The virtual private network old many VPN protocols, PacketiX VPN provides a full layer 2 (Ethernet) take-off for VPN data transfer. In other words, with old layer 3 VPN solutions, encapsulated IP packets flowed through the tunnel, but with PacketiX VPN, these are Ethernet packets in place of.
Since VPN came to wider use around 1998, variouse VPN protocols have started to become popular, among them:
* PPTP (GRE)
* L2TP / IPSec
* vtun
* OpenVPN
* Port transmission by SSH
Although, older version of VPN solutions have limitations as Mentioned under, which makes them Tough to use under various Situation.
Difficulties to pass network gateway devices:
Internet we can use from company LANs and small localy at home networks is normaly managed by a gateway device, be it a small hardware router or a Linux server, which serves as firewall, proxy server and router with IP masquerading (NAT). While such a gateway provides necessary functions for the management and security of the network, it can be a barrier for older VPN solutions.
Since old VPN protocols do not ship received Protocol packets, they are ofttimes obstructed by firewalls and routers which don't know how to hold specific protocols equivalent GRE or IPSec. If the IP is not decent masqueraded by the router, VPN computer and computer are unable to ground a unification. Thusly, experienced VPNs compel either bespoken devices, or primary firewall and router settings, which affirm time to set up, may not be feasible in every design and effort lessen mesh guarantee. If the router cannot palm the specific rule hired by the VPN or the VPN rule cannot grip masqueraded IPs, a global IP is required for both consumer and server.
In all types satuation, PacketiX VPN is able to instaled a connection out of the box and without any reconfigurations, special hardware or global IPs. This saves money and reduces administration effort.
Network protocols other than TCP/IP can't be transferred:
Acording to rule and regulation VPN protocols can only Simulation a network up to OSI layer 3, the network layer (IP), unlike PacketiX VPN, which takes the technology one step further by emulating Layer 2, the data link layer (Ethernet).
Although, previously a dedicated line was necessary to transfer legacy network protocols such as IPX/SPX and NetBEUI, which are still required by some devices, over a VPN. PacketiX VPN makes it possible to transfer them over the Internet with a software VPN solution.
Tuesday, June 30, 2009
Monday, June 29, 2009
Advantages of an extranet-based VPN
The Intranet virtual private network provide secure internal users access to branch office networks;and also extra net vertual private network provide secure another user they access to selected shared resources. For example, extranet virtual private network can be used to share parts inventory and purchase orders with suppliers. They can be used to supply product information and pricing to customers. They can be used to make collaborative project files accessible to business partners, consultants, and others with a need to know.
Without an extranet, our company might have doubt to run susceptive internal and partner databases on the same server. With an extranet, we can Apply Fine access permissions to share partner data without fear internal data on the same server.
Without an extranet, our company may be install a private access link to support a colleague project. With an extranet, we can use existing network resources and the Internet to share project data, although hampering eavesdropping or updation in transit.
If we Without an extranet, our company may be wait days or weeks for parts to be ordered and shipped. With an extranet, our suppliers can remotely monitor Schedule levels and automatically ship replacement parts when already define minimums are reached.
These are just a few of the many ways in which company can benefit from an extranet VPN. In general, the big the company, the more complex the company's business processes and relationships with other office, creating more happening to heave an extranet VPN's shared infrastructure.
Source: http://searchenterprisewan.techtarget.com/tip/0,289483,sid200_gci1349295,00.html
Without an extranet, our company might have doubt to run susceptive internal and partner databases on the same server. With an extranet, we can Apply Fine access permissions to share partner data without fear internal data on the same server.
Without an extranet, our company may be install a private access link to support a colleague project. With an extranet, we can use existing network resources and the Internet to share project data, although hampering eavesdropping or updation in transit.
If we Without an extranet, our company may be wait days or weeks for parts to be ordered and shipped. With an extranet, our suppliers can remotely monitor Schedule levels and automatically ship replacement parts when already define minimums are reached.
These are just a few of the many ways in which company can benefit from an extranet VPN. In general, the big the company, the more complex the company's business processes and relationships with other office, creating more happening to heave an extranet VPN's shared infrastructure.
Source: http://searchenterprisewan.techtarget.com/tip/0,289483,sid200_gci1349295,00.html
Friday, June 26, 2009
VPN server Authentication
The Vertual private network server we can be configured to use either Windows or (RADIUS) as an authentication provider. If Windows is selected as the authentication provider, the user credentials sent by users trying VPN connections are authenticated using typical Windows authenticity instrument, and the connection try is authorized using the VPN client’s user account properties and local remote access policies.
If Remote Authentication Dial-In User Service is selected and configuration the Reality provider on the VPN server, user credentials and parameters of the connection request are sent as Remote Authentication Dial-In User Service request messages to a Remote Authentication Dial-In User Service server.
The Remote Authentication Dial-In User Service server accept a user-connection request from the VPN server and authenticates and authorizes the connection attempt. In addition to a yes or no response to an authentication request, Remote Authentication Dial-In User Service can report the VPN server of other applicable connection criteria for this user although maximum session time, static IP address assignment etc.
The Virtual private network server we can be configured to use any one Windows or Remote Authentication Dial-In User Service as an administrator. If Windows is selected as the administrator, the administrator information deposit on the VPN server for later analysis. Logging options can be specified from the properties of the Local File or SQL Server objects in the Remote Access Logging folder in the Routing and Remote Access snap-in. If RADIUS is selected, RADIUS accounting messages are sent to the RADIUS server for accumulation and later analysis.
Mainly RADIUS server's we can be configured to place authentication request records into an modify file. lot of third parties have written billing and audit packages that read RADIUS accounting records and built various useful reports.
The Virtual private network server we can be managed using industry-standard network management protocols. The computer work as the VPN server can go in a Simple Network Management Protocol society as an agent if the Windows Server 2003 SNMP service is installed. The VPN server records management information in many object identify oneself with of the Internet Management Information Base II, which is installed with the Windows Server 2003 SNMP service.
Authentication Protocols:
PAP
Password Authentication Protocol is a clear-text authentication scheme. PAP provides no protection against replay attacks or remote client impersonation once the user's password is compromised.
SPAP
The Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva Corporation. Currently, this form of authentication is more secure than plain text .
CHAP
Challenge Handshake Authentication Protocol (CHAP) is an encrypted authentication mechanism that prevents transmission of the actual password on the connection. The remote client must use the MD5 one-way hashing algorithm to return the user name and a hash of the challenge, session ID, and the client’s password. The user name is sent as plain text.
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an encrypted authentication mechanism very similar to CHAP. MS-CHAP also provides additional error codes, including a password-expired code, and additional encrypted client-server messages that permit users to change their passwords during the authentication process. In MS-CHAP, both the client and the NAS independently generate a common initial encryption key for subsequent data encryption by MPPE.
MS-CHAP v2
MS-CHAP version 2 (MS-CHAP v2) is an updated encrypted authentication mechanism that provides stronger security for the exchange of user name and password credentials and determination of encryption keys. With MS-CHAP v2, the NAS sends a challenge to the client that consists of a session identifier and an arbitrary challenge string. The NAS checks the response from the client and sends back a response containing an indication of the success or failure of the connection attempt and an authenticated response based on the sent challenge string, the peer challenge string, the encrypted response of the client, and the user's password. The remote access client verifies the authentication response and, if correct, uses the connection. If the authentication response is not correct, the remote access client terminates the connection.
Source: http://technet.microsoft.com/en-us/library/cc779919(WS.10).aspx#w2k3tr_vpn_how_xokw
If Remote Authentication Dial-In User Service is selected and configuration the Reality provider on the VPN server, user credentials and parameters of the connection request are sent as Remote Authentication Dial-In User Service request messages to a Remote Authentication Dial-In User Service server.
The Remote Authentication Dial-In User Service server accept a user-connection request from the VPN server and authenticates and authorizes the connection attempt. In addition to a yes or no response to an authentication request, Remote Authentication Dial-In User Service can report the VPN server of other applicable connection criteria for this user although maximum session time, static IP address assignment etc.
The Virtual private network server we can be configured to use any one Windows or Remote Authentication Dial-In User Service as an administrator. If Windows is selected as the administrator, the administrator information deposit on the VPN server for later analysis. Logging options can be specified from the properties of the Local File or SQL Server objects in the Remote Access Logging folder in the Routing and Remote Access snap-in. If RADIUS is selected, RADIUS accounting messages are sent to the RADIUS server for accumulation and later analysis.
Mainly RADIUS server's we can be configured to place authentication request records into an modify file. lot of third parties have written billing and audit packages that read RADIUS accounting records and built various useful reports.
