Solved

VPN basics

Posted on 2011-09-20
2
230 Views
Last Modified: 2012-06-11
Excuse my ignornace, but in management speak, how does the VPN process actually work?

Say users A sat at home wants to connect to corporate network A, what does he have on his machine, and how does he "connect". I have some experience with citriix whereby we need the citrix client installed on home machines, and then we just visit a specific web page authenticate via domain credentials, and it logs us in.

Is that the same with VPN? client software, visiit a website, authenticate with domain creds, then you are in? Or is it more complex.

Please keep answers in management speak where poss?

And what security issues/concerns are there with VPN ?
0
Comment
Question by:pma111
2 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 36566303
It depends on solution. If you are using Windows Server as VPN server, then you need to have an access from the Internet to that server. Then you need to specify connection rule on a VPN. Mostly domain user's credentials or group membership is used for that. Then user provides IP address and domain user with password to connect to the company. After that, browsing network resources is available. No special software is necessary, because Windows supports it natively (you need to only configure VPN connection similarly to WiFi connection).

More about VPN on Windows at

for 2003 http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/5805260
for 2008 http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html

Using hardware based solution, you need to define some ACLs on a device and provide 3rd party software to connect to the company (by default included from device manufacturer).

Regards,
Krzysztof
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 250 total points
ID: 36571204
I find it easier to describe a site-to-site VPN first.  
And, for simplicity (?) let's assume that you have public IP addresses available for this purpose at each end.

Assume your internet gateway/router is something like a Linksys/Cisco RV042.  It will have the public IP address assigned to the site.  It will be the internet gateway for the site.  It will also be the VPN box for the site and will support up to 50 VPNs.

You set up a VPN tunnel between the two sites.
This gives users at each end the ability to address hosts on the other side.
The subnets at each end have to be different.  Otherwise things wouldn't be routed to the tunnel.

The VPN is an encrypted tunnel through the internet.  You can select the best possible encryption or not depending on your needs for efficiency, etc.  

OK.

Now how about a client to site VPN?

Assume there's an RV042 gateway at the main site.
Then you use software on the remote client(s) to access the main site through client VPNs that are set up on the RV042.
I've not gotten this to work but others certainly have.  I've just not tried very hard.

There are a number of client programs for this purpose.  Just Google "RV042 VPN Client"


As far as I'm concerned, Citrix provides you with the same technology but keeps you out of the details.
If you roll your own as above then you eliminate that 3rd party (Citrix)  .. if that matters to you.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now