![Page 1: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/1.jpg)
1
Configuring Virtual Private Networks for Remote Clients and Networks
![Page 2: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/2.jpg)
2
What Is Virtual Private Networking?
• Virtual private networking allows secure remote access to resources on an organization’s internal network for users outside the network
• A VPN is a virtual network that enables communication between a remote access client and computers on the internal network or between two remote sites separated by a public network such as the Internet
![Page 3: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/3.jpg)
3
Types of VPNs
• Remote Access VPN– Provides access to
internal corporate network over the Internet
– Reduces long distance, modem bank, and technical support costs
InternetInternet
CorporateSite
![Page 4: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/4.jpg)
4
Types of VPN
• Site-to-Site VPN– Connects multiple
offices over Internet– Reduces
dependencies on frame relay and leased lines
InternetInternet
BranchOffice
Corporate Site
![Page 5: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/5.jpg)
5
Types of VPN• Extranet VPN– Provides business
partners access to critical information (leads, sales tools, etc)
– Reduces transaction and operational costs
CorporateSite
InternetInternet
Partner #1
Partner #2
![Page 6: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/6.jpg)
6
What a VPN needs
• VPNs must be encrypted – so no one can read it
• VPNs must be authenticated• No one outside the VPN can alter the VPN• All parties to the VPN must agree on the security
properties
![Page 7: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/7.jpg)
7
VPN Topology
• Operates at layer 2 or 3 of OSI model– Layer 2 frame – Ethernet– Layer 3 packet – IP
• Tunneling– allows senders to encapsulate their data in IP
packets that hide the routing and switching infrastructure of the Internet
– to ensure data security against unwanted viewers, or hackers
![Page 8: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/8.jpg)
8
VPN Components
Protocols:• IP Security (IPSec)– Transport mode– Tunnel mode
• Point-to-Point Tunneling Protocol (PPTP)– Voluntary tunneling method– Uses PPP (Point-to-Point Protocol)
![Page 9: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/9.jpg)
9
VPN Components
Protocols:• Layer 2 Tunneling Protocol (L2TP)– Exists at the data link layer of OSI– Composed from PPTP and L2F (Layer 2
Forwarding)– Compulsory tunneling method
![Page 10: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/10.jpg)
10
VPN Components
Security:• Authentication– Determine if the sender is the authorized person
and if the data has been redirect or corrupted – User/System Authentication– Data Authentication
![Page 11: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/11.jpg)
11
VPN Components
![Page 12: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/12.jpg)
12
Configuring Virtual Private Networking for Remote Clients
![Page 13: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/13.jpg)
13
Creating a Remote Access PPTP VPN Server
• Enabling the ISA Firewall’s VPN Server component
• Creating an Access Rule allowing VPN Clients access to the Internal network
• Enabling Dial-in Access for VPN User Accounts• Testing a PPTP VPN Connection
![Page 14: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/14.jpg)
14
Enable the VPN Server
Enable VPN Client AccessEnable VPN
Client Access
Warning About address assignment
Warning About address assignment
![Page 15: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/15.jpg)
15
Assigning IP Address Assignment for Remote Users
• Remote users that will be establishing a VPN tunnel require an IP address to properly communicate through the tunnel to the internal network
![Page 16: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/16.jpg)
16
Authenticating VPN Users
• Authenticating directly against Active Directory
• Implement RADIUS Authentication
• Authenticate against local users
![Page 17: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/17.jpg)
17
Working with and Creating Rules for the VPN Clients Network
create default rules that allow VPN clientsaccess into the network
create default rules that allow VPN clientsaccess into the network
![Page 18: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/18.jpg)
18
RADIUS Authentication for VPNConnections
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
Install the Internet Authentication Service (IAS) for Active Directory RADIUS Support
![Page 19: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/19.jpg)
19
Setting Up the ISA Server as an IAS Client
Define a RADIUS server shared keyDefine a RADIUS
server shared key
![Page 20: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/20.jpg)
20
Configuring ISA to Use IAS for Authentication
Define a RADIUS server shared key in ISA
Define a RADIUS server shared key in ISA
Modify RADIUS server settings for VPN client
access
Modify RADIUS server settings for VPN client
access
![Page 21: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/21.jpg)
21
Configuring an ISA VPN Connection to Use PPTP
![Page 22: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/22.jpg)
22
Creating Layer 2 Tunneling Protocol (L2TP) VPN
Enter an IPSec pre-shared key.
Enter an IPSec pre-shared key.
![Page 23: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/23.jpg)
23
Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support
• Installing the Enterprise Root Certificate Authority (CA)
• Configuring the Enterprise Root CA• Requesting a Certificate for the ISA VPN
Server• Requesting a Certificate for the VPN Client• Downloading the CA Certificate• Exporting and Importing Certificates
![Page 24: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/24.jpg)
24
Configuring Virtual Private Networking for Remote Sites
![Page 25: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/25.jpg)
25
Site-to-Site VPN Capabilities
• Point-to-Point Tunneling Protocol (PPTP)• Layer 2 Tunneling Protocol (L2TP)• IPSec Tunnel Mode
![Page 26: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/26.jpg)
26
Preparing ISA Servers for Site-to-Site VPN Capabilities
• Define the IP Address Assignment• Enable VPN client access• Create local VPN user accounts on both
servers, and enable dial-in access for those accounts.
• Run through the Site-to-Site VPN wizard to configure all necessary networks, network rules, and access rules.
• Repeat the steps on the remote server.
![Page 27: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/27.jpg)
27
Create VPN Site-to-Site
![Page 28: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/28.jpg)
28
Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote
OfficesCreate a PPTP Site-to-Site VPN
ConnectionCreate a PPTP Site-to-Site VPN
Connection
![Page 29: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/29.jpg)
29
Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN
• Deciding Between Shared Key and PKI• Configuring a PKI Infrastructure for PKI-Based
Certificate Encryption• Requesting a Certificate for the ISA VPN
Server• Creating an L2TP/IPSec Site-to-Site VPN
Connection
![Page 30: 1 Configuring Virtual Private Networks for Remote Clients and Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062421/56649d235503460f949f924a/html5/thumbnails/30.jpg)
30
Setting Up an IPSec Tunnel Mode VPN Connection