Notes on VPN
I know almost nothing about VPN before. The following are my notes from various resources.
To be considered a VPN, the technology must perform at least two functions: authenticate the end user and assign the remote node an IP address routable on the local network. A VPN is virtual because it rides atop some real network; it's private because the communication between the client node and the VPN server are encrypted.
There are two VPN types: PPTP and L2TP+IPsec.
PPTP:
- Used only IP-based networks
- Uses PPP (MPPE) encryption
- Allows IP, IPX, and NetBEUI traffic to be encrypted
- Tunnel authentication
- Works over NAT
- Port 1723/tcp and IP protocol 47
L2TP+IPsec:
- Support any point-to-point connection, including IP, ATM, and trame relay
- Encryption is hnadled by IPsec
- Allows IP traffic to be encrypted
- No tunnel authentication
- Both machine-level (IPsec) and user-level (L2TP) authentication are provided
- IPsec transport mode is used
- Doesn't work with NAT until Windows Server 2003
- Windows Server 2003 includes a basic VPN quarantine function
- Port 1701/udp and IP protocol 50
Unless you have a need to inspect all traffic between VPN clients and the internal network, the best place to locate your VPN server is alongside your firewall.
References:
- Protect Your Windows Network : From Perimeter to Data by Jesper M. Johansson, Steve Riley
- Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure by Diana Huggins, Ed Tittel
0 Comments:
Post a Comment
<< Home