Virtual Private Network (VPN)

Virtual Private Network (VPN)

SCSC 455

VPN

• A virtual private network that is established over, in general, the Internet– It is virtual because it exists as a virtual entity

within a public network– It is private because it is confined to a set of

private users

Private Networks vs.

Virtual Private Networks

• Employees can access the network (Intranet) from remote locations.

• Secured networks.• The Internet is used as the backbone for VPNs• Saves cost tremendously from reduction of

equipment and maintenance costs.• Scalability

Why is it a Virtual Private Network?

• From the user’s perspective, it appears as a network consisting of dedicated network links– These links appear as if they are reserved for the

VPN client– Because of encryption, the network appears to be

private

Typical VPN Connection

Tunnel and Connections

• Tunnel– The portion of the network where the data is

encapsulated

• Connection– The portion of the network where the data is

encrypted

Application Areas

• In general, provide users with connection to the corporate network regardless of their location

• The alternative of using truly dedicated lines for a private network are expensive propositions

Some Common Uses of VPN

• Provide users with secured remote access over the Internet to corporate resources

• Connect two computer networks securely over the Internet– Example: Connect a branch office network to the network

in the head office

• Secure part of a corporate network for security and confidentiality purpose

Remote Access Over the Internet

Connecting Two Computer Networks Securely

Basic VPN Requirements• User Authentication

– VPN must be able to verify user authentication and allow only authorized users to access the network

• Address Management – Assign addresses to clients and ensure that private addresses

are kept private on the VPN• Data Encryption

– Encrypt and decrypt the data to ensure that others on the not have access to the data

• Key Management– Keys must be generated and refreshed for encryption at the

server and the client• Multi-protocol Support

– The VPN technology must support commons protocols on the Internet such as IP, IPX etc.

VPN Implementation Protocols

• Point-to-Point Tunneling Protocol (PPTP) of Layer 2 Tunneling Protocol (L2TP)

• IPSec

More on Tunneling

• Tunneling involves the encapsulation, transmission and decapsulation of data packets

• The data is encapsulated with additional headers • The additional headers provide routing information

for encapsulated data to be routed between the end points of a tunnel

Tunneling

Point-to-Point Tunneling Protocol (PPTP)

• Encapsulate and encrypt the data to be sent over a corporate or public IP network

Level 2 Tunneling Protocol

• Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission – Examples of links include X.25, Frame Relay and

ATM

IPSec Tunnel Mode

• Encapsulate and encrypt in an IP header for transmission over an IP network

Layer 2 Tunneling Protocols

• PPTP• L2TP• Both encapsulate the payload in a PPP frame

Layer 3 Tunneling Protocol

• IPSec Tunneling Mode– Encapsulates the payload in an additional IP

header

Other Important Protocols in VPN

• Microsoft Point-to-Point Encryption (MPPE)• Extensible Authentication Protocol (EAP)• Remote Authentication Dial-in User Service

(RADIUS)

Some Example Scenarios

• VPN remote access for employees. • On-demand branch office access. • Persistent branch office access. • Extranet for business partners. • Dial-up and VPNs with RADIUS authentication

Router-to-Router Branch Office Connection

VPN Based Extranet

Dial-up and VPNS with RADIUS Authentication