+ All Categories
Home > Documents > Network Access for Remote Users

Network Access for Remote Users

Date post: 24-Feb-2016
Category:

Documents
Upload: edith
View: 34 times
Download: 3 times
Download Report this document
Share this document with a friend
Description:
Network Access for Remote Users . Dr John S. Graham ULCC [email protected]. Review of Technologies. Remote Site Private Leased Lines Kilostream or Megastream Circuits LES ISDN EPS9 ISP Remote User Private Dialup Service ISP. Site-to-Site Private Infrastructure. - PowerPoint PPT Presentation
Popular Tags:
transport protocols
tunnelling l2tplayer
transport mode ipsec
use of udp
remote sitewires
ah protocols icv data
remote users dr john
h routerethernet hub
21
Network Access for Remote Users Dr John S. Graham ULCC [email protected]
Transcript
Page 1: Network Access for Remote Users

Network Access for Remote Users Dr John S. Graham

[email protected]

Page 2: Network Access for Remote Users

Review of Technologies• Remote Site

– Private Leased Lines• Kilostream or Megastream Circuits• LES

– ISDN– EPS9– ISP

• Remote User– Private Dialup Service– ISP

Page 3: Network Access for Remote Users

Site-to-Site Private Infrastructure

Page 4: Network Access for Remote Users

Traditional Dialup Service

High CostsSupport BurdenLimited to 56K Analogue DialupLimited Service

Security Guaranteed

Page 5: Network Access for Remote Users

Virtual Private Network

Highly Flexible SolutionUses Existing Infrastructure

Complex Security Issues

Page 6: Network Access for Remote Users

VPN Roadmap

Tunnelling

Sym metric Asymm etric

Encryption

Endpoints Data User

Authentication IP Framew ork

VPN

Page 7: Network Access for Remote Users

Tunnelling Methods• Layer III

– GRE– IPSec

• Layer II– L2F– PPTP– L2TP

Page 8: Network Access for Remote Users

Layer 3 Tunnelling (GRE)

TCPIP DataGREIP

GRE

TCPIP Data

passenger protocol

encapsulating protocol

carrier protocol

Page 9: Network Access for Remote Users

Tunnelling In Action

IP GRE TCPIP Data

Source 62.49.38.138Destination

192.168.17.26194.82.103.186

IP GRE TCPIP Data

192.168.17.26

Page 10: Network Access for Remote Users

Layer 2 Tunnelling (L2TP)

TCPIP DataL2TPUDPIP PPP

TCPIP DataL2TPUDPIP PPPESP ESP

L2TP

L2TP + IPSec

TCPIP DataPPP

Page 11: Network Access for Remote Users

Layer 2 Tunnelling Modes

Compulsory L2 Tunnelling

Voluntary L2 Tunnelling

Page 12: Network Access for Remote Users

Authentication• Peer Identity

– Shared Secret– Digital Certificate

• Data Integrity– Digital Signatures

• User Identity– Kerberos– RADIUS

Page 13: Network Access for Remote Users

IP Security (IPSec)• Protocols

– Authentication Header– Encapsulating Security Payload– Internet Key Exchange

• Modes– Tunnel– Transport

Page 14: Network Access for Remote Users

IPSec Protocols

Sequence Number

Authentication Data

SPI

NextHeader

PayloadLength Reserved

Sequence Number

SPI

Authentication Data

Data

NextHeader

PadLengthPad

IV

Authentication Header (51) Encapsulating Security Protocol (50)

Page 15: Network Access for Remote Users

IPSec ModesTunnel Mode

Transport Mode

IP AH/ESP TCPIP Data

AH/ESP TCPIP Data

Page 16: Network Access for Remote Users

Equipment at Remote Site

• ‘Wires Only’ ADSL Connection– One Static IP Address

• Splitter• Cisco 827H Router

– Ethernet hub (4 ports) plus ATM port

Page 17: Network Access for Remote Users

Customer Installation

Page 18: Network Access for Remote Users

Router Configuration

Routing Table

NAT IPSec

Tunnel

Dialer

A1

A2

B1

B2

B3

Ethernet

Page 19: Network Access for Remote Users

IPSec Followed by NAT• Immutable fields of outer IP header

included in AH protocol’s ICV data.• Transport mode IPSec renders

TCP/UDP checksums invalid.• Multiple incompatibilities between

SA parameters and NAT.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-04.txt

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-04.txt
Page 20: Network Access for Remote Users

Fragmentation Hell

Page 21: Network Access for Remote Users

http://www.ja.net/documents/


Recommended
Network Access for Remote Users Dr John S. Graham ULCC

Network Access for Remote Users Dr John S. Graham ULCC

Documents

Network Access for Remote Users: Practical IPSec

Network Access for Remote Users: Practical IPSec

Documents

REMOTE ACCESS USER GUIDE - Clarion Partners LLC for Installing... · REMOTE ACCESS USER GUIDE (Citrix and VPN Instructions) Remote Access User Guide 1 | Page . ... Remote Access User