The Virtual private network server we can be managed using industry-standard network management protocols. The computer work as the VPN server can go in a Simple Network Management Protocol society as an agent if the Windows Server 2003 SNMP service is installed. The VPN server records management information in many object identify oneself with of the Internet Management Information Base II, which is installed with the Windows Server 2003 SNMP service.
Authentication Protocols:
PAP
Password Authentication Protocol is a clear-text authentication scheme. PAP provides no protection against replay attacks or remote client impersonation once the user's password is compromised.
SPAP
The Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva Corporation. Currently, this form of authentication is more secure than plain text .
CHAP
Challenge Handshake Authentication Protocol (CHAP) is an encrypted authentication mechanism that prevents transmission of the actual password on the connection. The remote client must use the MD5 one-way hashing algorithm to return the user name and a hash of the challenge, session ID, and the client’s password. The user name is sent as plain text.
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an encrypted authentication mechanism very similar to CHAP. MS-CHAP also provides additional error codes, including a password-expired code, and additional encrypted client-server messages that permit users to change their passwords during the authentication process. In MS-CHAP, both the client and the NAS independently generate a common initial encryption key for subsequent data encryption by MPPE.
MS-CHAP v2
MS-CHAP version 2 (MS-CHAP v2) is an updated encrypted authentication mechanism that provides stronger security for the exchange of user name and password credentials and determination of encryption keys. With MS-CHAP v2, the NAS sends a challenge to the client that consists of a session identifier and an arbitrary challenge string. The NAS checks the response from the client and sends back a response containing an indication of the success or failure of the connection attempt and an authenticated response based on the sent challenge string, the peer challenge string, the encrypted response of the client, and the user's password. The remote access client verifies the authentication response and, if correct, uses the connection. If the authentication response is not correct, the remote access client terminates the connection.
Source: http://technet.microsoft.com/en-us/library/cc779919(WS.10).aspx#w2k3tr_vpn_how_xokw
Thursday, June 25, 2009
How Virtual Private Networks Work
The world has been changed a lot in the last lot of old year's. in place of simply proceeding with local or localy thinking, various businesses now have to think about Universal markets and logistics. and lot of companies have facilities broadness out across the country or around the world level, and there is one thing that all of them need. A path to maintain quickly, secure and reliable communications wherever their offices are.
Until and unless a great deal recently, this has purpose the use of leased lines to maintain a wide area network . Leased lines, with from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand its private network Out of its quickly geographic area. A WAN had declared benefits over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases.
As the highlight of the Internet in public, businesses turned to it as a means of extending their self networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their self virtual private network to adapt the needs of remote employees and long distance offices.
The vpn's Mostly, a VPN is a private network that mostly uses a public network mostly on the internet to connect remote sites or users together. in place of using a Loyal, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or user's. In this article, we will gain a fundamental understanding of VPNs, and learn about basic VPN components, technologies, tunneling and security.
Source: http://computer.howstuffworks.com/vpn.htm
Until and unless a great deal recently, this has purpose the use of leased lines to maintain a wide area network . Leased lines, with from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand its private network Out of its quickly geographic area. A WAN had declared benefits over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases.
As the highlight of the Internet in public, businesses turned to it as a means of extending their self networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their self virtual private network to adapt the needs of remote employees and long distance offices.
The vpn's Mostly, a VPN is a private network that mostly uses a public network mostly on the internet to connect remote sites or users together. in place of using a Loyal, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or user's. In this article, we will gain a fundamental understanding of VPNs, and learn about basic VPN components, technologies, tunneling and security.
Source: http://computer.howstuffworks.com/vpn.htm
Wednesday, June 24, 2009
What Are the Key VPN Security Technologies
Virtual private networks are mostly think to have very high security for data communications. secure VPN provide both network authentication and encryption. Secure VPN are most commonly implemented using IPsec or SSL. because ipsec is provide very high power full security. ipsec encrypt data in algorithm . when user communicate source to destination.
IPsec has been the traditional choice for implementing VPN security on corporate networks. because unauthorized person can't enter if we are configured ipsec service. Enterprise-class network appliances from companies like Cisco and Juniper implement the essential VPN server functions in hardware. Corresponding VPN client software is then used to log on to the network. IPsec operates at the Network layer.
Virtual private networks SSL are an Optional to IPsec that reliable on a Web browser in place of tradition of VPN clients to log on to the private network. By utilizing the SSL network protocols built into standard Web browsers and Web servers, SSL VPNs are idea to be cheaper to set up and maintain than IPsec VPNs. Furthermore, SSL operates at a higher level than IPsec, giving administrators more options to control access to network resources. However, configuring SSL VPNs to interface with resources not normally accessed from a Web browser can be difficult.
Some organizations use an IPsec and some time ssl VPN to protect a Wi-Fi local area network. In reality, Wi-Fi security protocols like WPA2 and WPA-AES are As according to the line to support the necessary authentication and encryption without the need for any VPN support.
Source: http://compnetworking.about.com/od/vpn/f/vpn-security.htm
IPsec has been the traditional choice for implementing VPN security on corporate networks. because unauthorized person can't enter if we are configured ipsec service. Enterprise-class network appliances from companies like Cisco and Juniper implement the essential VPN server functions in hardware. Corresponding VPN client software is then used to log on to the network. IPsec operates at the Network layer.
Virtual private networks SSL are an Optional to IPsec that reliable on a Web browser in place of tradition of VPN clients to log on to the private network. By utilizing the SSL network protocols built into standard Web browsers and Web servers, SSL VPNs are idea to be cheaper to set up and maintain than IPsec VPNs. Furthermore, SSL operates at a higher level than IPsec, giving administrators more options to control access to network resources. However, configuring SSL VPNs to interface with resources not normally accessed from a Web browser can be difficult.
Some organizations use an IPsec and some time ssl VPN to protect a Wi-Fi local area network. In reality, Wi-Fi security protocols like WPA2 and WPA-AES are As according to the line to support the necessary authentication and encryption without the need for any VPN support.
Source: http://compnetworking.about.com/od/vpn/f/vpn-security.htm
Tuesday, June 23, 2009
VPN Authentication Secure Remote Access with eToken
Virtual Private Networks have been changed the path people do business. Employees and business partners can now access secret business resources through the internet any time, any where. because when we connect our network another location through vpn that time some protocol and services work. encrypt our data in another code. hacker can't connect our network and read our data.
But how can organizations be confirm that the users gaining access are real who they claim to be. VPNs identify and confirm privacy by providing a private tunnel through the Internet for remote access to the network. For full security, our VPN must be improved with a reliable user authentication mechanism, securing the end points of the VPN.
Virtual Private Networks User name and password authentication it is not only enough this method is slight and highly highly-strung to hacking, cracking, key loggers, and other attacks. It only takes one compromised password for our organization to lose control over who gains network access. Strong user authentication with a VPN provides true secure remote access for today's world.
1. Strong user VPN authentication using varied methods, including certificates and one-time passwords
2. Secure access from any platform, including unparalleled support for certificate-based access on Windows, Linux, and Mac OS platforms
3. Rapid and easy deployment with Aladdin's Token Management System (TMS): a single system managing the entire solution.
The e Token VPN authentication solution provide us the mind free that users gaining access to the network are authorized to do so.
eToken operates seamlessly with all leading VPN products
Source: http://www.aladdin.com/etoken/solutions/secure-vpn-access.aspx
But how can organizations be confirm that the users gaining access are real who they claim to be. VPNs identify and confirm privacy by providing a private tunnel through the Internet for remote access to the network. For full security, our VPN must be improved with a reliable user authentication mechanism, securing the end points of the VPN.
Virtual Private Networks User name and password authentication it is not only enough this method is slight and highly highly-strung to hacking, cracking, key loggers, and other attacks. It only takes one compromised password for our organization to lose control over who gains network access. Strong user authentication with a VPN provides true secure remote access for today's world.
1. Strong user VPN authentication using varied methods, including certificates and one-time passwords
2. Secure access from any platform, including unparalleled support for certificate-based access on Windows, Linux, and Mac OS platforms
3. Rapid and easy deployment with Aladdin's Token Management System (TMS): a single system managing the entire solution.
The e Token VPN authentication solution provide us the mind free that users gaining access to the network are authorized to do so.
eToken operates seamlessly with all leading VPN products
Source: http://www.aladdin.com/etoken/solutions/secure-vpn-access.aspx
Monday, June 22, 2009
VPN performance is an increasingly important issue
Nowaday's Vertul private network security and diffrence, with performance a lower prevalence and rightly so. Vertul private network is mostly set up with security as one of the primary target, and in many cases, VPNs to be able to interoperate between different vendors, so diffrence is also a key factor. although, performance is becoming more important as VPNs become more prevalent corporate networks.
