Sie sind auf Seite 1von 33

Click to edit Master subtitle style

site to siteVirtual Private Networks (VPNs)


presentedby:Renjith krishnan P Jithin chand Kg krishnandev

outline

What is a VPN?

Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption

2-

What is a VPN?
A

VPN is A network that uses Internet or other network service to transmit data. VPN includes authentication and encryption to protect data integrity and confidentiality

VPN

Interne t

VPN

Block diagram of a vpn network


10.1.1.0/ 24 192.1.1.1 Internet IPSec Tunnel 200.1.1.2

What is a VPN?
A virtual private network (VPN) is a network that uses public means of transmission (Internet) as its WAN link

What is a VPN?
A

VPN can be created by connecting offices and single users (including mobile users) to the nearest service providers POP (Point of Presence) and using that service providers backbone network, or even the Internet, as the tunnel between offices Traffic that flows through the backbone is encrypted to prevent intruders from spying or intercepting

What is a VPN? (Cont.)

v v

Encrypted connections between mobile or remote users and their corporate networks Remote user can make a local call to an ISP, as opposed to a long distance call to the corporate remote access server. Ideal for a telecommuter or mobile sales people. VPN allows mobile workers & telecommuters to take advantage of broadband connectivity. i.e. DSL, Cable

Applications of site to site vpn

Who uses VPNs?

VPNs can be found in homes, workplaces, or anywhere else as long as an ISP (Internet Service Provider) is available. VPNs allow company employees who travel often or who are outside their company headquarters to safely and securely connect to their companys

3 Types of VPN
Remote-Access Site-to-Site Site-to-Site

VPN

VPN (Intranet-based) VPN (Extranet-based)

Remote-Access VPN

Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a

Site-to-Site VPN
Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN. Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a

All 3 types of VPN

VPN Protocols

There are three main protocols that power the vast majority of VPNs:
PPTP L2TP IPsec

All three protocols emphasize encryption and authentication; preserving data integrity that may be sensitive and allowing

VPN Protocols (In depth)

Point-to-point tunneling protocol (PPTP)

PPTP is widely supported by Microsoft as it is

Layer Two tunneling protocol (L2TP)

built into the various flavors of the Windows OS PPTP initially had weak security features, however, Microsoft continues to improve its support
L2TP was the original competitor to PPTP and

was implemented primarily in Cisco products L2TP is a combination of the best features of an older protocol L2F and PPTP L2TP exists at the datalink layer (Layer 2) of the OSI model

provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. IPSec can encrypt data between various devices, such as: Router to router Firewall to router PC to router

site to siteVPN Protocols Internet Protocol Security Protocol (IPSec)

VPN Tunneling

VPN Tunneling supports two types: voluntary tunneling and compulsory tunneling Voluntary tunneling is where the VPN client manages the connection setup. Compulsory tunneling is where the carrier network provider manages the VPN connection setup.

Tunneling

Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.

Tunneling requires three different protocols: Passenger protocol - The original data (IPX, IP) being carried Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data Carrier protocol - The protocol used by the network that the information is

VPN Packet Transmission


Packets are first encrypted before sent out for transmission over the Internet. The encrypted packet is placed inside an unencrypted packet. The unencrypted outer packet is read by the routing equipment so that it may be properly routed to its destination Once the packet reaches its destination, the outer packet is stripped off and the inner packet is decrypted

VPN Security: Firewalls


A well-designed VPN uses several methods for keeping your connection and data secure: Firewalls Encryption IPSec AAA Server

You can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through.

Encryption
Used

to convert data to a secret code for transmission over an trusted network


Clear Text The cow jumped over the moon Encryp tion Algorit hm Encrypted Text 4hsd4e3mjv d3sd a1d38esdf2w 4d

21

Cisco 1841 Series Routers


Some VPN products, such as Cisco 1841 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them.

VPN Concentrator

Incorporating the most advanced encryption and authentication techniques available, Cisco VPN concentrators are built specifically for creating a remote-access VPN. The concentrators are offered in models suitable for everything from small businesses with up to 100 remoteaccess users to large organizations with up to 10,000 simultaneous

Advantages of VPNs

There are two main advantages of VPNs, namely cost savings and scalability VPNs lower costs by eliminating the need for expensive long-distance leased lines. A local leased line or even a broadband connection is all thats needed to connect to the Internet and utilize the public network to securely

Advantages of VPNs (continued)


As the number of company branches grows, purchasing additional leasedlines increases cost exponentially, which is why VPNs offer even greater cost savings when scalability is an issue VPNs may also be used to span globally, which lowers cost even more when compared to traditional leased lines

Disadvantages of VPNs
Because

the connection travels over public lines, a strong understanding of network security issues and proper precautions before VPN deployment are necessary VPN connection stability is mainly in control of the Internet stability, factors outside an organizations control Differing VPN technologies may not work together due to immature standards

Summary
A virtual private network (VPN) is a network that uses public means of transmission (Internet) as its WAN link, connecting clients who are geographically separated through secure tunneling methods Main VPN protocols include PPTP, L2TP, and IPsec VPN Tunneling supports two types: voluntary tunneling and compulsory tunneling Cost and Scalability are the main advantages of a VPN Network security and Internet stability

Industries That May Use a VPN q Healthcare: enables the transferring of


q

confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches
28 General Business: communication between

Some Businesses using a VPN


P VPNCVS Pharmaceutical Corporation upgraded their frame relay network to an I Bacardi & Co. Implemented a 21country, 44-location VPN

29

Device Types
What it means 3 types
Hardware Firewall Software

Software used
Putty Gns3 Wireshark hyperterminal

Hardwae used
Ciscco

1841routers modems

The End
Thank you all for your time. We hope you found this presentation informative.