|



  

PREPARED BY
Bhathiji Rahul I.
(08CE202)

GUIDED BY:
Uma Sharma
(Lecturer IT Dept.)
(Gandhinagar Institute of Technology)
 
 
 
 Definition and introductory notes
VPN is the network which uses
open distributed infrastructure of the
internet to transmit data between
corporate sites.
   

 Remote employees interested to
access database of corporations.
 Corporate sites developing new
relations.
 Increasing growth of the corporation.
  | |  


 It provides flexibility and scalability
 Cost advantage.
 akes free from maintenance and
training.
 
 STEP1«
 STEP2«
 STEP3«
 STEP4«
 | 

 The remote user dials into their local ISP
and logs into the ISP¶s network as usual.
 | 


hen connectivity to the corporate network
is desired, the user initiates a tunnel
request to the destination Security server

-
 | 

 The user then sends data through the tunnel
which encrypted by the VPN software before
being sent over the ISP connection
 | 

 The destination Security server receives
the encrypted data and decrypts.
  |
 VLL-Virtual leased lines.
 VPRN-virtual private routed network.
 VPDN-virtual private dial-up network.
 VPLS-virtual private LAN segments.
 Intranet VPN.
 Extranet VPN.
 Remote access VPN.
 
 |  |
 Point to point link
between two CPE
 IP tunnel between
2 ISP edge
routers.
 rames are
relayed between
IP tunnels.
 
 

 
 Emulation of
multisite
AN
using internet.
 Packet forwarding
at network layer.
 VPRN specific
forwarding table
at ISP routers that
forwards the
traffic.

 


 
 n demand tunnel between remote user
and corporate sites.
 There are possible 2 tunnels.

1« compulsory tunnel.
2« voluntary tunnel
 

|
 
 In this scenario L2TP
Access Contractor
(LAC) acting as a dial
or network access
server extends a PPP
session across a
backbone using L2TP
to a remote L2TP
Network Server (LNS).
The operation of
initiating the PPP
session to the LAC is
transparent to the user.
 
 
 
 Voluntary tunnel
refers to the case
where an individual
host connects to a
remote site using a
tunnel originating
on the host, with no
involvement from
intermediate
network nodes.
Tunnel mechanism
chosen can be
IPSec or L2TP.
 
 
| 
 |
 A Virtual Private
LAN Segment
(VPLS) is the
emulation of a
LAN segment
using internet
facilities.
   
 The branch office
scenario securely
connects two trusted
intranets within the
organization.
 Routers or firewalls
acting as gateways
for the office with
vpn capabilities can
be used to protect
the corporate traffic.
   
 In this scenario multiple supplier intranets that need
to access a common corporate network over the
Internet. Each supplier is allowed access to only a
limited set of destinations within the corporate
network.
 
  ||
 A remote user wants to be able to communicate
securely and cost-effectively to his corporate intranet.
This can be done by use of an VPN IPSec enabled
remote client and firewall (or gateway).

 

 tunneling is the process of placing an entire packet

within another packet and sending it over a network.
 Tunneling requires Two different protocols
 
 
 
 The truck is the carrier protocol, the box is the
encapsulating protocol and the computer is the
passenger protocol.
  |

 1. PPTP (Point-to-point tunneling

protocol)
 2. IPsec (IP security).
    

  
 m

    

 

   

 
 
   


 
  
    



   



   
 !
  



"!#     m







   $ 

  
 
 %
  
!



   
    
 
 
 
  &

 




 m

'

 
   


 

' 





  

 
 


(
 

) *+'   
   



 
  )
 )+,m-
.  m- /+ 01  

    )

 
- - 
 

")#'  

  
23

    
| 
 
 

     + (
) is a
protocol suite for securing Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a data stream. IPsec also
includes protocols for establishing mutual authentication between agents at
the beginning of the session and negotiation of cryptographic keys to be
used during the session. IPsec can be used to protect data flows between a
pair of hosts (e.g. computer users or servers), between a pair of security
gateways (e.g. routers or firewalls), or between a security gateway and a
host. [1]
 IPsec is a dual mode, end-to-end, security scheme operating at the Internet
Layer of the Internet Protocol Suite or SI model Layer 3. Some other
Internet security systems in widespread use, such as Secure Sockets Layer
(SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in
the upper layers of these models. Hence, IPsec can be used for protecting
any application traffic across the Internet. Applications need not be
specifically designed to use IPsec. The use of TLS/SSL, on the other hand,
must typically be incorporated into the design of applications.
    | 
|  |
* Desktop software client for each remote
user
 Dedicate hardware such as a VPN Concentrator
or Secure
 PIX irewall
 Dedicated VPN server for dial-up services
 NAS (Network Access Server) used by service
provider for
 remote user VPN access
    
 It incorporates the
most advanced
encryption and
authentication
techniques for
Remote access VPN.
  
 



 VPN-optimized
routers provide
scalability, routing,
security and quality of
service.
  
 irewall combines
dynamic network
address translation,
proxy server, packet
filtration, firewall and
VPN capabilities in a
single piece of
hardware.
   |

 Cost saving.
 Reduces the long distance charges of
electronic transactions.
 Concrete security.
|  |
VPNs require an in-depth understanding of
public network security issues and taking proper
precautions in VPN deployment.

The availability and performance of an

organization's wide-area VPN (over the Internet
in particular) depends on factors largely outside
of their control.

VPN technologies from different vendors may

not work well together due to immature
standards.
 
|

 rom this we can conclude that VPN

provides a very safe , secure and cost-
effective communication infrastructure.