If our VPN seems slow, or we just want to know how skilful it really is, we have a number of options for improving its performance. Let's look at some of the steps involve.
Mostly generaly, there are two types of VPNs remote client VPNs and site-to-site VPNs. A remote client is Mostly a single PC that uses VPN software to connect to the his domain network on demand, while a site-to-site VPN is Mostly use permanent connection between two sites using dedicated networking equipment. A remote client VPN typically supports telecommuters, while the site-to-site various usually connects office networks.
The Vertul private network built-in Remote Access Services. On the client side, we are running a Windows XP Professional workstation over a 1-Mbps DSL connection. This connection uses Point-to-Point Tunnelling Protocol (PPTP) to connect to the central server.
The Vertul private network While more mostly support than Layer 2 Tunnelling Protocol, PPTP is giving way to L2TP as the tunneling protocol of choice because of L2TP's allready increased security features. although, establishing an L2TP VPN is more complex than setting up a PPTP connection. PPTP-based VPNs may also operate some faster because there is less processing involved in encrypting and encapsulating the packets. Under PPTP, the point-to-point protocol (PPP) payload packet is encapsulated inside a generic routing encapsulation packet, which is then encapsulated inside an IP packet to which the data link header is attached. The packet is then sent across the tunnel.
The topology of our VPN can also have a important efect on its performance and can very widely between the remote devices. If we aresupporting a site-to-site VPN that connects two different remote offices, it's likely that both ends use straight-out equipment configured for a permanent VPN tunnel. If our VPN performance seems slow, we may need to increase the size of the tunnel by adding bandwidth at both ends. we might also be able to change configuration options to increase performance.
Source: http://news.zdnet.co.uk/hardware/0,1000000091,2132230,00.htm
If our VPN seems slow, or we just want to know how skilful it really is, we have a number of options for improving its performance. Let's look at some of the steps involve.
Mostly generaly, there are two types of VPNs remote client VPNs and site-to-site VPNs. A remote client is Mostly a single PC that uses VPN software to connect to the his domain network on demand, while a site-to-site VPN is Mostly use permanent connection between two sites using dedicated networking equipment. A remote client VPN typically supports telecommuters, while the site-to-site various usually connects office networks.
The Vertul private network built-in Remote Access Services. On the client side, we are running a Windows XP Professional workstation over a 1-Mbps DSL connection. This connection uses Point-to-Point Tunnelling Protocol (PPTP) to connect to the central server.
The Vertul private network While more mostly support than Layer 2 Tunnelling Protocol, PPTP is giving way to L2TP as the tunneling protocol of choice because of L2TP's allready increased security features. although, establishing an L2TP VPN is more complex than setting up a PPTP connection. PPTP-based VPNs may also operate some faster because there is less processing involved in encrypting and encapsulating the packets. Under PPTP, the point-to-point protocol (PPP) payload packet is encapsulated inside a generic routing encapsulation packet, which is then encapsulated inside an IP packet to which the data link header is attached. The packet is then sent across the tunnel.
The topology of our VPN can also have a important efect on its performance and can very widely between the remote devices. If we aresupporting a site-to-site VPN that connects two different remote offices, it's likely that both ends use straight-out equipment configured for a permanent VPN tunnel. If our VPN performance seems slow, we may need to increase the size of the tunnel by adding bandwidth at both ends. we might also be able to change configuration options to increase performance.
Source: http://news.zdnet.co.uk/hardware/0,1000000091,2132230,00.htm
Friday, June 19, 2009
Which VPN should use for cloud connections
Now we are using the update technology have given businesses and client users a mostly of connection choices. A typical user might work from a laptop running Windows Vista while in the office or at home it doesn't matter. The office network might be accessed through a wall jack, with heavily monitored traffic.
we are use At home the user may be connect over a local wireless LAN with fast Internet from a Dsl connection. On the road the user probably connects via a combination of a smart phone, such as a Black Berry running the latest version of the Black Berry OS, and a super-lightweight net book running Linux; the network could be a Wi-Fi hotspot or a wireless broadband connection.
The Virtual private networks provide chance to make a secure network connection across a public network through the use of encryption because it is very important when user connect his network that time secure his connection and network Although, VPNs provide privacy and a level of trust. Before discussing the various trust issues associated with VPNs, it's necessary to note that the term itself has multiple implementations. VPN types include network-to-network, multiple service host-server, to single-service host-server. Each of these implementations can be used in a cloud computing environment, and each has security strengths and weaknesses.
The old Virtual private networks technology we can connect only the network-to-network VPN. This architecture has the greatest risk associated with it, due in part to the number of hosts involved. While this architecture would not likely be used in the client-to-cloud connection, it could be used within the cloud, especially with server farms or mashups.
The Virtual private networks the network-to-network VPN presents some good security challenges. The possibility was to hack via the encrypted tunnel without fear of detection is a strong incentive for any would-be hacker. This model gives an attacker the ability to use many services on many hosts in order to gain access and control of cloud computing data. The network-to-network VPN provides network transparency and management that enables inspection of the traffic after the point of decryption, but it does not protect the data payload end-to-end.
Source: http://searchsecurity.techtarget.com.au/articles/33071-Which-VPN-should-you-use-for-cloud-connections-
we are use At home the user may be connect over a local wireless LAN with fast Internet from a Dsl connection. On the road the user probably connects via a combination of a smart phone, such as a Black Berry running the latest version of the Black Berry OS, and a super-lightweight net book running Linux; the network could be a Wi-Fi hotspot or a wireless broadband connection.
The Virtual private networks provide chance to make a secure network connection across a public network through the use of encryption because it is very important when user connect his network that time secure his connection and network Although, VPNs provide privacy and a level of trust. Before discussing the various trust issues associated with VPNs, it's necessary to note that the term itself has multiple implementations. VPN types include network-to-network, multiple service host-server, to single-service host-server. Each of these implementations can be used in a cloud computing environment, and each has security strengths and weaknesses.
The old Virtual private networks technology we can connect only the network-to-network VPN. This architecture has the greatest risk associated with it, due in part to the number of hosts involved. While this architecture would not likely be used in the client-to-cloud connection, it could be used within the cloud, especially with server farms or mashups.
The Virtual private networks the network-to-network VPN presents some good security challenges. The possibility was to hack via the encrypted tunnel without fear of detection is a strong incentive for any would-be hacker. This model gives an attacker the ability to use many services on many hosts in order to gain access and control of cloud computing data. The network-to-network VPN provides network transparency and management that enables inspection of the traffic after the point of decryption, but it does not protect the data payload end-to-end.
Source: http://searchsecurity.techtarget.com.au/articles/33071-Which-VPN-should-you-use-for-cloud-connections-
Thursday, June 18, 2009
GRE Protocol 47 Packet Description and Use
The vpn Generic Route Encapsulation protocol is used in conjunction with Point-to-Point Tunneling Protocol, because it select best route.to create virtual private networks, when we create a connection between clients and servers. this is very important service when making a connection. One another implementation is to use Microsoft's VPN technology between two Routing and Remote Access Services servers that are configured for LAN-to-LAN routing.
we can understand the use of Generic Route Encapsulation in the creation and use of VPNs, it is helpful to understand the packet structure. After the PPTP control session has been established, GRE is used to encapsulate the data or payload in a secure manner. For additional information about PPTP The GRE packet format that Microsoft uses for encapsulating data has the fallow general process.
The vpn Generic Route Encapsulation protocol that is work through the tunnel is given a PPP header and then placed inside a Generic Route Encapsulation packet. Generic Route Encapsulation packet send the data between the two tunnel to destination points. After the GRE packet has arrived at the final destination from source to destination. it is discarded and the encapsulated packet is then transmitted to its final destination.
We are Using the diagram at the top of this section, an Internet Protocol (IP) packet from Lclient is first transmitted to the L-RRAS server.The IP packet is encrypted, given an additional PPP header, and then placed inside a GRE packet. The diagram below says "PPP stub" and not "PPP header" because the PPP header is also encrypted along with the data.
The Generic Route Encapsulation protocol is configured to know that a PPP header is already here. The GRE packet with the encapsulated and encrypted data is sent. these time when user data send or recive, across the Internet with a final destination of "R-RRAS server." The R-RRAS server strips off the GRE header and PPP header, and then transmits the decrypted data (IP packet) to Rclient.
Source: http://support.microsoft.com/kb/241251/
we can understand the use of Generic Route Encapsulation in the creation and use of VPNs, it is helpful to understand the packet structure. After the PPTP control session has been established, GRE is used to encapsulate the data or payload in a secure manner. For additional information about PPTP The GRE packet format that Microsoft uses for encapsulating data has the fallow general process.
