Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Published byBathsheba Doris Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or."— Presentation transcript:

1 Virtual Private Networks (Tunnels)

2 When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or EAP-TLS Router authentication uses user-based certificates All routers support VPN tunnels You are using MS-CHAP or EAP-TLS Router authentication uses user-based certificates VPN with L2TP tunnel Used if: All routers support VPN tunnels Router authentication uses computer-based certificates or user-based certificates All routers support VPN tunnels Router authentication uses computer-based certificates or user-based certificates

3 Components of Remote Connectivity Network Access Server (VPN or Dial-Up) IAS (RADIUS) Server DHCP Server Domain Controller Network access service Network access clients Authentication service Active Directory (not required) Network access service Network access clients Authentication service Active Directory (not required) Dial-up Client Wireless Access Point Wireless Client VPN Client

4 Configuration Requirements for a Network Access Server To configure the network access server, you will need to know: To configure the network access server, you will need to know: Whether the server will also act as a router Authentication methods and providers Client access IP address assignment PPP configuration options Event logging preferences Whether the server will also act as a router Authentication methods and providers Client access IP address assignment PPP configuration options Event logging preferences A network access server is a server that acts as a gateway to a network for a client

5 What Is a Network Access Client? Type of ClientDescription VPN Client Connects to a network across a shared or public network Emulates a point-to-point link on a private network Dial-up Client Connects to a network by using a communications network Creates a physical connection to a port on a remote access server on a private network Uses a modem or ISDN adapter to dial in to the remote access server Wireless Client Connects to a network by infrared light and radio frequency technologies Includes many different types of devices

6 What Are Network Access Authentication and Authorization? Network Access Server Network Access Client Domain Controller Authentication Verifies a remote user's identification to the network service that the remote user is attempting to access (interactive logon) 1 1 2 2 1 1 Authorization Verifies that the connection attempt is allowed; authorization occurs after a successful logon attempt 2 2

7 Available Methods of Authentication Remote and wireless authentication methods include: CHAP PAP SPAP MS-CHAP CHAP PAP SPAP MS-CHAP MS-CHAP v2 EAP-TLS PEAP MD-5 Challenge MS-CHAP v2 EAP-TLS PEAP MD-5 Challenge Recommended method for user authentication is by using smart card certificates Recommended method for user authentication is by using smart card certificates

8 Domain Controller VPN Client VPN Server How a VPN Connection Works A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link 3 3 VPN server authenticates and authorizes the client VPN server authenticates and authorizes the client 2 2 VPN server answers the call VPN server answers the call 4 4 VPN server transfers data VPN server transfers data VPN client calls the VPN server VPN client calls the VPN server 1 1

9 Components of a VPN Connection VPN Tunnel Tunneling Protocols Tunneled Data VPN Tunnel Tunneling Protocols Tunneled Data VPN Client VPN Server Address and Name Server Allocation DHCP Server Domain Controller Authentication Transit Network

10 Remote User to Corp Net Remote Access Server Branch Office to Branch Office Remote Access Server Encryption Protocols for a VPN Connection Examples of Remote Access Server Using L2TP/IPSec Category Description PPTP Employs user-level Point-to-Point Protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption L2TP/IPSec Employs user-level PPP authentication methods over a connection that is encrypted with IPSec Recommended authentication method for VPN network access is L2TP/IPSec with certificates

11 Configuration Requirements for a VPN Server Before adding a remote access / VPN server: Identify which network interface connects to the Internet and which network interface connects to your private network Identify whether clients receive IP addresses from a DHCP server or the VPN server Identify whether to authenticate connection requests by RADIUS or by the VPN server Identify which network interface connects to the Internet and which network interface connects to your private network Identify whether clients receive IP addresses from a DHCP server or the VPN server Identify whether to authenticate connection requests by RADIUS or by the VPN server

12 How Dial-up Network Access Works Domain Controller Dial-up Client Dial-up networking is the process of a remote access client making a temporary dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider 3 3 RA server authenticates and authorizes the client RA server authenticates and authorizes the client 2 2 RA server answers the call RA server answers the call 4 4 RA server transfers data RA server transfers data Dial-up client calls the RA server Dial-up client calls the RA server 1 1 Remote Access Server

