Solved

VPN basics

Posted on 2011-09-20
2
237 Views
Last Modified: 2012-06-11
Excuse my ignornace, but in management speak, how does the VPN process actually work?

Say users A sat at home wants to connect to corporate network A, what does he have on his machine, and how does he "connect". I have some experience with citriix whereby we need the citrix client installed on home machines, and then we just visit a specific web page authenticate via domain credentials, and it logs us in.

Is that the same with VPN? client software, visiit a website, authenticate with domain creds, then you are in? Or is it more complex.

Please keep answers in management speak where poss?

And what security issues/concerns are there with VPN ?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 36566303
It depends on solution. If you are using Windows Server as VPN server, then you need to have an access from the Internet to that server. Then you need to specify connection rule on a VPN. Mostly domain user's credentials or group membership is used for that. Then user provides IP address and domain user with password to connect to the company. After that, browsing network resources is available. No special software is necessary, because Windows supports it natively (you need to only configure VPN connection similarly to WiFi connection).

More about VPN on Windows at

for 2003 http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/5805260
for 2008 http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html

Using hardware based solution, you need to define some ACLs on a device and provide 3rd party software to connect to the company (by default included from device manufacturer).

Regards,
Krzysztof
0
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 250 total points
ID: 36571204
I find it easier to describe a site-to-site VPN first.  
And, for simplicity (?) let's assume that you have public IP addresses available for this purpose at each end.

Assume your internet gateway/router is something like a Linksys/Cisco RV042.  It will have the public IP address assigned to the site.  It will be the internet gateway for the site.  It will also be the VPN box for the site and will support up to 50 VPNs.

You set up a VPN tunnel between the two sites.
This gives users at each end the ability to address hosts on the other side.
The subnets at each end have to be different.  Otherwise things wouldn't be routed to the tunnel.

The VPN is an encrypted tunnel through the internet.  You can select the best possible encryption or not depending on your needs for efficiency, etc.  

OK.

Now how about a client to site VPN?

Assume there's an RV042 gateway at the main site.
Then you use software on the remote client(s) to access the main site through client VPNs that are set up on the RV042.
I've not gotten this to work but others certainly have.  I've just not tried very hard.

There are a number of client programs for this purpose.  Just Google "RV042 VPN Client"


As far as I'm concerned, Citrix provides you with the same technology but keeps you out of the details.
If you roll your own as above then you eliminate that 3rd party (Citrix)  .. if that matters to you.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question