The vpn Generic Route Encapsulation protocol that is work through the tunnel is given a PPP header and then placed inside a Generic Route Encapsulation packet. Generic Route Encapsulation packet send the data between the two tunnel to destination points. After the GRE packet has arrived at the final destination from source to destination. it is discarded and the encapsulated packet is then transmitted to its final destination.
We are Using the diagram at the top of this section, an Internet Protocol (IP) packet from Lclient is first transmitted to the L-RRAS server.The IP packet is encrypted, given an additional PPP header, and then placed inside a GRE packet. The diagram below says "PPP stub" and not "PPP header" because the PPP header is also encrypted along with the data.
The Generic Route Encapsulation protocol is configured to know that a PPP header is already here. The GRE packet with the encapsulated and encrypted data is sent. these time when user data send or recive, across the Internet with a final destination of "R-RRAS server." The R-RRAS server strips off the GRE header and PPP header, and then transmits the decrypted data (IP packet) to Rclient.
Source: http://support.microsoft.com/kb/241251/
Wednesday, June 17, 2009
How to increase Security on Windows VPN Server
The microsoft Windows 2000 vpn server that is we can configure by the Routing and Remote Access Services feature is install with a default set of Input and Output filters. These services support Point-to-Point Tunneling Protocol , Layer 2 Tunneling Protocol , and IP Security Protocol connectivity. The filters are generic and can be modified to tighten security on a VPN server. This topic we describes modifications that we can make to these filters to increase security. All filter configurations mentioned in this topic should be tested prior to being deployed in a production environment.
The RRAS feature install creates a set of default Input and Output Filters on the external adapter on the VPN server. these are make high security. To display and edit these filters:
1. Start the Routing and Remote Access snap-in in Microsoft Management Console (MMC).
2. Expand the IP Routing node in the left pane.
3. Click General in the left pane.
4. Right-click the external adapter listed in the right pane, and then click Properties.
5. You can view and edit the Inbound and Outbound filters on the General tab.
These are the default filters that are configured.
More security can be provide these services. by editing each of these services and further restricting the flow of PPTP and/or L2TP/IPSec packets. we must edit the Input and Output filters. The result is that inbond PPTP, L2TP/IPSec traffic will be restricted to the IP address of the external adapter and only PPTP, L2TP/IPSec traffic will be allowed to pass out through the external adapter from the internal network or the VPN server it self.
Input and Output filters services are edit personaly by selecting the filter and then clicking Edit button. The Edit IP Filter dialog box allows we can modify each filter setting. example: like that the external adapter has an IP address of 192.0.0.40 with a subnet mask of 255.255.255.0. After modifying the Input filters.
The default filter service settings that installe by using the RRAS Setup. which was allow for VPN connections only. The information in this topic is provide for those who want increased security.
Source: http://support.microsoft.com/kb/255784/
The RRAS feature install creates a set of default Input and Output Filters on the external adapter on the VPN server. these are make high security. To display and edit these filters:
1. Start the Routing and Remote Access snap-in in Microsoft Management Console (MMC).
2. Expand the IP Routing node in the left pane.
3. Click General in the left pane.
4. Right-click the external adapter listed in the right pane, and then click Properties.
5. You can view and edit the Inbound and Outbound filters on the General tab.
These are the default filters that are configured.
More security can be provide these services. by editing each of these services and further restricting the flow of PPTP and/or L2TP/IPSec packets. we must edit the Input and Output filters. The result is that inbond PPTP, L2TP/IPSec traffic will be restricted to the IP address of the external adapter and only PPTP, L2TP/IPSec traffic will be allowed to pass out through the external adapter from the internal network or the VPN server it self.
Input and Output filters services are edit personaly by selecting the filter and then clicking Edit button. The Edit IP Filter dialog box allows we can modify each filter setting. example: like that the external adapter has an IP address of 192.0.0.40 with a subnet mask of 255.255.255.0. After modifying the Input filters.
The default filter service settings that installe by using the RRAS Setup. which was allow for VPN connections only. The information in this topic is provide for those who want increased security.
Source: http://support.microsoft.com/kb/255784/
Friday, June 12, 2009
virtual private networks tunneling
The Virtual private network it work on the base of tunneling protocol . Virtual private network tunneling establishing and maintaining his network connection, when user go out of office then he connect his localy network . On the connection, packets constructed in a specific VPN protocol format are encapsulated within some protocols, then transmitted between Virtual private network client and server.
The Virtual private networks, VPN protocols also support authentication and encryption to keep the tunnels secure. when connect his clients on his domain that time his network secure, VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used. In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider. Then, the VPN client application creates the tunnel to a VPN server over this live connection.
The some computer network protocols have been implemented We are use with VPN tunnels protocols. There are some most popular VPN tunneling protocols PPTP, L2TP, IPsec. These protocols are generally incompatible with each other. Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
The The Virtual private networks original competitor to PPTP for VPN tunneling was L2F, a protocol implemented. with the cisco because cisco is very efective technology. In an attempt to improve on L2F, the best features of it and PPTP were combined to create new standard called L2TP. Like PPTP, L2TP exists at the data link layer. because it is transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment.
Thus the origin of its name. IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer. because The Network Layer is responsible for end-to-end (source to destination) packet delivery including routing through intermediate hosts, whereas the Data Link Layer is responsible for node-to-node (hop-to-hop) frame delivery on the same link.
Source: http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm
The Virtual private networks, VPN protocols also support authentication and encryption to keep the tunnels secure. when connect his clients on his domain that time his network secure, VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used. In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider. Then, the VPN client application creates the tunnel to a VPN server over this live connection.
The some computer network protocols have been implemented We are use with VPN tunnels protocols. There are some most popular VPN tunneling protocols PPTP, L2TP, IPsec. These protocols are generally incompatible with each other. Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
The The Virtual private networks original competitor to PPTP for VPN tunneling was L2F, a protocol implemented. with the cisco because cisco is very efective technology. In an attempt to improve on L2F, the best features of it and PPTP were combined to create new standard called L2TP. Like PPTP, L2TP exists at the data link layer. because it is transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment.
Thus the origin of its name. IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer. because The Network Layer is responsible for end-to-end (source to destination) packet delivery including routing through intermediate hosts, whereas the Data Link Layer is responsible for node-to-node (hop-to-hop) frame delivery on the same link.
Source: http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm
Thursday, June 11, 2009
How to create a new VPN connection
We are discribing step-by-step article describes how to configure a virtual private network connection to our corporate network in Microsoft Windows XP Professional. A virtual private network connection is a connection that uses both private and public networks to create a network connection. This is easiy way, if you people want see these steps.
Both Are Point-to-Point Tunneling protocol or Layer Two Tunneling Protocol, These are services automatically installed on your Windows XP-based computer. Because this services inbuild with windows xp. These services help provide security when you access resources on a network by connecting to a remote access server through the Internet. This types of connection is we called as a virtual private network connection.
1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.2. Click Create a new connection, and then click Next. 3. Click Connect to the network at my workplace, and then click Next.4. Click Virtual Private Network connection, and then click Next. 5. Type a descriptive name for your company, and then click Next.6. Click Do not dial the initial connection, and then click Next.7. Type the host name or IP address of the computer where you are connecting, and then click Next.8. Use one of the following methods: Click Anyone's use if you want to share the connection with all users. Click My use only if you do not want to share the connection. 9. Click Next, and then click Finish.
Note: This method works when you are connected to the Internet only.
How to modify an existing dial-up connection:
You may have to modify some of the parameters in your dial-up connection to successfully connect to the Internet. To make these modifications, follow these are some steps:
To open an existing connection, click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.Click the connection, and then click Change settings of this connection.On the General tab, you can change the server name or IP address.On the Networking tab, you can change the type of secure protocol.On the Advanced tab, you can enable Internet Connection Firewall protection to prevent access to your computer from the Internet.
To do this, select the Protect my computer and network by limiting and preventing access to this computer from the Internet check box.
Note: When you enable Internet Connection Firewall protection to prevent access to your computer from the Internet, you may also create problems with the connection to your server. After you enable Internet Connection Firewall protection, verify that the connection to your server is still working.
A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. If the connection to your server is working and you decide to disable your firewall, you must disconnect your computer from all networks including the Internet.
Source: http://support.microsoft.com/kb/305550/EN-US/
Both Are Point-to-Point Tunneling protocol or Layer Two Tunneling Protocol, These are services automatically installed on your Windows XP-based computer. Because this services inbuild with windows xp. These services help provide security when you access resources on a network by connecting to a remote access server through the Internet. This types of connection is we called as a virtual private network connection.