13 Components of a Dial-up Connection Dial-up Client Address and Name Server Allocation DHCP Server Domain Controller Authentication Remote Access Server Remote Access Server WAN Options: Telephone, ISDN, X.25, or ATM WAN Options: Telephone, ISDN, X.25, or ATM LAN and Remote Access Protocols LAN and Remote Access Protocols

14 Authentication methods for dial-up include: Authentication Methods for a Dial-up Connection Remote Access Server Remote Access User Strongest method: EAP-TLS with smart cards Mutual Authentication CHAP PAP SPAP MS-CHAP CHAP PAP SPAP MS-CHAP MS-CHAP v2 EAP-TLS EAP-MD5 Challenge MS-CHAP v2 EAP-TLS EAP-MD5 Challenge

15 Configuration Requirements for a Remote Access Server Before adding a remote access server for dial-up access: Identify whether clients receive IP addresses from a DHCP server or the remote access server Identify whether to authenticate connection requests by RADIUS or by the remote access server Verify that users have user accounts configured for dial-up access Identify whether clients receive IP addresses from a DHCP server or the remote access server Identify whether to authenticate connection requests by RADIUS or by the remote access server Verify that users have user accounts configured for dial-up access

16 Network Access Server IAS Server DHCP Server Domain Controller Wireless Access Point Wireless Client Overview of Wireless Network Access A wireless network uses technology that enables devices to communicate by using standard network protocols and electromagnetic waves—not network cabling—to carry signals over part or all of the network infrastructure Standard Description Infrastructure WLAN Clients connect to wireless access points Peer-to-peer WLAN Network wireless clients communicate directly with each other without the use of cables

17 Components of a Wireless Connection DHCP Server Remote Access Server Domain Controller Wireless Client (Station) Wireless Client (Station) Wireless Access Point Address and Name Server Allocation Authentication Ports

18 Wireless Standards Standard Description 802.11 A group of specifications for WLANs developed by IEEE Defines the physical and MAC portion of the OSI data-link layer 802.11b 11 megabits per second Good range but susceptible to radio signal interference Popular with home and small business users 802.11a Transmissions speeds as high as 54 Mbps Allows wireless LAN networking to perform better for video and conferencing applications Works well in densely populated areas Is not interoperable with 802.11, 802.11b, 802.11g 802.11g Enhancement to and compatible with 802.11b 54 Mbps but at shorter ranges than 802.11b 802.1x Authenticates clients before it lets them on the network Can be used for wireless or wired LANs Requires greater hardware and infrastructure investment

19 Authentication Methods for Wireless Networks 802.1x Authentication Methods Description EAP-MS-CHAP v2 Provides mutual authentication Uses certificates for server authentication and password-based credentials for client authentication EAP-TLS Provides mutual authentication and is the strongest method of authentication and key determination Uses certificates for both server and client authentication PEAP Provides support for EAP-TLS and EAP-MS-CHAP v2 Encrypts the negotiation process

20 Lesson: Centralizing Network Access Authentication and Policy Management by Using IAS What Is RADIUS? What Is IAS? How Centralized Authentication Works How to Configure an IAS Server for Network Access Authentication How to Configure the Remote Access Server to Use IAS for Authentication

21 What Is RADIUS? RADIUS is a widely deployed protocol, based on a client/server model, that enables centralized authentication, authorization, and accounting for network access RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks Use RADIUS to manage network access centrally across many types of network access RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks Use RADIUS to manage network access centrally across many types of network access RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies

22 What Is IAS? IAS, a Windows Server 2003 component, is an industry-standard compliant RADIUS server. IAS performs centralized authentication, authorization, auditing, and accounting of connections for VPN, dial- up, and wireless connections You can configure IAS to support: Dial-up corporate access Extranet access for business partners Internet access Outsourced corporate access through service providers Dial-up corporate access Extranet access for business partners Internet access Outsourced corporate access through service providers RADIUS Server

23 How Centralized Authentication Works RADIUS Server RADIUS Client Client Dials in to a local RADIUS client to gain network connectivity 1 1 Forwards requests to a RADIUS server 2 2 Authenticates requests and stores accounting information 3 3 Domain Controller Communicates to the RADIUS client to grant or deny access 4 4 Remote Access Server

Download ppt "Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or."

Similar presentations

1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Configuring Routing and Remote Access (RRAS) and Wireless Networking Lesson 5.

Configuring Routing and Remote Access (RRAS) and Wireless Networking Lesson 5.

Similar presentations

Ads by Google