VPN

¡Supera tus tareas y exámenes ahora con Quizwiz!

PPTP (Point-to-Point Tunneling Protocol) / secure connection within LAN

So how do you make IP addresses appear out of thin air? What tunneling protocol have you learned about that has the smarts to query for an IP address? That's right, Point-to-Point Protocol (PPP) can make the connection. Microsoft got the ball rolling with the Point-to-Point Tunneling Protocol (PPTP), an advanced version of PPP that handles the connection right out of the box. Microsoft places the PPTP endpoints on the client and the server. The server endpoint is a special remote access server program on a Windows server, called Routing and Remote Access Service (RRAS). When your computer connects to the RRAS server on the private network, PPTP creates a secure tunnel through the Internet to the private LAN. Uses authentication and encryption

GRE (Generic Routing Encapsulation) (PPP) (IPsec)

An alternative VPN is the Generic Routing Encapsulation (GRE) protocol paired with IPsec for encryption. You can use GRE to make a point-to-point tunnel connection that carries all sorts of traffic over Layer 3, including multicast and IPv6 traffic.

SSL/TLS - Secure Sockets layer / Transport Layer Security (web browser)

Cisco makes VPN hardware that enables SSL VPNs. These types of VPN offer an advantage over Data Link-or Network-based VPNs because they don't require any special client software. Clients connect to the VPN server using a standard Web browser, with the traffic secured using Transport Layer Security (TLS). (TLS replaced Secure Sockets Layer, or SSL, many years ago, but the SSL VPN moniker stuck.) The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs. With SSL portal VPNs, a client accesses the VPN and is presented with a secure Web page. The client gains access to anything linked on that page, be it e-mail, data, links to other pages, and so on. With tunnel VPNs, in contrast, the client Web browser runs some kind of active control, such as Java, and gains much greater access to the VPN-connected network. SSL tunnel VPNs create a more typical host-to-site (remote access) connection than SSL portal VPNs, but the user must have sufficient permissions to run the active browser controls.

DTLS (datagram TLS) (voice, video) (UDP)

Datagram TLS (DTLS) VPNs optimize connections for delay-sensitive applications, such as voice and video over a VPN. After establishing a traditional TLS tunnel, DTLS VPNs use UDP datagrams rather than TCP segments for communication. This enhances certain types of VPN traffic. Cisco AnyConnect DTLS VPN is the prototypical example of this sort of VPN implementation.

DMVPN (Dynamic Multipoint VPN)

Extending VPN access across a company with multiple locations can create some logistical problems. The Bayland Widgets corporation has a main office in Houston and two satellite offices for manufacturing, one in El Paso and the other in Laredo. A traditional VPN located at the center location would become a bottleneck for traffic. Site-to-site traffic follows a familiar pattern, with the El Paso to Houston and Laredo to Houston connections going to the central VPN. But what about connections between El Paso and Laredo? With a traditional VPN, all that traffic would route through the main VPN in Houston. That seems inefficient! A dynamic multipoint VPN (DMVPN) fixes this problem by enabling direct VPN connections between multiple locations directly. With a DMVPN solution, traffic between El Paso and Laredo happens directly, with no need to travel through the main Houston VPN. The typical DMVPN solution, such as a Cisco DMVPN, employs standard security (IPsec) to make all the connections secure from unwanted prying.

L2TP (Layer 2 Tunneling Protocol) / IPsec / VPN Concentrator

The VPN protocol called Layer 2 Tunneling Protocol (L2TP) took all the good features of PPTP and a Cisco protocol called Layer 2 Forwarding (L2F) and added support to run on almost any type of connection possible, from telephones to Ethernet to ultra-high-speed optical connections. The endpoint on the local LAN went from a server program to a VPN-capable router, called a VPN concentrator. Cisco provides free client software to connect a single faraway PC to a Cisco VPN. This creates a typical host-to-site or client-to-site connection. Network people often directly connect two Cisco VPN concentrators to connect two separate LANs permanently. It's slow, but inexpensive, compared to a dedicated high-speed connection between two faraway LANs. This kind of connection enables two LANs to function as a single network, sharing files and services as if in the same building. This is called a site-to-site VPN connection. L2TP differs from PPTP in that it has no authentication or encryption. L2TP generally uses IPsec for all security needs. Technically, you should call an L2TP VPN an "L2TP/ IPsec" VPN. L2TP works perfectly well in the single-client-connecting-to-a-LAN scenario, too. Every operating system's VPN client fully supports L2TP/ IPsec VPNs.

VPN (Virtual Private Network)

the VPN software creates a virtual NIC on your laptop (endpoint 1), makes a connection with the VPN server at the office (endpoint 2), and then, in essence, creates a virtual direct cable from the virtual NIC to the office (Figure 11-3). That "virtual cable" is called a VPN tunnel.


Conjuntos de estudio relacionados

Chapter 26 Children & Adolescents

View Set

KNPE 325 Exam 3 Wrist, Hand, and fingers

View Set

Health assessment exam 3 Fall 2023

View Set

Organizational Behavior: Chapter 5

View Set