1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.2. Click Create a new connection, and then click Next. 3. Click Connect to the network at my workplace, and then click Next.4. Click Virtual Private Network connection, and then click Next. 5. Type a descriptive name for your company, and then click Next.6. Click Do not dial the initial connection, and then click Next.7. Type the host name or IP address of the computer where you are connecting, and then click Next.8. Use one of the following methods: Click Anyone's use if you want to share the connection with all users. Click My use only if you do not want to share the connection. 9. Click Next, and then click Finish.
Note: This method works when you are connected to the Internet only.
How to modify an existing dial-up connection:
You may have to modify some of the parameters in your dial-up connection to successfully connect to the Internet. To make these modifications, follow these are some steps:
To open an existing connection, click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.Click the connection, and then click Change settings of this connection.On the General tab, you can change the server name or IP address.On the Networking tab, you can change the type of secure protocol.On the Advanced tab, you can enable Internet Connection Firewall protection to prevent access to your computer from the Internet.
To do this, select the Protect my computer and network by limiting and preventing access to this computer from the Internet check box.
Note: When you enable Internet Connection Firewall protection to prevent access to your computer from the Internet, you may also create problems with the connection to your server. After you enable Internet Connection Firewall protection, verify that the connection to your server is still working.
A firewall is designed to help protect your computer from attack by malicious users or by malicious software such as viruses that use unsolicited incoming network traffic to attack your computer. If the connection to your server is working and you decide to disable your firewall, you must disconnect your computer from all networks including the Internet.
Source: http://support.microsoft.com/kb/305550/EN-US/
Wednesday, June 10, 2009
Configuring ISA Virtual Private Networks
The Virtual Private Networks provide secure and advanced connections through a non-secure network by providing data privacy. Because when we configure vpn that time some extra services and protocals activate that services make my connection secure. Private data is secure in a public environment. Remote access Virtual private networks provides a common environment where many different sources such as intermediaries, clients and off-site employees can access information via web browsers or email. Many companies supply their own Virtual Private Networks connections via the Internet. Because some employ go out of country and that time he need connect his local network.
The typical components needed to create VPN connections are listed Here: VPN services need to be enabled on the server. VPN client software has to be installed on the VPN client. A VPN client utilizes the Internet, tunneling and TCP/IP protocols to establish a connection to the network The server and client have to be on the same network. A Public Key Infrastructure (PKI) The server and client have to use the same: Tunneling protocols Authentication methods Encryption methods.
we can configure ISA Server as a Virtual Private Networks endpoint. Here, ISA Server has to be installed in Integrated mode.Now we have to define a network connection on the ISA Server computer that provides connectivity to the Internet Service Provider I have define already step by step. The ISA Server computer must have a network adapter connected to the internal network as well. because with out network adaptor we can't do anything.
When we configure ISA Server as a Virtual Private Network endpoint that allows client connections, we have to perform a number of steps:Use the ISA Server VPN Configuration Wizards to create, configure, and secure the VPN connection. Verify the configuration settings created by the ISA Server VPN Configuration Wizard. Configure any additional settings and reconfigure existing settings. Test the VPN connection.
we can configure ISA Server as a Virtual Private Networks endpoint. Now, ISA Server has to be installed in Integrated mode. we have to define a network connection on the ISA Server computer that provides connectivity to the Internet Service Provider . The ISA Server computer must have a network adapter connected to the internal network as well. because with out network adaptor we can't do anything.
Source: http://www.tech-faq.com/configuring-isa-virtual-private-networks.shtml
The typical components needed to create VPN connections are listed Here: VPN services need to be enabled on the server. VPN client software has to be installed on the VPN client. A VPN client utilizes the Internet, tunneling and TCP/IP protocols to establish a connection to the network The server and client have to be on the same network. A Public Key Infrastructure (PKI) The server and client have to use the same: Tunneling protocols Authentication methods Encryption methods.
we can configure ISA Server as a Virtual Private Networks endpoint. Here, ISA Server has to be installed in Integrated mode.Now we have to define a network connection on the ISA Server computer that provides connectivity to the Internet Service Provider I have define already step by step. The ISA Server computer must have a network adapter connected to the internal network as well. because with out network adaptor we can't do anything.
When we configure ISA Server as a Virtual Private Network endpoint that allows client connections, we have to perform a number of steps:Use the ISA Server VPN Configuration Wizards to create, configure, and secure the VPN connection. Verify the configuration settings created by the ISA Server VPN Configuration Wizard. Configure any additional settings and reconfigure existing settings. Test the VPN connection.
we can configure ISA Server as a Virtual Private Networks endpoint. Now, ISA Server has to be installed in Integrated mode. we have to define a network connection on the ISA Server computer that provides connectivity to the Internet Service Provider . The ISA Server computer must have a network adapter connected to the internal network as well. because with out network adaptor we can't do anything.
Source: http://www.tech-faq.com/configuring-isa-virtual-private-networks.shtml
Tuesday, June 9, 2009
Data encryption between VPN server and client
Data encryption
we should use data encryption to provide data confidentiality for the data that is sent the data between the VPN client and the VPN server across a shared or public network, where there is most of chance to risk of unauthorized people hack our network may be we face lot of problem.
we can configure the VPN server to force encrypted communications and then another person can't enter in our network. All Users who connect to his server must encrypt their data or a connection is not allowed enter any pertion his network without admin permition. For VPN connections, the Windows Server 2003 family uses Microsoft Point-to-Point Encryption with the Point-to-Point Tunneling Protocol and Internet Protocol security encryption with the Layer Two Tunneling Protocol.
Because data encryption is performed between the VPN client and VPN server, data encryption is not necessary on the communication link between a dial-up client and its Internet service provider but encription necessary only clients and server. For example, a mobile user uses a dial-up connection to dial in to a local ISP. Once the Internet connection is made, the user creates a VPN connection with the corporate VPN server. If the VPN connection is encrypted, encryption is not needed on the dial-up connection between the user and the ISP.
Data encryption for Point-to-Point Protocol or PPTP connections is available only if we use MS-CHAP, MS-CHAP v2, or EAP-TLS as the user-level authentication method.this is depend opon administrator which type of cncryption use his vpn connection. Data encryption for L2TP connections relies on IPSec computer-level authentication, which does because it is very high level provide security. not require any specific user-level authentication method.
VPN data encryption never provide end-to-end data encryption. clients and server data encryption between the client application and the server hosting the resource or service that is accessed by the client application. To get end-to-end data encryption, we can use IPSec to create a secure connection after the VPN connection compleeted.
Source: http://technet.microsoft.com/en-us/library/cc778013.aspx
we should use data encryption to provide data confidentiality for the data that is sent the data between the VPN client and the VPN server across a shared or public network, where there is most of chance to risk of unauthorized people hack our network may be we face lot of problem.
we can configure the VPN server to force encrypted communications and then another person can't enter in our network. All Users who connect to his server must encrypt their data or a connection is not allowed enter any pertion his network without admin permition. For VPN connections, the Windows Server 2003 family uses Microsoft Point-to-Point Encryption with the Point-to-Point Tunneling Protocol and Internet Protocol security encryption with the Layer Two Tunneling Protocol.
Because data encryption is performed between the VPN client and VPN server, data encryption is not necessary on the communication link between a dial-up client and its Internet service provider but encription necessary only clients and server. For example, a mobile user uses a dial-up connection to dial in to a local ISP. Once the Internet connection is made, the user creates a VPN connection with the corporate VPN server. If the VPN connection is encrypted, encryption is not needed on the dial-up connection between the user and the ISP.
Data encryption for Point-to-Point Protocol or PPTP connections is available only if we use MS-CHAP, MS-CHAP v2, or EAP-TLS as the user-level authentication method.this is depend opon administrator which type of cncryption use his vpn connection. Data encryption for L2TP connections relies on IPSec computer-level authentication, which does because it is very high level provide security. not require any specific user-level authentication method.
VPN data encryption never provide end-to-end data encryption. clients and server data encryption between the client application and the server hosting the resource or service that is accessed by the client application. To get end-to-end data encryption, we can use IPSec to create a secure connection after the VPN connection compleeted.
Source: http://technet.microsoft.com/en-us/library/cc778013.aspx
Friday, June 5, 2009
Vpn services
vpn services is very important and also admin responsibility secure his network. computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks as opposed to running across a single private network. The Link Layer protocols of the virtual network are said to be tunneled through the transport network. but a VPN does not need to have explicit security features such as authentication or content encryption. when we use vpn services that time some service work wich was secure our data because when we send or recive data that time in encripted form hacker can't read easily our data.