REMOTE ACCESS USER GUIDE - Clarion Partners LLC for Installing... · REMOTE ACCESS USER GUIDE (Citrix and VPN Instructions) Remote Access User Guide 1 | Page . ... Remote Access User

Documents

Remote Site Using Local Internet Access - cisco.com · The Remote Sites Using Local Internet Access Technology Design Guide describes how to enable remote- site users to access the

Remote Site Using Local Internet Access - cisco.com · The Remote Sites Using Local Internet Access Technology Design Guide describes how to enable remote- site users to access the

Documents

Web Remote Access - AT&T® Official - Entertainment, TV ... · PDF fileWeb Remote Access Overview The Web Remote Access enhanced service allows 2Wire Gateway users to access their

Web Remote Access - AT&T® Official - Entertainment, TV ... · PDF fileWeb Remote Access Overview The Web Remote Access enhanced service allows 2Wire Gateway users to access their

Documents

Communication Solutions for Rockwell Automation Users · Communication Solutions for Rockwell Automation® Users ... • Access to remote devices using secure VPN tunnels over ...

Communication Solutions for Rockwell Automation Users · Communication Solutions for Rockwell Automation® Users ... • Access to remote devices using secure VPN tunnels over ...

Documents

Okta + Palo Alto Networks: Single Sign-On for …...Okta + Palo Alto Networks: Single Sign-On for Seamless Remote Access + Remote Access: The Challenge and Solution External users

Okta + Palo Alto Networks: Single Sign-On for …...Okta + Palo Alto Networks: Single Sign-On for Seamless Remote Access + Remote Access: The Challenge and Solution External users

Documents

Datacom II REMOTE ACCESS 1 REMOTE ACCESS Lecture II.

Datacom II REMOTE ACCESS 1 REMOTE ACCESS Lecture II.

Documents

Analisi In CMS - users · Analisi Stefano Lacaprara Introduction How To Do Analysis Remote access: GRID Data Access and Publication Catalogs Present Future Site Infrastructure Remote

Analisi In CMS - users · Analisi Stefano Lacaprara Introduction How To Do Analysis Remote access: GRID Data Access and Publication Catalogs Present Future Site Infrastructure Remote

Documents

Remote Access Service CPTE 433 John Beckett. Types of Users Need access from home Need access from anywhere Low bandwidth needs High bandwidth needs –This.

Remote Access Service CPTE 433 John Beckett. Types of Users Need access from home Need access from anywhere Low bandwidth needs High bandwidth needs –This.

Documents

Remote users can directly access the web camera through an Internet brower application

Remote users can directly access the web camera through an Internet brower application

Documents

Remote Access - download.manageengine.com€¦ · Access command prompt and registry Manage computers, users and software installed Remote device manager. Remote File Transfer Granular

Remote Access - download.manageengine.com€¦ · Access command prompt and registry Manage computers, users and software installed Remote device manager. Remote File Transfer Granular

Documents

IWAN Direct Internet Access Design Guide · aae eg page 2 Introduction Use Case: DIA for Remote-Site Internal Employees Remote-site users directly access the Internet for cloud-based

IWAN Direct Internet Access Design Guide · aae eg page 2 Introduction Use Case: DIA for Remote-Site Internal Employees Remote-site users directly access the Internet for cloud-based

Documents

SISCI Users Guide - Dolphin Interconnect Solutions · Page 1 SISCI Users Guide Remote memory access made safe and easy Dolphin Interconnect Solutions 07.08.2017 Version 5.5.0

SISCI Users Guide - Dolphin Interconnect Solutions · Page 1 SISCI Users Guide Remote memory access made safe and easy Dolphin Interconnect Solutions 07.08.2017 Version 5.5.0

Documents

Secure Remote Access Series - Dell · a single secure access gateway that extends remote access via SSL VPN for both internal and external users to all network resources — including

Secure Remote Access Series - Dell · a single secure access gateway that extends remote access via SSL VPN for both internal and external users to all network resources — including

Documents

Securing Access for Remote Users and Networks Planning Remote Access Security Designing Remote Access Security for Users Designing Remote Access Security.

Securing Access for Remote Users and Networks Planning Remote Access Security Designing Remote Access Security for Users Designing Remote Access Security.

Documents

1 Remote Memory Access Programming in MPI-3 · 1 Remote Memory Access Programming in MPI-3 ... Such models are important for users, ... The main complications for remote memory access

1 Remote Memory Access Programming in MPI-3 · 1 Remote Memory Access Programming in MPI-3 ... Such models are important for users, ... The main complications for remote memory access

Documents

Module 11: Remote Access Fundamentals. Remote Access Overview RADIUS Overview Network Policy Server Troubleshooting Remote Access.

Module 11: Remote Access Fundamentals. Remote Access Overview RADIUS Overview Network Policy Server Troubleshooting Remote Access.

Documents