VPN allows remote users to securely connect to a private network over the public Internet. It uses encryption and tunneling protocols to encapsulate network traffic and protect data in transit. The VPN server assigns clients an IP address on the private network and encrypts data between the client and server using protocols like IPSec. This allows remote users to access resources on the private network securely as if they were local.
1. VIRTUAL PRIVATE
NETWORK
By:
Tammy Be
Khoa Kieu
Stephen Tran
Michael Tse
2. VPN Introduction
• Virtual private networking (VPN) in Microsoft
Windows 2000 allows mobile users to connect
over the Internet to a remote network.
• With virtual private networking, the user calls the
local ISP and then uses the Internet to make the
connection to the Network Access Server (NAS).
• Users only make a local call to the ISP instead of
expensive long distance telephone calls to the
remote access server.
3. How VPN Works
• ISA Server is configured as a VPN Server
• The local ISA VPN computer connects to its ISP
• The remote VPN wizard runs on the ISA Server
on the remote network
• The remote ISA Server VPN computer connects to
its ISP
• When a computer on the local network
communicates with a computer on the remote
network, data is encapsulated and sent through the
VPN tunnel
4.
5. Main Modules
• System Requirement
• VPN Requirement
• Microsoft Layer 2 Tunneling Protocols
• Cables/Service for Internet Connection
• How to Install and Enable VPN
• How to Configure the VPN Server
(Configure the Remote Access Server as a Router)
• How to Configure the VPN Client
10. VPN Requirement
• User Authentication
• Address Management
• Data Encryption
• Multi-Protocol Support
• Access Management
11. User Authentication
• The solution must identify the user’s identity and
only allow access to authorized users.
• The user account can be a local account on the
VPN server or, in most cases, a domain account
granted appropriate dial-in permissions.
• The default policy for remote access is “Allowed
access if dial-in permission is enabled.”
12. Address Management
• VPN must assign the client an IP address on the
private network
• The VPN server can assign the clients IP address
using DHCP or a static pool of IP addresses
• Clients typically will have an IP address from the
ISP and an IP on the private network after the
VPN connection is established
13. Data Encryption
• Data sent and received over the Internet must be
encrypted for privacy
• PPTP and L2TP use PPP-based data encryption
methods
• Optionally you can use Microsoft Point-to-Point
Encryption (MPPE), based on the RSA RCA
algorithm
• Microsoft Implementation of the L2TP protocol
uses IPSec encryption to protect the data stream
form the client to the tunnel server.
14. Multi-Protocol Support
• Microsoft Layer 2 Tunneling Protocol
supports multiple payload protocols, which
makes it easy for tunneling clients to access
their corporate networks using IP, IPX, and
NetBUI.
15. Access Management
• Manage addresses and name server
– VPN must have IP address available to assign
to VPN client during the IP Control Protocol
(IPCP) negotiation phase of the connection
process.
– The IP address assigned to the VPN client is
assigned to virtual interface of the VPN client.
• Manage access by user account
• Manage access by group membership
18. Microsoft Layer 2 Tunneling Protocols
• PPTP – Point-to-Point Tunneling Protocol
– Uses a TCP connection for tunnel maintenance and
generic routing encapsulated PPP frames for
tunneled data.
– The payloads of the encapsulated PPP frames can be
encrypted and/or compressed.
• L2TP – Layer 2 Tunneling Protocol
– Uses UDP and a series of L2TP messages for tunnel
maintenance.
21. Cables/service for Internet
Connection
• Should use a dedicated line such as T-1, Fractional T-
1, or Frame Relay.
– T-1: a dedicated phone connection supporting data
rates of 1.544Mbits per second, consists of 24
individual channels, each supports 64Kbits per
second.
– Fractional T-1: One or more channels of a T-1
services, less bandwidth, and less expensive.
– Frame Relay: ( a way of utilizing existing T-1 and
T-3 lines owned by a service provider), a packet-
switching protocol for connecting devices on a
WAN.
36. How to Configure the VPN Server
(Configure the Remote Access Server as a Router) :
Preview
• Allow remote access server to forward traffic
properly in side network.
• Allow other locations in the intranet to be reached
from the remote access.
• Configure as router with static route or routing
protocols.
37. Steps for Configuring Remote
Access Server as a Router
start Administrative Tools
Click Routing & Remote Access Right-click Server Name
On General tap
Click Properties Click Enable This Computer
As a Router
Select either LAN routing Ok
only or LAN and demand dial routing
49. Summary
• VPN must assign the client an IP address on
the private network
• Microsoft Implementation of the L2TP
protocol uses IPSec encryption to protect
the data stream form the client to the tunnel
server
50. Web Reference
• For more information on VPN, visit
www.Microsoft.com
– Keyword “VPN”
51. Glossary
• Virtual Private Network (VPN)- a network that
is constructed by using public wires to connect
nodes.
• Tunneling- A technology that enables one
network to send its data via another network's
connections.
• Point-to-Point Tunneling Protocol (PPTP)- is
used to ensure that messages transmitted from one
VPN node to another are secure.
• Layer Two Tunneling Protocol (L2TP)-
Provides data encryption, authentication, and
integrity and IPSec.