VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse

VPN Introduction Virtual private networking (VPN) in Microsoft Windows 2000 allows mobile users to connect over the Internet to a remote network. With virtual private networking, the user calls the local ISP and then uses the Internet to make the connection to the Network Access Server (NAS). Users only make a local call to the ISP instead of expensive long distance telephone calls to the remote access server.

How VPN Works ISA Server is configured as a VPN Server The local ISA VPN computer connects to its ISP The remote VPN wizard runs on the ISA Server on the remote network The remote ISA Server VPN computer connects to its ISP When a computer on the local network communicates with a computer on the remote network, data is encapsulated and sent through the VPN tunnel

Main Modules System Requirement VPN Requirement Microsoft Layer 2 Tunneling Protocols Cables/Service for Internet Connection How to Install and Enable VPN How to Configure the VPN Server (Configure the Remote Access Server as a Router) How to Configure the VPN Client

Module System Requirement

Microsoft Windows 2000, Server Microsoft Windows 2000, Professional

END OF SYSTEM REQUIREMENT MODULE

Module VPN Requirement

User Authentication Address Management Data Encryption Multi-Protocol Support Access Management

User Authentication The solution must identify the user’s identity and only allow access to authorized users. The user account can be a local account on the VPN server or, in most cases, a domain account granted appropriate dial-in permissions. The default policy for remote access is “Allowed access if dial-in permission is enabled.”

Address Management VPN must assign the client an IP address on the private network The VPN server can assign the clients IP address using DHCP or a static pool of IP addresses Clients typically will have an IP address from the ISP and an IP on the private network after the VPN connection is established

Data Encryption Data sent and received over the Internet must be encrypted for privacy PPTP and L2TP use PPP-based data encryption methods Optionally you can use Microsoft Point-to-Point Encryption (MPPE), based on the RSA RCA algorithm Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server.

Multi-Protocol Support Microsoft Layer 2 Tunneling Protocol supports multiple payload protocols, which makes it easy for tunneling clients to access their corporate networks using IP, IPX, and NetBUI.

Access Management Manage addresses and name server –VPN must have IP address available to assign to VPN client during the IP Control Protocol (IPCP) negotiation phase of the connection process. –The IP address assigned to the VPN client is assigned to virtual interface of the VPN client. Manage access by user account Manage access by group membership

END OF VPN REQUIRMENT MODULE

Module Microsoft Layer 2 Tunneling Protocols

PPTP – Point-to-Point Tunneling Protocol –Uses a TCP connection for tunnel maintenance and generic routing encapsulated PPP frames for tunneled data. –The payloads of the encapsulated PPP frames can be encrypted and/or compressed. L2TP – Layer 2 Tunneling Protocol –Uses UDP and a series of L2TP messages for tunnel maintenance.

END OF MICROSOFT LAYER 2 TUNNELING PROTOCOL

Module Cables/Service for Internet Connection

Cables/service for Internet Connection Should use a dedicated line such as T-1, Fractional T- 1, or Frame Relay. –T-1: a dedicated phone connection supporting data rates of 1.544Mbits per second, consists of 24 individual channels, each supports 64Kbits per second. –Fractional T-1: One or more channels of a T-1 services, less bandwidth, and less expensive. –Frame Relay: ( a way of utilizing existing T-1 and T-3 lines owned by a service provider), a packet- switching protocol for connecting devices on a WAN.

END OF CABLES/SERVICE FOR INTERNET CONNECTION MODULE

Module How to Install and Enable VPN

Install and Enable VPN VPN is automatically installed when one installs Windows 2000

INTERNET CONNECTION NEDDED (DSL) CAN LEASE T-1 LINE COMPANY WILL PROVIDE REAL IP ADDRESS

END OF HOW TO INSTALL AND ENABLE VPN MODULE

Module How to Configure the VPN Server

How to Configure the VPN Server (Configure the Remote Access Server as a Router) : Preview Allow remote access server to forward traffic properly in side network. Allow other locations in the intranet to be reached from the remote access. Configure as router with static route or routing protocols.

Steps for Configuring Remote Access Server as a Router start Administrative Tools Click Routing & Remote AccessRight-click Server Name Click Properties On General tap Click Enable This Computer As a Router Select either LAN routing only or LAN and demand dial routing Ok

END OF HOW TO CONFIGURE THE VPN SERVER MODULE

Module How to Configure the VPN Client

END OF HOW TO CONFIGURE A VPN CLIENT

Summary VPN must assign the client an IP address on the private network Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server

Web Reference For more information on VPN, visit –Keyword “VPN”

Glossary Virtual Private Network (VPN)- a network that is constructed by using public wires to connect nodes. Tunneling- A technology that enables one network to send its data via another network's connections. Point-to-Point Tunneling Protocol (PPTP)- is used to ensure that messages transmitted from one VPN node to another are secure. Layer Two Tunneling Protocol (L2TP)- Provides data encryption, authentication, and integrity and IPSec.

END OF VPN PROJECT