A well-designed VPN can greatly benefit a company. For example, it can:
- Extend geographic connectivity
- Improve security
- Reduce operational costs versus traditional WAN
- Reduce transit time and transportation costs for remote users
- Improve productivity
- Simplify network topology
- Provide global networking opportunities
- Provide telecommuter support
- Provide broadband networking compatibility
- Provide faster ROI (return on investment) than traditional WAN
What features are needed in a well-designed VPN? It should incorporate:
- Security
- Reliability
- Scalability
- Network management
- Policy management
A VPN supports at least three different modes of use:
Remote Access (RAS) VPN - Under this application only a single VPN gateway is involved. The other party involved in negotiating the secure communication channel with the VPN Gateway is a PC or laptops that is connected to the Internet and running VPN Client software. The VPN Client allows telecommuters and traveling users to communicate on the central network and access servers from many different locations.
Benefit : Significant cost savings by reducing the burden of long distance charges associated with dial-up access. Also helps increase productivity and peace of mind by ensuring secure network access regardless of where an employee physically is.
Site-to-Site Intranet VPN - With Intranet VPN, gateways at various physical locations within the same business negotiate a secure communication channel across the Internet known as a VPN tunnel. An example would be a network that exists in several buildings connected to a data center or mainframe that has secure access through private lines. Users from the networks on either side of the tunnel can communicate with one another as if it were a single network. These may need strong encryption and strict performance and bandwidth requirements.
Benefit : Substantial cost savings over traditional leased-line or frame relay technologies through the use of Internet to bridge potentially long distances between sites.
Site-to-Site Extranet VPN - Almost identical to Intranets, except they are meant for external business partners. As such, firewall access restrictions are used in conjunction with VPN tunnels, so that business partners are only able to gain secure access to specific data / resources, while not gaining access to private corporate information.
Benefit : Businesses enjoy the same policies as a private network, including security, QoS, manageability, and reliability.
The packets will encapsulated with tunneling protocol,later packet will De-encapsulted at client.
Tunneling Protocols
1.PPTP - point to point tunneling protocol. working L2
Developed microsoft and security issues.
2.L2TP -Layer 2 tunneliny - woring in l2
Enhanced PPTP with security features by cisco -
3. IP sec - working @ L3
4.Socks
These protocols will do encryption and authentication.IPSEC -
Encrytption - DES,3DES,MD5 DH ( Diffe Helman )
Authentication : SHA1,MD5,RSA
crypto ipsec transform-set
<name> ah-md5-hmac esp-des
show crypto isakmp sa
VPN tunneling
logical connection to Client and server.The packets will encapsulated with tunneling protocol,later packet will De-encapsulted at client.
Tunneling Protocols
1.PPTP - point to point tunneling protocol. working L2
Developed microsoft and security issues.
2.L2TP -Layer 2 tunneliny - woring in l2
Enhanced PPTP with security features by cisco -
3. IP sec - working @ L3
4.Socks
These protocols will do encryption and authentication.IPSEC -
Encrytption - DES,3DES,MD5 DH ( Diffe Helman )
Authentication : SHA1,MD5,RSA
crypto ipsec transform-set
<name> ah-md5-hmac esp-des
show crypto isakmp sa