Routing:
Tunneling protocols can be used in a point-to-point topology that would generally not be considered a VPN, because a VPN is expected to support arbitrary and changing sets of network nodes. Since most router implementations support software-defined tunnel interface, customer-provisioned VPNs often comprise simply a set of tunnels over which conventional routing protocols run. PPVPNs, however, need to support the coexistence of multiple VPNs, hidden from one another, but operated by the same service provider.
Building blocks:
Depending on whether the PPVPN runs in layer 2 or layer 3, the building blocks described below may be L2 only, L3 only, or combinations of the two. Multiprotocol Label Switching (MPLS) functionality blurs the L2-L3 identity..
Layer 1 services:
Virtual private wire and private line services In both of these services, the provider does not offer a full routed or bridged network, but components from which the customer can build customer-administered networks. VPWS are point-to-point while VPLS can be point-to-multipoint. They can be Layer 1 emulated circuits with no data link structure. An unfortunate acronym confusion can occur between Virtual Private Line Service and Virtual Private LAN Service; the context should make it clear whether "VPLS" means the layer 1 virtual private line or the layer 2 virtual private LAN.
Layer 2 services:
Layer 2 that allows for the coexistence of multiple LAN broadcast domains, interconnected via trunks using the IEEE 802.1Q trunking protocol.because it is secure compare to another. Other trunking protocols have been used but have become obsolete, including Inter-Switch Link .
Virtual private LAN service
VLANs allow multiple tagged LANs to share common trunking. The former is a layer 1 technology that supports emulation of both point-to-point and point-to-multi point topologies. The method discussed here extends Layer 2 technologies such as 802.1d and 802.1q LAN trunking to run over transports.
A VPLS is a Layer 2 PPVPN, rather than a private line, emulating the full functionality of a traditional local area network. From a user standpoint, a VPLS makes it possible to interconnect several LAN segments over a packet-switched, or optical, provider core. making the remote LAN segments behave as one single LAN. user could be access.
Source: http://en.wikipedia.org/wiki/Virtual_private_network#Virtual_private_LAN_service_.28VPLS.29
Routing:
Tunneling protocols can be used in a point-to-point topology that would generally not be considered a VPN, because a VPN is expected to support arbitrary and changing sets of network nodes. Since most router implementations support software-defined tunnel interface, customer-provisioned VPNs often comprise simply a set of tunnels over which conventional routing protocols run. PPVPNs, however, need to support the coexistence of multiple VPNs, hidden from one another, but operated by the same service provider.
Building blocks:
Depending on whether the PPVPN runs in layer 2 or layer 3, the building blocks described below may be L2 only, L3 only, or combinations of the two. Multiprotocol Label Switching (MPLS) functionality blurs the L2-L3 identity..
Layer 1 services:
Virtual private wire and private line services In both of these services, the provider does not offer a full routed or bridged network, but components from which the customer can build customer-administered networks. VPWS are point-to-point while VPLS can be point-to-multipoint. They can be Layer 1 emulated circuits with no data link structure. An unfortunate acronym confusion can occur between Virtual Private Line Service and Virtual Private LAN Service; the context should make it clear whether "VPLS" means the layer 1 virtual private line or the layer 2 virtual private LAN.
Layer 2 services:
Layer 2 that allows for the coexistence of multiple LAN broadcast domains, interconnected via trunks using the IEEE 802.1Q trunking protocol.because it is secure compare to another. Other trunking protocols have been used but have become obsolete, including Inter-Switch Link .
Virtual private LAN service
VLANs allow multiple tagged LANs to share common trunking. The former is a layer 1 technology that supports emulation of both point-to-point and point-to-multi point topologies. The method discussed here extends Layer 2 technologies such as 802.1d and 802.1q LAN trunking to run over transports.
A VPLS is a Layer 2 PPVPN, rather than a private line, emulating the full functionality of a traditional local area network. From a user standpoint, a VPLS makes it possible to interconnect several LAN segments over a packet-switched, or optical, provider core. making the remote LAN segments behave as one single LAN. user could be access.
Source: http://en.wikipedia.org/wiki/Virtual_private_network#Virtual_private_LAN_service_.28VPLS.29
Thursday, June 4, 2009
Setting up the Vista vpn server
How-To create as an example of one way to remotely access a home office network using a Point-to-Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) connection over the public internet using technologies built-in to the Vista operating system. Configurations are based on remote user access to this example local area network. Note the setup and configuration procedure should be run while logged on as a user with Administrator privileges. This procedure applies to the following versions of Vista: Home Basic, Home Premium, Business, Enterprise, Ultimate.
Logon the Vista PC as a user with Administrator privileges. The Vista VPN Server is configured by navigating to Start | Control Panel | Network and Internet | Network and Sharing Center and selecting Manage network connections. Select File | New Incoming Connection from the drop down menu. If the Menu bar is not visible press the key on the keyboard to toggle it on.
Select user's that will be allowed to login to the PPTP VPN server through the VPN connection. Click Next. In the example shown a special standard user account protected by a strong password that is only used for remote VPN access is selected. Click on Add someone... to add the special user account. Select the Through the Internet check box then click on Next. Select Internet Protocol Version 4 (TCP/IPv4) and then click on Properties.
If remote VPN users will be allowed to access the home local area network check the Allow callers to access my local area network checkbox. Configure the IP address assignment window using IP addresses in the same subnet as the VPN server PC and LAN (see the example local area network). In the following example the From: address is the address assigned to the VPN gateway and the To: address is assigned to the incoming VPN client. Click OK when finished Click on Close.. Note that by design Vista will only accept one incoming VPN connection at a time. When finished the Network Connections window will indicate the new Incoming Connections icon.
Configure the Network Firewall/NAT Router for PPTP VPN access:
If the Vista PPTP VPN server PC is behind a broadband router, the router must be configured to allow PPTP VPN access. Both TCP Port 1723 and GRE Protocol 47 are used to pass PPTP VPN traffic through the firewall. Some router manufacturers call enabling GRE Protocol 47 traffic PPTP Pass Through or VPN Pass Through.
The Vista Windows Firewall will be automatically configured to allow PPTP VPN access. GRE Protocol 47 traffic is automatically enabled through the Windows Firewall when TCP Port 1723 is opened. For more information about the Windows Firewall.
Server configuration
The Vista PPTP VPN server computer administrator can configure these properties by navigating to Start | Control Panel | Network and Internet | Network and Sharing Center and selecting Manage network connections. Right-click the Incoming Connections icon then click Properties. Check the Require all users to secure their passwords and data check box.
Source: http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
Logon the Vista PC as a user with Administrator privileges. The Vista VPN Server is configured by navigating to Start | Control Panel | Network and Internet | Network and Sharing Center and selecting Manage network connections. Select File | New Incoming Connection from the drop down menu. If the Menu bar is not visible press the
Select user's that will be allowed to login to the PPTP VPN server through the VPN connection. Click Next. In the example shown a special standard user account protected by a strong password that is only used for remote VPN access is selected. Click on Add someone... to add the special user account. Select the Through the Internet check box then click on Next. Select Internet Protocol Version 4 (TCP/IPv4) and then click on Properties.
If remote VPN users will be allowed to access the home local area network check the Allow callers to access my local area network checkbox. Configure the IP address assignment window using IP addresses in the same subnet as the VPN server PC and LAN (see the example local area network). In the following example the From: address is the address assigned to the VPN gateway and the To: address is assigned to the incoming VPN client. Click OK when finished Click on Close.. Note that by design Vista will only accept one incoming VPN connection at a time. When finished the Network Connections window will indicate the new Incoming Connections icon.
Configure the Network Firewall/NAT Router for PPTP VPN access:
If the Vista PPTP VPN server PC is behind a broadband router, the router must be configured to allow PPTP VPN access. Both TCP Port 1723 and GRE Protocol 47 are used to pass PPTP VPN traffic through the firewall. Some router manufacturers call enabling GRE Protocol 47 traffic PPTP Pass Through or VPN Pass Through.
The Vista Windows Firewall will be automatically configured to allow PPTP VPN access. GRE Protocol 47 traffic is automatically enabled through the Windows Firewall when TCP Port 1723 is opened. For more information about the Windows Firewall.
Server configuration
The Vista PPTP VPN server computer administrator can configure these properties by navigating to Start | Control Panel | Network and Internet | Network and Sharing Center and selecting Manage network connections. Right-click the Incoming Connections icon then click Properties. Check the Require all users to secure their passwords and data check box.
Source: http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
Wednesday, June 3, 2009
access vpn service after adisable vpn security
A company spokesperson told InternetNews.com that the company could not comment due to an ongoing FBI investigation, but added, "at no time were any of our operations at risk, and the employee under investigation did not have access to customer data so it has not been compromised. The news comes shortly after a report from identity management specialist SailPoint said that most IT departments are unprepared for layoffs because they cannot get a complete view of a terminated employee's access privileges from any one tool.
