Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

4 vpn s

942 vues

Publié le

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

4 vpn s

  1. 1. Virtual Private Networks (VPNs) <ul><li>Tunneling, VPNs and Roaming </li></ul>
  2. 2. Defining Some Terms Intranet Internal corporate applications using Web and Internet technology Extranet Extends an Intranet to include customers, suppliers and partners Remote Access Uses the Internet to link telecommuters and mobile workers to the company Intranet
  3. 3. Tunneling Defined <ul><li>Creating a transparent virtual network link between two network nodes that is unaffected by physical network links and devices. </li></ul>
  4. 4. Tunneling Explained <ul><li>Tunneling is encapsulating one protocol in another </li></ul><ul><li>Tunnels provide routable transport for unroutable packets </li></ul><ul><ul><li>encrypted, illegal addressing, non-supported </li></ul></ul><ul><li>Tunneling itself provides no security </li></ul>
  5. 5. One way to communicate… Router CSU/DSU LAN LAN Firewall LAN Web Sites Los Angeles HQ New York Boston CSU/DSU Router Firewall CSU/DSU Router PSTN Remote Access Server Internet CSU/DSU Firewall Remote Access Server
  6. 6. Another view of network possibilities... A Virtual Private Network Internet Router VSU-1000 CSU/DSU LAN LAN Firewall LAN Web Sites Los Angeles New York Boston Remote Clients (VPNremote) CSU/DSU VSU-1000 Router Firewall CSU/DSU VSU-1000 Router VPNmanager VSU-1000
  7. 7. Tunneling Illustrated Router A Workstation X Router B Workstation Y Original IP packet dest Y Step 1. Original, unroutable IP Packet sent to router Step 2 Original IP packet encapsulated in another IP packet Original IP packet New IP Packet Tunnel Step 3 Original packet extracted, sent to destination Original IP packet dest Y Tunnel
  8. 8. Types of Tunnels (with thanks to Bernard Aboba) <ul><li>Two basic types of tunnels </li></ul><ul><ul><li>Voluntary tunnels </li></ul></ul><ul><ul><ul><li>Tunneling initiated by the end-user (Requires client software on remote computer) </li></ul></ul></ul><ul><ul><li>Compulsory tunnels </li></ul></ul><ul><ul><ul><li>Tunnel is created by NAS or router (Tunneling support required on NAS or Router) </li></ul></ul></ul>
  9. 9. Voluntary Tunnels <ul><li>Will work with any network device </li></ul><ul><ul><li>Tunneling transparent to leaf and intermediate devices </li></ul></ul><ul><li>But user must have a tunneling client compatible with tunnel server </li></ul><ul><ul><li>PPTP, L2TP, L2F, IPSEC, IP-IP, etc. </li></ul></ul><ul><li>Simultaneous access to Intranet (via tunnel) and Internet possible </li></ul><ul><ul><li>Employees can use personal accounts for corporate access </li></ul></ul><ul><ul><li>Remote office applications </li></ul></ul><ul><ul><ul><li>Dial-up VPN’s for low traffic volumes </li></ul></ul></ul>
  10. 10. A Voluntary L2TP Tunnel
  11. 11. Compulsory Tunnels <ul><li>Will work with any client </li></ul><ul><li>But NAS must support same tunnel method </li></ul><ul><ul><li>But… Tunneling transparent to intermediate routers </li></ul></ul><ul><li>Network access controlled by tunnel server </li></ul><ul><ul><li>User traffic can only travel through tunnel </li></ul></ul><ul><ul><li>Internet access possible </li></ul></ul><ul><ul><ul><li>Must be by pre-defined facilities </li></ul></ul></ul><ul><ul><ul><li>Greater control </li></ul></ul></ul><ul><ul><ul><li>Can be monitored </li></ul></ul></ul>
  12. 12. Compulsory Tunnels <ul><li>Static Tunnels </li></ul><ul><ul><li>All calls from a given NAS/Router tunneled to a given server </li></ul></ul><ul><li>Realm-based tunnels </li></ul><ul><ul><li>Each tunnel based on information in NAI (I.e. user@realm) </li></ul></ul><ul><li>User-based tunnels </li></ul><ul><ul><li>Calls tunneled based on userID data stored in authentication system </li></ul></ul>
  13. 13. A Compulsory L2TP Tunnel
  14. 14. RADIUS Support for Tunnels <ul><li>Can define tunnel type </li></ul><ul><li>Can define/limit tunnel end points </li></ul><ul><li>Allows tunnel configuration to be based on Calling-Station-ID or Called-Station-ID </li></ul><ul><li>Additional accounting information </li></ul><ul><ul><li>Tunnel end points </li></ul></ul><ul><ul><li>Tunnel ID, etc. </li></ul></ul>
  15. 15. RADIUS Dial Up Security <ul><ul><li>Remote User </li></ul></ul>User Login Private Network Authenticates dial in users at boundary of private network RADIUS Protocol Boundary <ul><ul><li>Hacker </li></ul></ul>RADIUS Server RAS
  16. 16. Protocol Comparison PPTP L2TP IPSEC Authenticated Tunnels X X Compression X X X Smart Cards X X Address Allocation X X Multiprotocol X X Encryption X Flow Control X Requires Server X X
  17. 17. Layer 2 Tunneling Protocol (L2TP) Mobile Employee Shared Dial Network L2TP Tunnel Private Network LAC Telecommuter LAC LNS RADIUS L2TP Access Concentrator (LAC) tunnels PPP frames in IP PPP L2TP Network Server de-tunnels PPP, authenticates via RADIUS and performs address assignment