View
60
Download
0
Category
Tags:
Preview:
DESCRIPTION
Configuring Virtual Private Networks for Remote Clients and Networks. What Is Virtual Private Networking?. Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network - PowerPoint PPT Presentation
Citation preview
1
Configuring Virtual Private Networks for Remote Clients and Networks
2
What Is Virtual Private Networking?
• Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network
• A VPN is a virtual network that enables communication between a remote access client and computers on the internal network or between two remote sites separated by a public network such as the Internet
3
Types of VPNs
• Remote Access VPN– Provides access to
internal corporate network over the Internet
– Reduces long distance, modem bank, and technical support costs
InternetInternet
CorporateSite
4
Types of VPN
• Site-to-Site VPN– Connects multiple
offices over Internet– Reduces
dependencies on frame relay and leased lines
InternetInternet
BranchOffice
Corporate Site
5
Types of VPN• Extranet VPN– Provides business
partners access to critical information (leads, sales tools, etc)
– Reduces transaction and operational costs
CorporateSite
InternetInternet
Partner #1
Partner #2
6
What a VPN needs
• VPNs must be encrypted – so no one can read it
• VPNs must be authenticated• No one outside the VPN can alter the VPN• All parties to the VPN must agree on the security
properties
7
VPN Topology
• Operates at layer 2 or 3 of OSI model– Layer 2 frame – Ethernet– Layer 3 packet – IP
• Tunneling– allows senders to encapsulate their data in IP
packets that hide the routing and switching infrastructure of the Internet
– to ensure data security against unwanted viewers, or hackers
8
VPN Components
Protocols:• IP Security (IPSec)– Transport mode– Tunnel mode
• Point-to-Point Tunneling Protocol (PPTP)– Voluntary tunneling method– Uses PPP (Point-to-Point Protocol)
9
VPN Components
Protocols:• Layer 2 Tunneling Protocol (L2TP)– Exists at the data link layer of OSI– Composed from PPTP and L2F (Layer 2
Forwarding)– Compulsory tunneling method
10
VPN Components
Security:• Authentication– Determine if the sender is the authorized person
and if the data has been redirect or corrupted – User/System Authentication– Data Authentication
11
VPN Components
12
Configuring Virtual Private Networking for Remote Clients
13
Creating a Remote Access PPTP VPN Server
• Enabling the ISA Firewall’s VPN Server component
• Creating an Access Rule allowing VPN Clients access to the Internal network
• Enabling Dial-in Access for VPN User Accounts• Testing a PPTP VPN Connection
14
Enable the VPN Server
Enable VPN Client AccessEnable VPN
Client Access
Warning About address assignment
Warning About address assignment
15
Assigning IP Address Assignment for Remote Users
• Remote users that will be establishing a VPN tunnel require an IP address to properly communicate through the tunnel to the internal network
16
Authenticating VPN Users
• Authenticating directly against Active Directory
• Implement RADIUS Authentication
• Authenticate against local users
17
Working with and Creating Rules for the VPN Clients Network
create default rules that allow VPN clientsaccess into the network
create default rules that allow VPN clientsaccess into the network
18
RADIUS Authentication for VPNConnections
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
19
Setting Up the ISA Server as an IAS Client
Define a RADIUS server shared keyDefine a RADIUS
server shared key
20
Configuring ISA to Use IAS for Authentication
Define a RADIUS server shared key in ISA
Define a RADIUS server shared key in ISA
Modify RADIUS server settings for VPN client
access
Modify RADIUS server settings for VPN client
access
21
Configuring an ISA VPN Connection to Use PPTP
22
Creating Layer 2 Tunneling Protocol (L2TP) VPN
Enter an IPSec pre-shared key.
Enter an IPSec pre-shared key.
23
Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support
• Installing the Enterprise Root Certificate Authority (CA)
• Configuring the Enterprise Root CA• Requesting a Certificate for the ISA VPN
Server• Requesting a Certificate for the VPN Client• Downloading the CA Certificate• Exporting and Importing Certificates
24
Configuring Virtual Private Networking for Remote Sites
25
Site-to-Site VPN Capabilities
• Point-to-Point Tunneling Protocol (PPTP)• Layer 2 Tunneling Protocol (L2TP)• IPSec Tunnel Mode
26
Preparing ISA Servers for Site-to-Site VPN Capabilities
• Define the IP Address Assignment• Enable VPN client access• Create local VPN user accounts on both
servers, and enable dial-in access for those accounts.
• Run through the Site-to-Site VPN wizard to configure all necessary networks, network rules, and access rules.
• Repeat the steps on the remote server.
27
Create VPN Site-to-Site
28
Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote
OfficesCreate a PPTP Site-to-Site VPN
ConnectionCreate a PPTP Site-to-Site VPN
Connection
29
Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN
• Deciding Between Shared Key and PKI• Configuring a PKI Infrastructure for PKI-Based
Certificate Encryption• Requesting a Certificate for the ISA VPN
Server• Creating an L2TP/IPSec Site-to-Site VPN
Connection
30
Setting Up an IPSec Tunnel Mode VPN Connection
Recommended