1

Chapter 12: VPN Connectivity in Remote Access Designs

Designs That Include VPN Remote Access

Essential VPN Remote Access Design Concepts

Data Protection in VPN Remote Access Designs

VPN Remote Access Design Optimization

2

VPN Remote Access Solutions

3

Routing and Remote Access and VPN

Virtual private network (VPN) gives control over

Authorized user accounts Security methods Resources to be accessed

Uses Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)

VPN and Remote Authentication Dial-In User Service (RADIUS) solutions differ in many ways.

4

Routing and Remote Access and Windows 2000

Routing and Remote Access in Microsoft Windows 2000 includes Remote access client Remote access server

5

VPN Clients and Servers

6

VPN Remote Access Design Review

Amount of data transmitted Number of locations Existing Internet connections Plans for network growth Number of simultaneous clients Operating systems used by clients Protocols used by clients

7

VPN Remote Access Design Decisions

Integration into existing network Hardware requirements for servers Protection for confidential data Availability to remote access users Optimization of network traffic

8

VPN Remote Access Designs

A third party provides connectivity. Cost reduction is an advantage. Some dial-up security is not available.

Caller ID detection Remote user callback Authentication protocol for dial-up

connection Password security features

9

VPN Remote Access Scenario

10

Number of VPN Remote Access Servers

Determine the maximum number of users.

Determine the sustained data rate. Perform a pilot test. Calculate the number of servers.

11

Placing VPN Remote Access Servers

Placement goals: Centralize administration Reduce costs Reduce network traffic

Single location Multiple locations Adjacent to resources

12

Single Location Configuration

Provide enough PPTP or L2TP virtual ports.

Advantages Centralized administration Lower administration costs

Disadvantages Increased network traffic on segments No redundancy

13

Multiple Location Configuration

Provide enough PPTP or L2TP virtual ports.

Advantages Reduced network traffic between locations Redundancy

Disadvantages Decentralized administration and support Increased administration costs

14

Placing VPN Servers Near Resources

Reduces the segments traversed Improves performance for remote

access clients

15

Remote Access Client Support

Virtual ports PPTP L2TP

Transport protocols determined by client needs

Network address assignment methods Allocate manually Allocate automatically using Dynamic Host

Configuration Protocol (DHCP)

16

Preventing Unauthorized Access

Restrict remote access to resources on the server.

Use filters to restrict traffic on servers. Place VPN servers for security

Outside the private network On screened subnets Within the private network

17

Placing VPN Servers Outside the Private Network

18

Placing VPN Servers on Screened Subnets

19

Placing VPN Servers Inside the Private Network

20

Protecting Remote Access Data

Authenticate remote users. Local accounts Active Directory directory service accounts

Encrypt confidential data. Microsoft Point-to-Point Encryption (MPPE) Internet Protocol Security (IPSec)

Enforce remote access policies.

21

Enhancing Remote Access Availability

Use redundant VPN remote access servers. Network Load Balancing Round robin DNS

Use multiple Internet connections. Dedicate a computer to running Routing

and Remote Access.

22

Improving Remote Access Performance

Upgrade hardware. Distribute clients across multiple

servers. Use Network Load Balancing. Use round robin DNS.

Dedicate a computer to running Routing and Remote Access.

23

Chapter Summary There are many advantages in using

VPN for remote access. Consider the number of users and the

data rate. Use multiple remote access servers. Evaluate the needs of remote clients. Protect private network resources. Improve the availability and

performance of the design.