?
Solved

VPN basics

Posted on 2011-09-20
2
Medium Priority
?
244 Views
Last Modified: 2012-06-11
Excuse my ignornace, but in management speak, how does the VPN process actually work?

Say users A sat at home wants to connect to corporate network A, what does he have on his machine, and how does he "connect". I have some experience with citriix whereby we need the citrix client installed on home machines, and then we just visit a specific web page authenticate via domain credentials, and it logs us in.

Is that the same with VPN? client software, visiit a website, authenticate with domain creds, then you are in? Or is it more complex.

Please keep answers in management speak where poss?

And what security issues/concerns are there with VPN ?
0
Comment
Question by:pma111
2 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 36566303
It depends on solution. If you are using Windows Server as VPN server, then you need to have an access from the Internet to that server. Then you need to specify connection rule on a VPN. Mostly domain user's credentials or group membership is used for that. Then user provides IP address and domain user with password to connect to the company. After that, browsing network resources is available. No special software is necessary, because Windows supports it natively (you need to only configure VPN connection similarly to WiFi connection).

More about VPN on Windows at

for 2003 http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/5805260
for 2008 http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html

Using hardware based solution, you need to define some ACLs on a device and provide 3rd party software to connect to the company (by default included from device manufacturer).

Regards,
Krzysztof
0
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 1000 total points
ID: 36571204
I find it easier to describe a site-to-site VPN first.  
And, for simplicity (?) let's assume that you have public IP addresses available for this purpose at each end.

Assume your internet gateway/router is something like a Linksys/Cisco RV042.  It will have the public IP address assigned to the site.  It will be the internet gateway for the site.  It will also be the VPN box for the site and will support up to 50 VPNs.

You set up a VPN tunnel between the two sites.
This gives users at each end the ability to address hosts on the other side.
The subnets at each end have to be different.  Otherwise things wouldn't be routed to the tunnel.

The VPN is an encrypted tunnel through the internet.  You can select the best possible encryption or not depending on your needs for efficiency, etc.  

OK.

Now how about a client to site VPN?

Assume there's an RV042 gateway at the main site.
Then you use software on the remote client(s) to access the main site through client VPNs that are set up on the RV042.
I've not gotten this to work but others certainly have.  I've just not tried very hard.

There are a number of client programs for this purpose.  Just Google "RV042 VPN Client"


As far as I'm concerned, Citrix provides you with the same technology but keeps you out of the details.
If you roll your own as above then you eliminate that 3rd party (Citrix)  .. if that matters to you.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question