Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Published byBrice Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013."— Presentation transcript:

1 Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013

2 Outline Discussion of Network Address Translation How NAT devices and home routers work Remote Access Protocols Security Protocols Authentication Protocols

3 Network Address Translation (NAT) NAT allows you to connect multiple devices to the internet by using a single device or router (and one IP address) as a proxy (or intermediary) device NAT works by assigning temporary, reusable IP addresses to computers on the home network These computers communicate with the “outside world” THROUGH the proxy device

4 Network Address Translation (NAT) The NAT device sits in between the public internet and the private network it serves It rewrites IP addresses and port numbers in the IP datagram headers on the fly The packets all appear to be coming from (or going to) a single IP address (the IP of the NAT device) instead of the actual source or destination This enables ALL home networks to use the “same set” of 192.168.x.x temporary reusable IPs

5 3 Functions of NAT 1) Switching 2) Routing 3) Translation

6 NAT Device Internal IP AddressExternal IP Address 192.168.32.10 192.168.32.12 192.168.32.14 Registered IP 213.18.123.100 Connection to ISP Switch/Hub Router Translator 213.18.123.100:101 213.18.123.100:102 213.18.123.100:103 IP address / port number The NAT device keeps track of which PC (on the LAN) sends which information by identifying Specific sockets (a combination of IP/port) Local Intranet Remote Internet

7 NAT Link to home networking info http://www.homenethelp.com/connection-sharing.asp NAT can be: 1) A PC configured to assign temporary IPs to home/small office network This is also called PROXY SERVER 2) A device you purchase, like a broadband router http://www.dlink.com/products/broadband/di713p/

8 Proxy Server Two general types of proxy servers 1) IP proxy This is essentially the same thing as NAT Assigning temporary IPs to local hosts in dynamic fashion 2) Web proxy Temporary storage of Web documents on local server Reduce network traffic Reduce time to receive Web documents

9 Web proxy server Local Hosts SwitchRouter Internet Remote Web Server Local Hosts Switch Router Internet Remote Web Server Web Proxy Server

10 NAT MS OSs Come with some form of NAT or Internet Connection Sharing (ICS) built in It is probably best to use a special device – like a broadband router as opposed to a PC Why?

11 NAT High level applications that use TCP/IP have ports with preassigned numbers HTTP = port 80 FTP = port 21 Telnet = port 23 Port numbers 0 – 65536 Ports 0 – 1024 are typically reserved for specific services

12 NAT – How it works PC #1 PC #2 PC #3 NAT Hub or switch Connection to ISP Internet You “lease” a single IP address from your provider, but you have 3 PCs on your home network that need IP addresses Cat 5

13 NAT – How it works PC #1 PC #2 PC #3 NAT Hub or switch Internet You’re assigned 213.18.123.100 from ISP NAT assigns temporary, reusable IPs to home computers on network 192.168.0.10 192.168.0.12 192.168.0.14 NAT “shows” IP address 213.18.123.100 to EVERY remote device on Internet, regardless of where the message originated locally (PC #1, #2, or #3)

14 NAT – How it works PC #1 PC #2 PC #3 NAT Hub or switch Internet 192.168.0.10 192.168.0.12 192.168.0.15 Port 500 Remote Web server You’re assigned 213.18.123.100 from ISP PC #3 sends HTTP request to remote Web server on Internet. The NAT receives packets from 192.168.0.14 / port 500, and converts the outgoing message to 213.18.123.100 / port 80 (for example). TCP stream coming back to NAT from Internet that are addressed to 213.18.123.100 / port 80 belong to PC #3. NAT forwards these packets to 192.168.0.14 /port 500 (this IP only has meaning on the home network). The Web server believes it’s communicating only with NAT – it is unaware of the existence of PC#3

15 Remote Access Remote access technologies allow users to log into a system without being physically present at at the keyboard Remote access to a home network to access files or other resources Remote Desktop – more sophisticated access that essentially allows remote user to “see” and control a actual desktop from remote location

16 Remote Access Services that allow users who are geographically separated from their “home” network to connect and log on to the network Access methods vary based on hardware and software usage (or requirements)

17 Remote Access Client needs some kind of internet connection from their remote location Client needs to travel over an unsecure, public network, connect to the “home” network, and then go through a “home controlled” authentication process before being allowed to access resources on their “home” network

18 Remote Access I’ll skip over Remote Desktop software solutions but you should check out some of the Virtual Network Computing (VNC) software available such as TightVNC (which I have used before) http://compnetworking.about.com/gi/o.htm?zi=1/X J&zTi=1&sdn=compnetworking&cdn=compute&t m=209&f=10&su=p284.13.342.ip_&tt=8&bt=0&bt s=0&zu=http%3A//www.tightvnc.com/http://compnetworking.about.com/gi/o.htm?zi=1/X J&zTi=1&sdn=compnetworking&cdn=compute&t m=209&f=10&su=p284.13.342.ip_&tt=8&bt=0&bt s=0&zu=http%3A//www.tightvnc.com/

