Tunnel Mode: The tunnel mode IPSec implementation encapsulates the entire IP packet. The entire packet becomes the payload of the packet that is processed with IPSec. A new IP header is created that contains the two IPSec gateway addresses. The gateways perform the encapsulation/decapsulation on behalf of the hosts. Tunnel mode ESP prevents an attacker from analyzing the data and deciphering it, as well as knowing who the packet is from and where it is going. Note: .AH and ESP can be used in both transport mode and tunnel mode. Figure 2-3
  • 14. Virtual Private Networking Basics 2-6 Virtual Private Networking Basics v1.0, October 2005 Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and receiver of a message can access it. IPSec requires that keys be re-created, or refreshed, frequently so that the parties can communicate securely with each other. IKE manages the process of refreshing keys; however, a user can control the key strength and the refresh frequency. Refreshing keys on a regular basis ensures data confidentiality between sender and receiver. Understand the Process Before You Begin This manual provides examples of how to configure a secure IPSec VPN tunnel. This document assumes the reader has a working knowledge of NETGEAR management systems. NETGEAR, Inc. is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor interoperability. The VPN Consortium has developed specific scenarios to aid system administrators in the often confusing process of connecting two different vendor implementations of the IPSec standard. The examples in this manual follow the addressing and configuration mechanics defined by the VPN Consortium. Additional information regarding inter-vendor interoperability may be found at http://www.vpnc.org/interop.html. It is a good idea to gather all the necessary information required to establish a VPN before you begin the configuration process. You should understand whether the firmware is up-to-date, all of the addresses that will be necessary, and all of the parameters that need to be set on both sides. Try to understand any incompatibilities before you begin, so that you minimize any potential complications which may arise from normal firewall or WAN processes. If you are not a full-time system administrator, it is a good idea to familiarize yourself with the mechanics of a VPN. The brief description below in this document will help. Other good sources include: • The NETGEAR VPN Tutorial – http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium – http://www.vpnc.org/ • The VPN bibliography in Additional Reading on page 2-12.
  • 15. Virtual Private Networking Basics Virtual Private Networking Basics 2-7 v1.0, October 2005 VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the generic processes for connecting two gateways before diving into to the specifics. Network Interfaces and Addresses The VPN gateway is aptly named because it functions as a “gatekeeper” for each of the computers connected on the Local Area Network behind it. In most cases, each gateway will have a “public” facing address (WAN side) and a “private” facing address (LAN side). These addresses are referred to as the “network interface” in documentation regarding the construction of VPN communication. Please note that the addresses used in the example. Interface Addressing This document uses example addresses provided the VPN Consortium. It is important to understand that you will be using addresses specific to the devices that you are attempting to connect via IPSec VPN. It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct. Figure 2-4 Gateway A 22.23.24.2514.15.16.17 10.5.6.0/24 172.23.9.0/24 172.23.9.110.5.6.1 WAN IP WAN IP LAN IPLAN IP Gateway B VPNC Example Network Interface Addressing
  • 16. Virtual Private Networking Basics 2-8 Virtual Private Networking Basics v1.0, October 2005 It will also be important to know the subnet mask of both gateway LAN Connections. Use the worksheet in Appendix A to gather the necessary address and subnet mask information to aid in the configuration and troubleshooting process. Firewalls It is important to understand that many gateways are also firewalls. VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Please refer to the firewall instructions for both gateways to understand how to open specific protocols, ports, and addresses that you intend to allow. Table 2-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing Gateway LAN or WAN VPNC Example Address Gateway A LAN (Private) 10.5.6.1 Gateway A WAN (Public) 14.15.16.17 Gateway B LAN (Private) 22.23.24.25 Gateway B WAN (Public) 172.23.9.1 Table 2-2. Subnet Addressing Gateway LAN or WAN Interface Name Example Subnet Mask Gateway A LAN (Private) Subnet Mask A 255.255.255.0 Gateway B LAN (Private) Subnet Mask B 255.255.255.0
  • 17. Virtual Private Networking Basics Virtual Private Networking Basics 2-9 v1.0, October 2005 Setting Up a VPN Tunnel Between Gateways An SA, frequently called a tunnel, is the set of information that allows two entities (networks, PCs, routers, firewalls, gateways) to “trust each other” and communicate securely as they pass information over the Internet. The SA contains all the information necessary for Gateway A to negotiate a secure and encrypted communication stream with Gateway B. This communication is often referred to as a “tunnel.” The gateways contain this information so that it does not have to be loaded onto every computer connected to the gateways. Figure 2-5
