1 chapter 12: vpn connectivity in remote access designs designs that include vpn remote access...
TRANSCRIPT
1
Chapter 12: VPN Connectivity in Remote Access Designs
Designs That Include VPN Remote Access
Essential VPN Remote Access Design Concepts
Data Protection in VPN Remote Access Designs
VPN Remote Access Design Optimization
2
VPN Remote Access Solutions
3
Routing and Remote Access and VPN
Virtual private network (VPN) gives control over
Authorized user accounts Security methods Resources to be accessed
Uses Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)
VPN and Remote Authentication Dial-In User Service (RADIUS) solutions differ in many ways.
4
Routing and Remote Access and Windows 2000
Routing and Remote Access in Microsoft Windows 2000 includes Remote access client Remote access server
5
VPN Clients and Servers
6
VPN Remote Access Design Review
Amount of data transmitted Number of locations Existing Internet connections Plans for network growth Number of simultaneous clients Operating systems used by clients Protocols used by clients
7
VPN Remote Access Design Decisions
Integration into existing network Hardware requirements for servers Protection for confidential data Availability to remote access users Optimization of network traffic
8
VPN Remote Access Designs
A third party provides connectivity. Cost reduction is an advantage. Some dial-up security is not available.
Caller ID detection Remote user callback Authentication protocol for dial-up
connection Password security features
9
VPN Remote Access Scenario
10
Number of VPN Remote Access Servers
Determine the maximum number of users.
Determine the sustained data rate. Perform a pilot test. Calculate the number of servers.
11
Placing VPN Remote Access Servers
Placement goals: Centralize administration Reduce costs Reduce network traffic
Single location Multiple locations Adjacent to resources
12
Single Location Configuration
Provide enough PPTP or L2TP virtual ports.
Advantages Centralized administration Lower administration costs
Disadvantages Increased network traffic on segments No redundancy
13
Multiple Location Configuration
Provide enough PPTP or L2TP virtual ports.
Advantages Reduced network traffic between locations Redundancy
Disadvantages Decentralized administration and support Increased administration costs
14
Placing VPN Servers Near Resources
Reduces the segments traversed Improves performance for remote
access clients
15
Remote Access Client Support
Virtual ports PPTP L2TP
Transport protocols determined by client needs
Network address assignment methods Allocate manually Allocate automatically using Dynamic Host
Configuration Protocol (DHCP)
16
Preventing Unauthorized Access
Restrict remote access to resources on the server.
Use filters to restrict traffic on servers. Place VPN servers for security
Outside the private network On screened subnets Within the private network
17
Placing VPN Servers Outside the Private Network
18
Placing VPN Servers on Screened Subnets
19
Placing VPN Servers Inside the Private Network
20
Protecting Remote Access Data
Authenticate remote users. Local accounts Active Directory directory service accounts
Encrypt confidential data. Microsoft Point-to-Point Encryption (MPPE) Internet Protocol Security (IPSec)
Enforce remote access policies.
21
Enhancing Remote Access Availability
Use redundant VPN remote access servers. Network Load Balancing Round robin DNS
Use multiple Internet connections. Dedicate a computer to running Routing
and Remote Access.
22
Improving Remote Access Performance
Upgrade hardware. Distribute clients across multiple
servers. Use Network Load Balancing. Use round robin DNS.
Dedicate a computer to running Routing and Remote Access.
23
Chapter Summary There are many advantages in using
VPN for remote access. Consider the number of users and the
data rate. Use multiple remote access servers. Evaluate the needs of remote clients. Protect private network resources. Improve the availability and
performance of the design.