Professional Documents
Culture Documents
What Is Virtual Private Network 3. VPN Implementation
What Is Virtual Private Network 3. VPN Implementation
1. 2. 3.
3.1 3.2 3.3
4. 5.
5.1 5.2 5.3
6.
1. INTRODUCTION
Organizations whose facilities are split between two or more locations can connect the locations into a single logical network through the use of routers and wide area networking (WAN) technologies. When a circuit-switched network like telephone network, is used, permanent or switched circuit services are employed to emulate the physical attachment of the two sites for router-to-router packet exchange obviously it is private. When a packet network, such as the Internet, is used as WAN for connecting the sites, the private nature of router-to-router communications is threatened, since the network provides no guarantee regarding packet delivery. Routers intending to talk to one another over logical Internet circuits will find that packets can be injected into or ejected out of the circuits indiscriminately. To keep such circuits private, the packets flowing on the circuit must be encrypted so that injected packets will be no use of unintended recipients. These private links between routers are called tunnels. VPNs are so important to organizations supporting telecommuters, branch offices, and off-site partners, that VPNs are becoming a critical part of corporate Information Technology strategy.
VPNs allow users working at home to connect in a secure fashion to a remote corporate sever using the routing infrastructure provided by a public Internet work. From the user's perspective, the VPN is a point-to-point connection between the user's computer and a corporate server. The nature of the intermediate Internet work is irreverent to the user because it appears as if the data is being sent over a dedicated private link. VPN technology also allows a corporation to connect to branch office to other companies over a public inter network. While maintaining secure communications. The VPN connection across the internet logically operates as a Wide Area Network (WAN) link between the sites. In both the cases, the secure connection across the Internet work appears to the user to the user as a private network communications despite the fact that this communication occurs over a public Internet work - hence the name Virtual Private Network.
By using a VPN the network administrator can ensure that only those users on the corporate Internet work who have appropriate credentials (based on a need to know policy with the company) can establish a VPN with the VPN server and gain access to the protected resources of the department. Additionally, all communications across the VPN can be encrypted for data confidentiality. Those users who do not have the proper credentials can not view the department LAN.
4. Basic Requirements of VPNs Typically when deploying a remote networking solution an enterprise needs to facilitate controlled access to corporate resources and information. The solution must allow roaming or remote clients to connect to corporate to each other to share resources and information (LAN-to-LAN connections). Therefore at a minimum a VPN solution should provide all of the following: 1. User Authentication
The solution must verify the user's identity and restrict VPN access to authorized users only. In addition, the solution must provide audit and accounting records to show who accessed what information when.
2. Address Management
The solution must assign a clients address on the private net, and must ensure that the private address are kept private.
3. Data encryption Data carried on the public network must be rendered unreadable to unauthorized clients on the network. 4. Key Management
The solution must generate and refresh encryption key for the client and server.
5. Tunelling
Using tunneling can create a VPN. Tunneling is a Technology that lets a network transport protocol carry information for other protocols within its own packets. Tunneling is a method of using an Internet work infrastructure to transfer data from one network over another network. The data to be transferred can be frames or packets of another protocol. Instead of sending a frame ad it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate Internet work. The encapsulated packets are then routed between tunnel end points over the Internet work. The logical path through which the encapsulated packets travel through the Internet work is called a tunnel. Once the encapsulate frames reach their entire process (encapsulation, transmission and encapsulation of packets).
Layer2 protocol corresponds to the data link layer and use frames as their unit of exchange. PPTP and L2TP and L2F are Layer2 tunneling protocols.
Layer3 protocols correspond to the network layer and use packets. IP over IP and IP Security (IPSEC) tunnel mode are examples of Layer 3 tunneling protocols.
3. The Internet Service Provider can give each of their customer's a unique dial-up telephone number, which will distinguish their service from any other. But this is depends on the software that will be used by the remote user.
9. Conclusion:
Thus VPN is an outgrowth of the Internet technology, which will transform the daily method of doing business faster than any other technology. A Virtual Private Network, or VPN, typically uses the Internet as the transport backbone to establish secure links with business partners, extend communications to regional and isolated offices, and significantly decrease the cost of communications for an increasingly mobile workforce. VPNs serve as private network overlays on public IP network infrastructures such as the Internet.
Refrences :