configuring virtual private networks for remote clients and networks
DESCRIPTION
Configuring Virtual Private Networks for Remote Clients and Networks. What Is Virtual Private Networking?. Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/1.jpg)
1
Configuring Virtual Private Networks for Remote Clients and Networks
![Page 2: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/2.jpg)
2
What Is Virtual Private Networking?
• Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network
• A VPN is a virtual network that enables communication between a remote access client and computers on the internal network or between two remote sites separated by a public network such as the Internet
![Page 3: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/3.jpg)
3
Types of VPNs
• Remote Access VPN– Provides access to
internal corporate network over the Internet
– Reduces long distance, modem bank, and technical support costs
InternetInternet
CorporateSite
![Page 4: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/4.jpg)
4
Types of VPN
• Site-to-Site VPN– Connects multiple
offices over Internet– Reduces
dependencies on frame relay and leased lines
InternetInternet
BranchOffice
Corporate Site
![Page 5: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/5.jpg)
5
Types of VPN• Extranet VPN– Provides business
partners access to critical information (leads, sales tools, etc)
– Reduces transaction and operational costs
CorporateSite
InternetInternet
Partner #1
Partner #2
![Page 6: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/6.jpg)
6
What a VPN needs
• VPNs must be encrypted – so no one can read it
• VPNs must be authenticated• No one outside the VPN can alter the VPN• All parties to the VPN must agree on the security
properties
![Page 7: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/7.jpg)
7
VPN Topology
• Operates at layer 2 or 3 of OSI model– Layer 2 frame – Ethernet– Layer 3 packet – IP
• Tunneling– allows senders to encapsulate their data in IP
packets that hide the routing and switching infrastructure of the Internet
– to ensure data security against unwanted viewers, or hackers
![Page 8: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/8.jpg)
8
VPN Components
Protocols:• IP Security (IPSec)– Transport mode– Tunnel mode
• Point-to-Point Tunneling Protocol (PPTP)– Voluntary tunneling method– Uses PPP (Point-to-Point Protocol)
![Page 9: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/9.jpg)
9
VPN Components
Protocols:• Layer 2 Tunneling Protocol (L2TP)– Exists at the data link layer of OSI– Composed from PPTP and L2F (Layer 2
Forwarding)– Compulsory tunneling method
![Page 10: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/10.jpg)
10
VPN Components
Security:• Authentication– Determine if the sender is the authorized person
and if the data has been redirect or corrupted – User/System Authentication– Data Authentication
![Page 11: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/11.jpg)
11
VPN Components
![Page 12: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/12.jpg)
12
Configuring Virtual Private Networking for Remote Clients
![Page 13: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/13.jpg)
13
Creating a Remote Access PPTP VPN Server
• Enabling the ISA Firewall’s VPN Server component
• Creating an Access Rule allowing VPN Clients access to the Internal network
• Enabling Dial-in Access for VPN User Accounts• Testing a PPTP VPN Connection
![Page 14: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/14.jpg)
14
Enable the VPN Server
Enable VPN Client AccessEnable VPN
Client Access
Warning About address assignment
Warning About address assignment
![Page 15: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/15.jpg)
15
Assigning IP Address Assignment for Remote Users
• Remote users that will be establishing a VPN tunnel require an IP address to properly communicate through the tunnel to the internal network
![Page 16: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/16.jpg)
16
Authenticating VPN Users
• Authenticating directly against Active Directory
• Implement RADIUS Authentication
• Authenticate against local users
![Page 17: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/17.jpg)
17
Working with and Creating Rules for the VPN Clients Network
create default rules that allow VPN clientsaccess into the network
create default rules that allow VPN clientsaccess into the network
![Page 18: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/18.jpg)
18
RADIUS Authentication for VPNConnections
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
![Page 19: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/19.jpg)
19
Setting Up the ISA Server as an IAS Client
Define a RADIUS server shared keyDefine a RADIUS
server shared key
![Page 20: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/20.jpg)
20
Configuring ISA to Use IAS for Authentication
Define a RADIUS server shared key in ISA
Define a RADIUS server shared key in ISA
Modify RADIUS server settings for VPN client
access
Modify RADIUS server settings for VPN client
access
![Page 21: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/21.jpg)
21
Configuring an ISA VPN Connection to Use PPTP
![Page 22: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/22.jpg)
22
Creating Layer 2 Tunneling Protocol (L2TP) VPN
Enter an IPSec pre-shared key.
Enter an IPSec pre-shared key.
![Page 23: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/23.jpg)
23
Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support
• Installing the Enterprise Root Certificate Authority (CA)
• Configuring the Enterprise Root CA• Requesting a Certificate for the ISA VPN
Server• Requesting a Certificate for the VPN Client• Downloading the CA Certificate• Exporting and Importing Certificates
![Page 24: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/24.jpg)
24
Configuring Virtual Private Networking for Remote Sites
![Page 25: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/25.jpg)
25
Site-to-Site VPN Capabilities
• Point-to-Point Tunneling Protocol (PPTP)• Layer 2 Tunneling Protocol (L2TP)• IPSec Tunnel Mode
![Page 26: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/26.jpg)
26
Preparing ISA Servers for Site-to-Site VPN Capabilities
• Define the IP Address Assignment• Enable VPN client access• Create local VPN user accounts on both
servers, and enable dial-in access for those accounts.
• Run through the Site-to-Site VPN wizard to configure all necessary networks, network rules, and access rules.
• Repeat the steps on the remote server.
![Page 27: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/27.jpg)
27
Create VPN Site-to-Site
![Page 28: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/28.jpg)
28
Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote
OfficesCreate a PPTP Site-to-Site VPN
ConnectionCreate a PPTP Site-to-Site VPN
Connection
![Page 29: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/29.jpg)
29
Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN
• Deciding Between Shared Key and PKI• Configuring a PKI Infrastructure for PKI-Based
Certificate Encryption• Requesting a Certificate for the ISA VPN
Server• Creating an L2TP/IPSec Site-to-Site VPN
Connection
![Page 30: Configuring Virtual Private Networks for Remote Clients and Networks](https://reader034.vdocuments.us/reader034/viewer/2022051115/568145f9550346895db30372/html5/thumbnails/30.jpg)
30
Setting Up an IPSec Tunnel Mode VPN Connection