Sommaire: Cours Windows virtual private networking An overview
INTRODUCTION
Common Uses of VPNs
Remote User Access Over the Internet
Connecting Networks Over the Internet
Connecting Computers over an Intranet
Basic VPN Requirements
TUNNELING BASICS
Tunneling Protocols
How Tunneling Works
Tunneling Protocols and the Basic Tunneling Requirements
Point-to-Point Protocol (PPP)
Phase 1: PPP Link Establishment
Phase 2: User Authentication
Phase 3: PPP Callback Control
Phase 4: Invoking Network Layer Protocol(s)
Data-Transfer Phase
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Forwarding (L2F)
Layer 2 Tunneling Protocol (L2TP)
PPTP Compared to L2TP
Internet Protocol Security (IPSec) Tunnel Mode
Tunnel Types
Voluntary Tunneling
Compulsory Tunneling
ADVANCED SECURITY FEATURES
Symmetric Encryption vs. Asymmetric Encryption (Private Key vs. Public
Certificates
Extensible Authentication Protocol (EAP)
Transaction-level Security (EAP-TLS)
IP Security (IPSec)
Negotiated Security Association
Authentication Header
Encapsulation Security Header
USER ADMINISTRATION
Support in RAS
Scalability
RADIUS
ACCOUNTING, AUDITING, AND ALARMING
CONCLUSION
For More Information
Extrait du cours Windows virtual private networking An overview
INTRODUCTION
A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this by allowing the user to tunnel through the Internet or another public network in a manner that provides the same security and features formerly available only in private networks (see Figure 1).
VPNs allow users working at home or on the road to connect in a secure fashion to a remote corporate server using the routing infrastructure provided by a public internetwork (such as the Internet). From the user’s perspective, the VPN is a point to-point connection between the user’s computer and a corporate server. The nature of the intermediate internetwork is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.
Connecting Networks Over the Internet
There are two methods for using VPNs to connect local area networks at remote sites:
– Using dedicated lines to connect a branch office to a corporate LAN.
Rather than using an expensive long-haul dedicated circuit between the branch office and the corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and local ISP to connect to the Internet. The VPN software uses the local ISP connections and the Internet to create a virtual private network between the branch office router and corporate hub router.
Connecting Computers over an Intranet
In some corporate internetworks, the departmental data is so sensitive that the department’s LAN is physically disconnected from the rest of the corporate internetwork. Although this protects the department’s confidential information, it creates information accessibility problems for those users not physically connected to the separate LAN.
Basic VPN Requirements
Typically, when deploying a remote networking solution, an enterprise needs to facilitate controlled access to corporate resources and information. The solution must allow roaming or remote clients to connect to LAN resources, and the solution must allow remote offices to connect to each other to share resources and information (LAN-to-LAN connections). In addition, the solution must ensure the privacy and integrity of data as it traverses the Internet. The same concerns apply in the case of sensitive data traversing a corporate internetwork.
TUNNELING BASICS
Tunneling is a method of using an internetwork infrastructure to transfer data for one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork. The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is unencapsulated and forwarded to its final destination. Tunneling includes this entire process (encapsulation, transmission, and unencapsulation of packets).
Tunneling Protocols
For a tunnel to be established, both the tunnel client and the tunnel server must be using the same tunneling protocol.
Tunneling technology can be based on either a Layer 2 or a Layer 3 tunneling protocol. These layers correspond to the Open Systems interconnection (OSI) Reference Model. Layer 2 protocols correspond to the data-link layer and use frames as their unit of exchange. PPTP and L2TP and Layer 2 Forwarding (L2F) are Layer 2 tunneling protocols; both encapsulate the payload in a PPP frame to be sent across an internetwork. Layer 3 protocols correspond to the Network layer, and use packets. IP-over-IP and IP Security (IPSec) Tunnel Mode are examples of Layer 3 tunneling protocols. These protocols encapsulate IP packets in an additional IP header before sending them across an IP internetwork.
How Tunneling Works
For Layer 2 tunneling technologies, such as PPTP and L2TP, a tunnel is similar to a session; both of the tunnel endpoints must agree to the tunnel and must negotiate configuration variables, such as address assignment or encryption or compression parameters. In most cases, data transferred across the tunnel is sent using a datagram-based protocol. A tunnel maintenance protocol is used as the mechanism to manage the tunnel.
Layer 3 tunneling technologies generally assume that all of the configuration issues have been handled out of band, often by manual processes. For these protocols, there may be no tunnel maintenance phase. For Layer 2 protocols (PPTP and L2TP), however, a tunnel must be created, maintained, and then terminated.
…….
Cours Windows virtual private networking: An overview (1359 KO) (Cours DOC)