1 / 23

Virtual Private Networks (Tunnels)

Virtual Private Networks (Tunnels). VPN with PPTP tunnel. Used if:. All routers support VPN tunnels You are using MS-CHAP or EAP-TLS Router authentication uses user-based certificates. VPN with L2TP tunnel. Used if:. All routers support VPN tunnels

ciara-bowen
Download Presentation

Virtual Private Networks (Tunnels)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks(Tunnels)

  2. VPN with PPTP tunnel Used if: • All routers support VPN tunnels • You are using MS-CHAP or EAP-TLS • Router authentication uses user-based certificates VPN with L2TP tunnel Used if: • All routers support VPN tunnels • Router authentication uses computer-based certificates or user-based certificates When Are VPN Tunnels Used?

  3. Components of Remote Connectivity DHCP Server Network Access Server (VPN or Dial-Up) Domain Controller IAS (RADIUS) Server VPN Client Wireless Access Point Dial-up Client • Network access service • Network access clients • Authentication service • Active Directory (not required) Wireless Client

  4. Configuration Requirements for a Network Access Server A network access server is a server that acts as a gateway to a network for a client To configure the network access server, you will need to know: • Whether the server will also act as a router • Authentication methods and providers • Client access • IP address assignment • PPP configuration options • Event logging preferences

  5. What Is a Network Access Client?

  6. What Are Network Access Authentication and Authorization? 2 1 Network Access Client Network Access Server Domain Controller 1 2

  7. CHAP • PAP • SPAP • MS-CHAP • MS-CHAP v2 • EAP-TLS • PEAP • MD-5 Challenge Available Methods of Authentication Remote and wireless authentication methods include: Recommended method for user authentication is by using smart card certificates

  8. 3 4 VPN server authenticates and authorizes the client VPN server transfers data 1 VPN client calls the VPN server 2 VPN server answers the call How a VPN Connection Works A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link VPN Server Domain Controller VPN Client

  9. Transit Network Components of a VPN Connection VPN Tunnel Tunneling Protocols Tunneled Data VPN Server VPN Client Domain Controller Authentication DHCP Server Address and Name Server Allocation

  10. Remote Access Server Remote Access Server Remote User to Corp Net Branch Office to Branch Office Encryption Protocols for a VPN Connection Examples of Remote Access Server Using L2TP/IPSec

  11. Configuration Requirements for a VPN Server Before adding a remote access / VPN server: • Identify which network interface connects to the Internet and which network interface connects to your private network • Identify whether clients receive IP addresses from a DHCP server or the VPN server • Identify whether to authenticate connection requests by RADIUS or by the VPN server

  12. 3 4 RA server authenticates and authorizes the client RA server transfers data 1 Dial-up client calls the RA server 2 RA server answers the call How Dial-up Network Access Works Dial-up networking is the process of a remote access client making a temporary dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider Remote Access Server Domain Controller Dial-upClient

  13. Remote Access Server LAN and Remote Access Protocols WAN Options: Telephone, ISDN, X.25, or ATM Dial-up Client Domain Controller Authentication DHCP Server Address and Name Server Allocation Components of a Dial-up Connection

  14. CHAP • PAP • SPAP • MS-CHAP • MS-CHAP v2 • EAP-TLS • EAP-MD5 Challenge Authentication Methods for a Dial-up Connection Authentication methods for dial-up include: Mutual Authentication Remote Access Server Remote Access User Strongest method: EAP-TLS with smart cards

  15. Configuration Requirements for a Remote Access Server Before adding a remote access server for dial-up access: • Identify whether clients receive IP addresses from a DHCP server or the remote access server • Identify whether to authenticate connection requests by RADIUS or by the remote access server • Verify that users have user accounts configured for dial-up access

  16. Overview of Wireless Network Access A wireless network uses technology that enables devices to communicate by using standard network protocols and electromagnetic waves—not network cabling—to carry signals over part or all of the network infrastructure DHCP Server Network Access Server Domain Controller IAS Server Wireless Access Point Wireless Client

  17. Remote Access Server Authentication Ports Domain Controller DHCP Server Wireless Access Point Wireless Client (Station) Address and Name Server Allocation Components of a Wireless Connection

  18. Wireless Standards

  19. Authentication Methods for Wireless Networks

  20. Lesson: Centralizing Network Access Authentication and Policy Management by Using IAS • What Is RADIUS? • What Is IAS? • How Centralized Authentication Works • How to Configure an IAS Server for Network Access Authentication • How to Configure the Remote Access Server to Use IAS for Authentication

  21. What Is RADIUS? RADIUS is a widely deployed protocol, based on a client/server model, that enables centralized authentication, authorization, and accounting for network access • RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks • Use RADIUS to manage network access centrally across many types of network access • RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies

  22. You can configure IAS to support: RADIUS Server • Dial-up corporate access • Extranet access for business partners • Internet access • Outsourced corporate access through service providers What Is IAS? IAS, a Windows Server 2003 component, is an industry-standard compliant RADIUS server. IAS performs centralized authentication, authorization, auditing, and accounting of connections for VPN, dial-up, and wireless connections

  23. Communicates to the RADIUS client to grant or deny access 4 RADIUS Client 2 Forwards requests to a RADIUS server Domain Controller Client 3 Authenticates requests and stores accounting information Dials in to a local RADIUS client to gain network connectivity 1 How Centralized Authentication Works Remote Access Server RADIUS Server

More Related