The IT environment is complex at large companies because business managers rather than IT managers choose what applications are deployed, according to Guy Mounier, CTO of enterprise search enhancer BA Insight. A centralized IT department can impose rational portfolio consolidation, but the reality is that most divisions have strong profit and loss (P&L) responsibilities, and if they value a piece of technology, they will use it regardless of the rest of the company's strategies and goals.
The complexity is growing, according to Brian Cleary, vice president of marketing at identity management company Aveksa, and makes handling layoffs harder. "During a workforce reduction, the first thing the IT department does is pull network access control, but they forget to turn off any back door. Think of all the applications that present themselves via a Web interface. Organizations are missing those and leaving themselves exposed," Cleary told InternetNews.com.
The problem of orphan accounts, which are credentials that are still valid even after their user has gone, is usually discovered during audits, such as those for Sarbanes-Oxley compliance, Cleary added. He said that most IT managers focus on the threat within the IT department, paying less attention to the challenge of managing key experts. "Losing corporate intellectual property (IP) is a big deal," said Cleary.
The IT environment is complex at large companies because business managers rather than IT managers choose what applications are deployed, according to Guy Mounier, CTO of enterprise search enhancer BA Insight. A centralized IT department can impose rational portfolio consolidation, but the reality is that most divisions have strong profit and loss (P&L) responsibilities, and if they value a piece of technology, they will use it regardless of the rest of the company's strategies and goals.
The complexity is growing, according to Brian Cleary, vice president of marketing at identity management company Aveksa, and makes handling layoffs harder. "During a workforce reduction, the first thing the IT department does is pull network access control, but they forget to turn off any back door. Think of all the applications that present themselves via a Web interface. Organizations are missing those and leaving themselves exposed," Cleary told InternetNews.com.
The problem of orphan accounts, which are credentials that are still valid even after their user has gone, is usually discovered during audits, such as those for Sarbanes-Oxley compliance, Cleary added. He said that most IT managers focus on the threat within the IT department, paying less attention to the challenge of managing key experts. "Losing corporate intellectual property (IP) is a big deal," said Cleary.
Tuesday, June 2, 2009
How to Configure the VPN Server and clients
A virtual private network is a means of connecting to a private network by way of a public network, such as the Internet. This combines the virtues of a dial-up connection to a dial-up server with the ease and flexibility of an Internet connection. By using an Internet connection, you can travel worldwide and still, in most places, connect to your office with a local call to the nearest Internet access phone number. If you have a high-speed Internet connection at your computer , we can communicate with our office at full Internet speed, which is much faster than any dial-up connection using an analog modem.
To install and enable a VPN server, follow these steps:
On the Microsoft Windows 2000 VPN computer, confirm that both the connection to the Internet and the connection to your local area network (LAN) are correctly configured.
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Click the server name in the tree, and click Configure and Enable Routing and Remote Access on the Action menu, and then click Next.
In the Common Configurations dialog box, click Virtual private network and then click Next.
In the Remote Client Protocols dialog box, confirm that TCP/IP is included in the list, click Yes, all of the available protocols are on this list, and then click Next.
In the Internet Connection dialog box, select the Internet connection that will connect to the Internet, and then click Next.
In the IP Address Assignment dialog box, select Automatically in order to use the DHCP server on your subnet to assign IP addresses to dialup clients and to the server.
In the Managing Multiple Remote Access Servers dialog box, confirm that the No, I don't want to set up this server to use RADIUS now checkbox is selected.
Click Next, and then click Finish.
Right click the Ports node, and then click Properties.
In the Ports Properties dialog box, click the WAN Miniport (PPTP) device, and then click Configure.
In the Configure Device - WAN Miniport (PPTP) dialog box, do one of the following:
If you do not want to support direct user dialup VPN to modems installed on the server, click to clear the Demand-Dial Routing Connections (Inbound and Outbound) check box.
If you do want to support direct user dialup VPN to modems installed on the server, click to select the Demand-Dial Routing Connections (Inbound and Outbound) check box.
Type the maximum number of simultaneous PPTP connections that you want to allow in the Maximum Ports text box. (This may depend on the number of available IP addresses.
Repeat steps 11 through 13 for the L2TP device, and then click OK.
To further configure the VPN server as required, follow these steps.
Configuring the Remote Access Server as a Router
For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Right-click the server name, and then click Properties.
On the General tab, click to select Enable This Computer As A Router.
Select either Local area network (LAN) routing only or LAN and demand-dial routing, and then click OK to close the Properties dialog box.
How to Configure PPTP Ports:
............................
Confirm the number of PPTP ports that you need. To verify the number of ports or to add ports, follow these steps:
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
In the console tree, expand Routing and Remote Access, expand the server name, and then click Ports.
Right-click Ports, and then click Properties.
In the Ports Properties dialog box, click WAN Miniport (PPTP), and then click Configure.
In the Configure Device dialog box, select the maximum number of ports for the device, and then select the options to specify whether the device accepts incoming connections only, or both incoming and outgoing connections.
How to Manage Addresses and Name Servers
The VPN server must have IP addresses available in order to assign them to the VPN server's virtual interface and to VPN clients during the IP Control Protocol (IPCP) negotiation phase of the connection process. The IP address assigned to the VPN client is assigned to the virtual interface of the VPN client.
For Windows 2000-based VPN servers, the IP addresses assigned to VPN clients are obtained through DHCP by default. You can also configure a static IP address pool. The VPN server must also be configured with name resolution servers, typically DNS and WINS server addresses, to assign to the VPN client during IPCP negotiation.
How to Manage Access:
........................................
Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections.
NOTE: By default, users are denied access to dial-up.
Access by User Account:
.........................................
If you are managing remote access on a user basis, click Allow Access on the Dial-In tab of the user's Properties dialog box for those user accounts that are allowed to create VPN connections. If the VPN server is allowing only VPN connections, delete the default remote access policy called "Allow Access If Dial-In Permission Is Enabled." Then create a new remote access policy with a descriptive name, such as VPN Access If Allowed By User Account. For more information, see Windows 2000 Help.
CAUTION: After you delete the default policy, a dial-up client that does not match at least one of the policy configurations you create will be denied access.
If the VPN server is also allowing dial-up remote access services, do not delete the default policy, but move it so that it is the last policy to be evaluated.
Access by Group Membership:
....................................................
If we are managing remote access on a group basis, click the Control access through remote access policy radio button on all user accounts by using the Active Directory Users and Computers Console in Administrator Tools or MMC snap-in. Create a Windows 2000 group with members who are allowed to create VPN connections. If the VPN server allows only VPN connections, delete the default remote access policy called Allow Access If Dial-In Permission Is Enabled. Next, create a new remote access policy with a descriptive name such as VPN Access If Member Of VPN-Allowed Group, and then assign the Windows 2000 group to the policy.
If the VPN server also allows dial-up networking remote access services, do not delete the default policy; instead move it so that it is the last policy to be evaluated.
How to Configure a VPN Connection from a Client Computer
To set up a connection to a VPN:
On the client computer, confirm that the connection to the Internet is correctly configured.
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click Make New Connection.
Click Next, and then click Connect To A Private Network Through The Internet, and then click Next.
Do one of the following:
If you use a dial-up connection to connect to the Internet, click Automatically Dial This Initial Connection and then select your dial-up Internet connection from the list.
If you use a full-time connection (such as a cable modem), click Do Not Dial The Initial Connection.
Click Next.
Type the host name (for example, Microsoft.com) or the IP address (for example, 123.123.123.123) of the computer to which you want to connect, and then click Next.
Click to select For All Users if you want the connection to be available to anyone who logs on to the computer, or click to select Only For Myself to make it available only when you log onto the computer, and then click Next.
Type a descriptive name for the connection, and then click Finish.
NOTE: This option is available only if you are logged on as a member of the Administrators group.
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click the new connection.
Click Properties to further configure options for the connection:
If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows 2000 logon domain information before attempting to connect.
If you want the connection to be redialed if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.
To use the connection:
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click the new connection.
If you do not currently have a connection to the Internet, Windows offers to connect to the Internet.
Once the connection to the Internet is made, the VPN server prompts you for your user name and password. Enter your user name and password, click Connect, and your network resources should be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right-click the connection's icon, and then click Disconnect.
To install and enable a VPN server, follow these steps:
On the Microsoft Windows 2000 VPN computer, confirm that both the connection to the Internet and the connection to your local area network (LAN) are correctly configured.
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Click the server name in the tree, and click Configure and Enable Routing and Remote Access on the Action menu, and then click Next.
