Lesson
12:�Understanding Virtual Private Networks
What Are
VPNs? | VPN
Technologies | Access,
Intranet, and Extranet VPNs | VPN
Examples
VPN Technologies
Let’s take a look at some of the technologies that
are integral to virtual private networks.
VPN Technology Building Blocks
Business-ready VPNs rely on both security
and QoS technologies. Let’s take a look at both of these
in more detail.
Security
Deploying WANs on a shared network makes
security issues paramount. Enterprises need to be assured
that their VPNs are secure from perpetrators observing or
tampering with confidential data passing over the network
and from unauthorized users gaining access to network resources
and proprietary information. Encryption, authentication, and
access control guard against these security breaches.
Key components of VPN security are as follows:
- Tunnels and encryption
- Packet authentication
- Firewalls and intrusion detection
- User authentication
These mechanisms complement each other, providing security
at different points throughout the network. VPN solutions
must offer each of these security features to be considered
a viable solution for utilizing a public network infrastructure.
Let’s start by looking at tunnels and encryption. We’re
going to look in detail at Layer 2 Tunneling Protocol (L2TP),
Generic Routing Encapsulation (GRE), for tunnel support, as
well as the strongest standard encryption technologies available---
IPSec, DES and 3DES.
Tunneling: L2F/L2TP
Layer 2 Forwarding (L2F) enables remote clients
to gain access to corporate networks through existing public
infrastructures, while retaining control of security and manageability.
Cisco has submitted this new technology to the IETF for approval
as a standard. It supports scalability and reliability features
as discussed in later sections of this document.
L2F achieves private network access through a public system
by building a secure "tunnel" across a public infrastructure
to connect directly to a home gateway. The service requires
only local dialup capability, reducing user costs and providing
the same level of security found in private networks.
Using L2F tunneling, service providers can create a virtual
tunnel to link customer remote sites or remote users with
corporate home networks. In particular, a network access server
at the POP exchanges PPP messages with the remote users and
communicates by L2F requests and responses with the customer's
home gateway to set up tunnels. L2F passes protocol-level
packets through the virtual tunnel between endpoints of a
point-to-point connection.
Frames from remote users are accepted by the service provider
POP, stripped of any linked framing or transparency bytes,
encapsulated in L2F, and forwarded over the appropriate tunnel.
The customer's home gateway accepts these L2F frames, strips
the L2F encapsulation, and processes incoming frames for the
appropriate interface.
Layer 2 Tunneling Protocol (L2TP) is an extension to PPP.
It is a draft IETF standard derived from Cisco L2F and Microsoft
Point-to-Point Tunneling Protocol (PPTP). L2TP delivers a
full range of security control and policy management features,
including end-user security policy control. Business customers
have ultimate control over permitting and denying users, services,
or applications.
<<Back
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
Next>>
|
