Solved

VPN basics

Posted on 2011-09-20
2
235 Views
Last Modified: 2012-06-11
Excuse my ignornace, but in management speak, how does the VPN process actually work?

Say users A sat at home wants to connect to corporate network A, what does he have on his machine, and how does he "connect". I have some experience with citriix whereby we need the citrix client installed on home machines, and then we just visit a specific web page authenticate via domain credentials, and it logs us in.

Is that the same with VPN? client software, visiit a website, authenticate with domain creds, then you are in? Or is it more complex.

Please keep answers in management speak where poss?

And what security issues/concerns are there with VPN ?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 36566303
It depends on solution. If you are using Windows Server as VPN server, then you need to have an access from the Internet to that server. Then you need to specify connection rule on a VPN. Mostly domain user's credentials or group membership is used for that. Then user provides IP address and domain user with password to connect to the company. After that, browsing network resources is available. No special software is necessary, because Windows supports it natively (you need to only configure VPN connection similarly to WiFi connection).

More about VPN on Windows at

for 2003 http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/5805260
for 2008 http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html

Using hardware based solution, you need to define some ACLs on a device and provide 3rd party software to connect to the company (by default included from device manufacturer).

Regards,
Krzysztof
0
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 250 total points
ID: 36571204
I find it easier to describe a site-to-site VPN first.  
And, for simplicity (?) let's assume that you have public IP addresses available for this purpose at each end.

Assume your internet gateway/router is something like a Linksys/Cisco RV042.  It will have the public IP address assigned to the site.  It will be the internet gateway for the site.  It will also be the VPN box for the site and will support up to 50 VPNs.

You set up a VPN tunnel between the two sites.
This gives users at each end the ability to address hosts on the other side.
The subnets at each end have to be different.  Otherwise things wouldn't be routed to the tunnel.

The VPN is an encrypted tunnel through the internet.  You can select the best possible encryption or not depending on your needs for efficiency, etc.  

OK.

Now how about a client to site VPN?

Assume there's an RV042 gateway at the main site.
Then you use software on the remote client(s) to access the main site through client VPNs that are set up on the RV042.
I've not gotten this to work but others certainly have.  I've just not tried very hard.

There are a number of client programs for this purpose.  Just Google "RV042 VPN Client"


As far as I'm concerned, Citrix provides you with the same technology but keeps you out of the details.
If you roll your own as above then you eliminate that 3rd party (Citrix)  .. if that matters to you.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question