  • 18. Virtual Private Networking Basics 2-10 Virtual Private Networking Basics v1.0, October 2005 Each gateway must negotiate its Security Association with another gateway using the parameters and processes established by IPSec. As illustrated below, the most common method of accomplishing this process is via the Internet Key Exchange (IKE) protocol which automates some of the negotiation procedures. Alternatively, you can configure your gateways using manual key exchange, which involves manually configuring each paramter on both gateways. The IPSec software on Host A initiates the IPSec process in an attempt to communicate with Host B. The two computers then begin the Internet Key Exchange (IKE) process. IKE Phase I. a. The two parties negotiate the encryption and authentication algorithms to use in the IKE SAs. b. The two parties authenticate each other using a predetermined mechanism, such as preshared keys or digital certificates. c. A shared master key is generated by the Diffie-Hellman Public key algorithm within the IKE framework for the two parties. The master key is also used in the second phase to derive IPSec keys for the SAs. IKE Phase II. a. The two parties negotiate the encryption and authentication algorithms to use in the IPSec SAs. b. The master key is used to derive the IPSec keys for the SAs. Once the SA keys are created and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. Figure 2-6 VPN GatewayVPN Gateway 1) Communication request sent to VPN Gateway 2) IKE Phase I authentication 3) IKE Phase II negotiation 4) Secure data transfer 5) IPSec tunnel termination IPSec Security Association IKE VPN Tunnel Negotiation Steps
  • 19. Virtual Private Networking Basics Virtual Private Networking Basics 2-11 v1.0, October 2005 Data transfer. Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IPSec tunnel termination. IPSec SAs terminate through deletion or by timing out. VPNC IKE Security Parameters It is important to remember that both gateways must have the identical parameters set for the process to work correctly. The settings in these examples follow the examples given for Scenario 1 of the VPN Consortium. VPNC IKE Phase I Parameters The IKE Phase 1 parameters used: • Main mode • TripleDES • SHA-1 • MODP group 1 • pre-shared secret of "hr5xb84l6aa9r6" • SA lifetime of 28800 seconds (eight hours) VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 seconds (one hour)
  • 20. Virtual Private Networking Basics 2-12 Virtual Private Networking Basics v1.0, October 2005 Testing and Troubleshooting Once you have completed the VPN configuration steps you can use computers, which are located behind each of the gateways, to ping various addresses on the LAN-side of the other gateway. You can troubleshoot connections using the VPN status and log details on the NETGEAR gateway to determine if IKE negotiation is working. Common problems encountered in setting up VPNs include: • Parameters may be configured differently on Gateway A vs. Gateway B. • Two LANs set up with similar or overlapping addressing schemes. • So many required configuration parameters mean errors such as mistyped information or mismatched parameter selections on either side are more likely to happen. Additional Reading • Building and Managing Virtual Private Networks, Dave Kosiur, Wiley & Sons; ISBN: 0471295264. • Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick and Steven M. Bellovin, Addison-Wesley; ISBN: 0201633574. • VPNs A Beginners Guide, John Mains, McGraw Hill; ISBN: 0072191813. • [FF98] Floyd, S., and Fall, K., Promoting the Use of End-to-End Congestion Control in the Internet. IEEE/ACM Transactions on Networking, August 1999. Relevant RFCs listed numerically: • [RFC 791] Internet Protocol DARPA Internet Program Protocol Specification, Information Sciences Institute, USC, September 1981. • [RFC 1058] Routing Information Protocol, C Hedrick, Rutgers University, June 1988. • [RFC 1483] Multiprotocol Encapsulation over ATM Adaptation Layer 5, Juha Heinanen, Telecom Finland, July 1993. • [RFC 2401] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, November 1998. • [RFC 2407] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, November 1998.
  • 21. Virtual Private Networking Basics Virtual Private Networking Basics 2-13 v1.0, October 2005 • [RFC 2474] K. Nichols, S. Blake, F. Baker, D. Black, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, December 1998. • [RFC 2475] S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss, An Architecture for Differentiated Services, December 1998. • [RFC 2481] K. Ramakrishnan, S. Floyd, A Proposal to Add Explicit Congestion Notification (ECN) to IP, January 1999. • [RFC 2408] D. Maughan, M. Schertler, M. Schneider, J. Turner, Internet Security Association and Key Management Protocol (ISAKMP). • [RFC 2409] D. Harkins, D.Carrel, Internet Key Exchange (IKE) protocol. • [RFC 2401] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol.
  • 22. Virtual Private Networking Basics 2-14 Virtual Private Networking Basics v1.0, October 2005
  • 23. Worksheet A-1 v1.0, October 2005 Appendix A Worksheet Record Your Internet Connection Information Print these pages. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs. If you connect using a login name and password, enter the following: Login Name: ______________________________ Password: ____________________________ Service Name: _____________________________ Fixed or Static IP Address: If you have a static IP address, record the following information. For example, 169.254.141.148 could be a valid IP address. Fixed or Static Internet IP Address: ______ ______ ______ ______ Gateway IP Address: ______ ______ ______ ______ Subnet Mask: ______ ______ ______ ______ ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Primary DNS Server IP Address: ______ ______ ______ ______ Secondary DNS Server IP Address: ______ ______ ______ ______ Host and Domain Names: Some ISPs use a specific host or domain name like CCA7324-A or home. If you have not been given host or domain names, you can use the following examples as a guide: • If your main e-mail account with your ISP is aaa@xxx.yyy.com, then use aaa as your host name. Your ISP might call this your account, user, host, or system name. • If your ISP’s mail server is mail.xxx.yyy.com, then use xxx.yyy.com as the domain name. ISP Host Name: _________________________ ISP Domain Name: _______________________ For Wireless Access: See the configuration worksheet in the Resource Manual for your NETGEAR wireless equipment.
  • 24. Virtual Private Networking Basics A-2 Worksheet v1.0, October 2005