In the Common Configurations dialog box, click Virtual private network and then click Next.
In the Remote Client Protocols dialog box, confirm that TCP/IP is included in the list, click Yes, all of the available protocols are on this list, and then click Next.
In the Internet Connection dialog box, select the Internet connection that will connect to the Internet, and then click Next.
In the IP Address Assignment dialog box, select Automatically in order to use the DHCP server on your subnet to assign IP addresses to dialup clients and to the server.
In the Managing Multiple Remote Access Servers dialog box, confirm that the No, I don't want to set up this server to use RADIUS now checkbox is selected.
Click Next, and then click Finish.
Right click the Ports node, and then click Properties.
In the Ports Properties dialog box, click the WAN Miniport (PPTP) device, and then click Configure.
In the Configure Device - WAN Miniport (PPTP) dialog box, do one of the following:
If you do not want to support direct user dialup VPN to modems installed on the server, click to clear the Demand-Dial Routing Connections (Inbound and Outbound) check box.
If you do want to support direct user dialup VPN to modems installed on the server, click to select the Demand-Dial Routing Connections (Inbound and Outbound) check box.
Type the maximum number of simultaneous PPTP connections that you want to allow in the Maximum Ports text box. (This may depend on the number of available IP addresses.
Repeat steps 11 through 13 for the L2TP device, and then click OK.
To further configure the VPN server as required, follow these steps.
Configuring the Remote Access Server as a Router
For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Right-click the server name, and then click Properties.
On the General tab, click to select Enable This Computer As A Router.
Select either Local area network (LAN) routing only or LAN and demand-dial routing, and then click OK to close the Properties dialog box.
How to Configure PPTP Ports:
............................
Confirm the number of PPTP ports that you need. To verify the number of ports or to add ports, follow these steps:
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
In the console tree, expand Routing and Remote Access, expand the server name, and then click Ports.
Right-click Ports, and then click Properties.
In the Ports Properties dialog box, click WAN Miniport (PPTP), and then click Configure.
In the Configure Device dialog box, select the maximum number of ports for the device, and then select the options to specify whether the device accepts incoming connections only, or both incoming and outgoing connections.
How to Manage Addresses and Name Servers
The VPN server must have IP addresses available in order to assign them to the VPN server's virtual interface and to VPN clients during the IP Control Protocol (IPCP) negotiation phase of the connection process. The IP address assigned to the VPN client is assigned to the virtual interface of the VPN client.
For Windows 2000-based VPN servers, the IP addresses assigned to VPN clients are obtained through DHCP by default. You can also configure a static IP address pool. The VPN server must also be configured with name resolution servers, typically DNS and WINS server addresses, to assign to the VPN client during IPCP negotiation.
How to Manage Access:
........................................
Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections.
NOTE: By default, users are denied access to dial-up.
Access by User Account:
.........................................
If you are managing remote access on a user basis, click Allow Access on the Dial-In tab of the user's Properties dialog box for those user accounts that are allowed to create VPN connections. If the VPN server is allowing only VPN connections, delete the default remote access policy called "Allow Access If Dial-In Permission Is Enabled." Then create a new remote access policy with a descriptive name, such as VPN Access If Allowed By User Account. For more information, see Windows 2000 Help.
CAUTION: After you delete the default policy, a dial-up client that does not match at least one of the policy configurations you create will be denied access.
If the VPN server is also allowing dial-up remote access services, do not delete the default policy, but move it so that it is the last policy to be evaluated.
Access by Group Membership:
....................................................
If we are managing remote access on a group basis, click the Control access through remote access policy radio button on all user accounts by using the Active Directory Users and Computers Console in Administrator Tools or MMC snap-in. Create a Windows 2000 group with members who are allowed to create VPN connections. If the VPN server allows only VPN connections, delete the default remote access policy called Allow Access If Dial-In Permission Is Enabled. Next, create a new remote access policy with a descriptive name such as VPN Access If Member Of VPN-Allowed Group, and then assign the Windows 2000 group to the policy.
If the VPN server also allows dial-up networking remote access services, do not delete the default policy; instead move it so that it is the last policy to be evaluated.
How to Configure a VPN Connection from a Client Computer
To set up a connection to a VPN:
On the client computer, confirm that the connection to the Internet is correctly configured.
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click Make New Connection.
Click Next, and then click Connect To A Private Network Through The Internet, and then click Next.
Do one of the following:
If you use a dial-up connection to connect to the Internet, click Automatically Dial This Initial Connection and then select your dial-up Internet connection from the list.
If you use a full-time connection (such as a cable modem), click Do Not Dial The Initial Connection.
Click Next.
Type the host name (for example, Microsoft.com) or the IP address (for example, 123.123.123.123) of the computer to which you want to connect, and then click Next.
Click to select For All Users if you want the connection to be available to anyone who logs on to the computer, or click to select Only For Myself to make it available only when you log onto the computer, and then click Next.
Type a descriptive name for the connection, and then click Finish.
NOTE: This option is available only if you are logged on as a member of the Administrators group.
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click the new connection.
Click Properties to further configure options for the connection:
If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows 2000 logon domain information before attempting to connect.
If you want the connection to be redialed if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.
To use the connection:
Click Start, point to Settings, and then click Network And Dial-Up Connections.
Double-click the new connection.
If you do not currently have a connection to the Internet, Windows offers to connect to the Internet.
Once the connection to the Internet is made, the VPN server prompts you for your user name and password. Enter your user name and password, click Connect, and your network resources should be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right-click the connection's icon, and then click Disconnect.
Monday, June 1, 2009
New information about vpn
VPN Technologies is a privately held company based in the Pleasanton, California, integrating a suite of leading-edge networking and software technologies. VPN Technologies has designed and deployed a virtual network software that provides secure, reliable, and scalable communication services, not only fulfilling the requirements of the traditional virtual private network (VPN) market, but also addressing the demands of real-time media exchange and distribution applications. Open VPN, our award-winning open source VPN product, has established itself as a de-facto standard in the open source networking space, with over 2.5 million downloads since inception. OpenVPN Technologies is the provider of next-generation secure and scalable communication services, implementing its business plan through strategic partnerships with key application software providers and marketing its product to SMB market place through its OpenVPN web site that is experiencing more than 200,000 new SMB users, prospects, and customers per month.
The company was co-founded by Francis Dinha and James Yonan. Francis Dinha is an accomplished executive with domestic and international experience in operations, P&L management, strategic product positioning, technology development, and business planning with both startup and growth organizations. James Yonan is the author of the OpenVPN software package, and has since established OpenVPN as an award-winning offering in the Open Source security space.
A VPN connection allows a computer to establish a virtual and private connection to a network over the Internet. The connection is virtual because when the computer establishes a VPN connection over the Internet, the computer making the VPN connection acts like a node that’s directly connected to the network, as if it had an Ethernet cable connected to that network. The user can access all the same resources he could connect to as if he were directly connected to the network. However, in the case of the VPN client connection to a VPN server, the connection is a virtual one because there is no actual Ethernet connection to the destination network. The connection is private because the contents of the datastream moving inside the VPN connection are encrypted so that no one over the Internet is able to intercept and read the contents of the communications moving over the VPN link. Windows Servers and clients have supported VPN connections since the days of Windows NT and Windows 95. While Windows clients and servers have supported VPN connections for over a decade, the type of VPN support has evolved over time. Windows Vista Service Pack 1 and Windows Server 2008 now support three types of VPN connections.
The company was co-founded by Francis Dinha and James Yonan. Francis Dinha is an accomplished executive with domestic and international experience in operations, P&L management, strategic product positioning, technology development, and business planning with both startup and growth organizations. James Yonan is the author of the OpenVPN software package, and has since established OpenVPN as an award-winning offering in the Open Source security space.
A VPN connection allows a computer to establish a virtual and private connection to a network over the Internet. The connection is virtual because when the computer establishes a VPN connection over the Internet, the computer making the VPN connection acts like a node that’s directly connected to the network, as if it had an Ethernet cable connected to that network. The user can access all the same resources he could connect to as if he were directly connected to the network. However, in the case of the VPN client connection to a VPN server, the connection is a virtual one because there is no actual Ethernet connection to the destination network. The connection is private because the contents of the datastream moving inside the VPN connection are encrypted so that no one over the Internet is able to intercept and read the contents of the communications moving over the VPN link. Windows Servers and clients have supported VPN connections since the days of Windows NT and Windows 95. While Windows clients and servers have supported VPN connections for over a decade, the type of VPN support has evolved over time. Windows Vista Service Pack 1 and Windows Server 2008 now support three types of VPN connections.
Subscribe to:
Posts (Atom)
