300 likes | 460 Views
Configuring Virtual Private Networks for Remote Clients and Networks. What Is Virtual Private Networking?. Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network
E N D
Configuring Virtual Private Networks for Remote Clients and Networks
What Is Virtual Private Networking? • Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network • A VPN is a virtual network that enables communication between a remote access client and computers on the internal network or between two remote sites separated by a public network such as the Internet
Types of VPNs Corporate Site • Remote Access VPN • Provides access to internal corporate network over the Internet • Reduces long distance, modem bank, and technical support costs Internet
Types of VPN Corporate Site • Site-to-Site VPN • Connects multiple offices over Internet • Reduces dependencies on frame relay and leased lines Internet Branch Office
Types of VPN Corporate Site • Extranet VPN • Provides business partners access to critical information (leads, sales tools, etc) • Reduces transaction and operational costs Internet Partner #2 Partner #1
What a VPN needs • VPNs must be encrypted • so no one can read it • VPNs must be authenticated • No one outside the VPN can alter the VPN • All parties to the VPN must agree on the security properties
VPN Topology • Operates at layer 2 or 3 of OSI model • Layer 2 frame – Ethernet • Layer 3 packet – IP • Tunneling • allows senders to encapsulate their data in IP packets that hide the routing and switching infrastructure of the Internet • to ensure data security against unwanted viewers, or hackers
VPN Components Protocols: • IP Security (IPSec) • Transport mode • Tunnel mode • Point-to-Point Tunneling Protocol (PPTP) • Voluntary tunneling method • Uses PPP (Point-to-Point Protocol)
VPN Components Protocols: • Layer 2 Tunneling Protocol (L2TP) • Exists at the data link layer of OSI • Composed from PPTP and L2F (Layer 2 Forwarding) • Compulsory tunneling method
VPN Components Security: • Authentication • Determine if the sender is the authorized person and if the data has been redirect or corrupted • User/System Authentication • Data Authentication
Creating a Remote Access PPTP VPN Server • Enabling the ISA Firewall’s VPN Server component • Creating an Access Rule allowing VPN Clients access to the Internal network • Enabling Dial-in Access for VPN User Accounts • Testing a PPTP VPN Connection
Enable the VPN Server Enable VPN Client Access Warning About address assignment
Assigning IP Address Assignment for Remote Users • Remote users that will be establishing a VPN tunnel require an IP address to properly communicate through the tunnel to the internal network
Authenticating VPN Users • Authenticating directly against Active Directory • Implement RADIUS Authentication • Authenticate against local users
Working with and Creating Rules for the VPN Clients Network create default rules that allow VPN clients access into the network
RADIUS Authentication for VPNConnections Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
Setting Up the ISA Server as an IAS Client Define a RADIUS server shared key
Configuring ISA to Use IAS for Authentication Modify RADIUS server settings for VPN client access Define a RADIUS server shared key in ISA
Creating Layer 2 Tunneling Protocol (L2TP) VPN Enter an IPSec pre-shared key.
Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support • Installing the Enterprise Root Certificate Authority (CA) • Configuring the Enterprise Root CA • Requesting a Certificate for the ISA VPN Server • Requesting a Certificate for the VPN Client • Downloading the CA Certificate • Exporting and Importing Certificates
Site-to-Site VPN Capabilities • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP) • IPSec Tunnel Mode
Preparing ISA Servers for Site-to-Site VPN Capabilities • Define the IP Address Assignment • Enable VPN client access • Create local VPN user accounts on both servers, and enable dial-in access for those accounts. • Run through the Site-to-Site VPN wizard to configure all necessary networks, network rules, and access rules. • Repeat the steps on the remote server.
Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote Offices Create a PPTP Site-to-Site VPN Connection
Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN • Deciding Between Shared Key and PKI • Configuring a PKI Infrastructure for PKI-Based Certificate Encryption • Requesting a Certificate for the ISA VPN Server • Creating an L2TP/IPSec Site-to-Site VPN Connection