19 Remote Access Functionality of remote access protocols TCP and UDP are most commonly used layer 4 transport protocols (TCP/IP stack) Layer 4 protocols are encapsulated in a remote access protocol frame (at layer 2) for transport over a WAN

20 Remote Access From a Network+ perspective Remote Access Service (RAS) / Routing and Remote Access Server (RRAS) a remote access solution included with Windows Server products Both products essentially provide the same service and provide both dialup and VPN support in a Windows environment

21 RAS and RRAS An application program interface (API) designed by Microsoft to utilize and management remote access in a Windows environment RRAS protocol converts a server into a dial-up Remote Access Services (RAS) server capable of handling hundreds of simultaneous connections

22 Remote Access There are many different types of remote access protocols and technologies SSH (Secure Shell) SLIP (Serial Line Interface Protocol) PPP (Point-to-Point Protocol) PPPoE (Point-to-Point Protocol over Ethernet) PPTP (Point-to-Point Tunneling Protocol) VPN (Virtual Private Network) VNC (Virtual Network Computing)

23 Remote Access Protocols Serial Line Internet Protocol (SLIP) Originally designed for UNIX environments Provides point-to-point communications using TCP/IP Point-to-Point Protocol (PPP) is more widely used (popular) than SLIP Has MUCH more capability than SLIP PPPoE (PPP over Ethernet) is the “default” standard for connecting home computers to an ISP via DSL or broadband cable

24 Remote Access Protocols SLIP is limited because it does not support: Protocol stacks other than TCP/IP Network connection authentication Automatic negotiation of the network connection through multiple network connection layers at the same time SLIP: Requires substantial overhead and setup time Does not support date encryption Supports only synchronous transmission

25 Virtual Private Networks (VPN) Connection between remote client and a server on a private LAN that uses the internet as opposed to direct, dedicated physical circuit Private LAN is permanently connected to the internet and has dedicated server configured to receive incoming VPN connections Remote user connects to internet in some way (say dialup) as opposed to directly connecting to their private LAN Provides a secure connection

26 Virtual Private Networks (VPN) VPN requires special software for each connected site Allows only secure communication between remote host and VPN server – protects from unauthorized LAN access Well known VPN protocols include Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP)

27 Virtual Private Networks (VPN) Can use different tunneling, authentication, and security protocols Encapsulates data before sent across a public network Users connect through a local ISP to the local network Ensures that any data sent across a public network is secure via an encrypted tunnel

28 Virtual Private Networks (VPN) Combines advantages of both public and private networks Allows company with multiple sites to have secure connection, but uses public network (Internet) as a carrier Tunneling protocols carry encrypted data (and other protocols) over incompatible delivery networks

29 Virtual Private Networks (VPN) Point-to-Point Tunneling Protocol (PPTP) Offers PPP-based authentication techniques Encrypts data carried by PPTP through using Microsoft Point-to-Point Encryption Supports encryption, authentication, and access services provided by RRAS

30 Virtual Private Networks (VPN) Users can dial directory into RRAS server (part of VPN) or dial into ISP RAS 1 st, then connect to VPN Different NOS platforms can use PPTP although it provides less stringent security than some other tunneling protocols

31 Virtual Private Networks (VPN) Point to Point Tunneling Protocol (PPTP) Connection established between remote host and VPN server Data encapsulated

32 Security Protocols Security protocols are used to create a secure communication channel so that only computers using the same protocol can communicate Internet Security Protocol (IPSec) –can be used with any TCP/IP communications Secure Sockets Layer (SSL) – uses public key encryption and commonly used via the web Wired Equivalent Protocol (WEP) Wi-Fi Protected Access (WPA) – wireless protocol that improves upon WEP 32

33 Authentication Protocols Authentication protocols are used to verify a user’s identity Typically, once you establish a secure channel using a security protocol, you use an authentication protocol to verify users Kerberos Authentication – most widely used authentication protocol Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) 33

34 Summary Basics of NAT and how NAT works What is remote access? Basics of VPN Understand basic differences between remote access, security, and authentication protocols

Download ppt "Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013."

Similar presentations

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction To Networking

Introduction To Networking
Wi-Fi Structures.

Wi-Fi Structures.
Virtual Private Networks Globalizing LANs Timothy Hohman.

Virtual Private Networks Globalizing LANs Timothy Hohman.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)

Similar presentations

Ads by Google