1 / 13

Virtual Private Networks

Virtual Private Networks. Warren Toomey. Available WAN Links. Available WAN Links. Dedicated Links: very expensive, fixed endpoints Packet-Switched: expensive, fixed endpoints but some choice What if we need a cheaper alternative, or one where the endpoints can move around?

loan
Download Presentation

Virtual Private Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks Warren Toomey

  2. Available WAN Links

  3. Available WAN Links • Dedicated Links: very expensive, fixed endpoints • Packet-Switched: expensive, fixed endpoints but some choice • What if we need a cheaper alternative, or one where the endpoints can move around? • We have to use the Internet • Our traffic goes through other peoples’ routers

  4. A Dilemma • We want to interconnect parts of our enterprise over long distances • But we are using a public network to do so

  5. Virtual Private Network • What we want is a WAN link: link with an IP address at each end, and one which carries traffic that others cannot see • VPN: Virtual Private Network • Virtual: Information within a private network is transported over a public network • Private: The traffic is encrypted to keep the data confidential

  6. Benefits of VPNs • Cost Savings: cheaper than dedicated links • Scalability: use existing Internet connection • Security: encryption ensures traffic is secure

  7. VPN Tunnels • A VPN tunnel acts like a WAN link • In reality, it is a collection of public routers and LAN/WAN links • Traffic enters the tunnel, and traverses the tunnel until it reaches the other end • The traffic needs to be encapsulated: • Placed into the network protocol used on the physical links of the tunnel • Example: IP packets are encapsulated in IP packets

  8. VPN Tunnels

  9. VPN Encryption

  10. GRE: VPN Technology • Generic Routing Encapsulation • VPN technology developed by Cisco • Set up on two routers with public IP addrs • To form a tunnel between them • Carrying private IP traffic over public Internet

  11. GRE Example • R1 has public IP address 1.1.1.1 • R2 has public IP address 2.2.2.2 • R1 has a private LAN 192.168.1.0/24 • R2 has a private LAN 192.168.2.0/24

  12. GRE Example • We want to route traffic between the private LANs. We need a tunnel between them • The GRE tunnel acts like a WAN link • Each end has an “interface” with an IP address • Just like a s0/0/0 with an IP address

  13. GRE Configuration • We need static routes on each router. Cannot advertise with a routing protocol • R1(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.2 • R2(config)# ip route 192.168.1.0 255.255.255.0 172.16.1.1 • Note: we use the private IP addresses in the static route

More Related