RAS and
VPN
There are 2 methods
for WAN connection :-
1. RAS (Remote Access
Service)
2. VPN (Virtual Private
Network) or RRAS (Routing and Remote Access Service)
RAS and VPN can be use
for remote connection and remote authentication. They can be use in the domain
or workgroup network but can be configure on server OS only. IP address range
or pool is defined on server side of RAS and VPN. Users will be create on server
side. We can use Remote Access Policy
and RADIUS (AAA) with RAS and VPN.
RAS is successful
within a city because of local call or cost limit and it is slow while VPN is
faster and more secure than RAS.
VPN setup is costly
but it will be cost efficient in the long run as compare to RAS.
RAS is dialup
connection and also known as Direct Physical connection.
VPN use lease line or
Internet for connection.
RAS and VPN
Connection Protocol
1.
SLIP (Serial Line
Interface Protocol) It is use for
remote connection, it is slow, it does not support any type of encryption and
it is use for UNIX based servers only.
2.
PPP (Point to Point
Protocol) It is fast, it is secure and
support all types of OS. It has 3 parts :-
(a) LCP (Link Control
Protocol) It create link between server
and remote client machine, it can actually provide IP address to remote client.
(b)NCP (Network
Control Protocol) It is use to maintain
link between server and remote client machine, it can actually manage all the
protocols during communication or all the protocols of 7 layers of OSI model.
(c)HDLC (High-level
Data Link Connection) It is use for
security and provide encapsulation in the remote connection.
RAS and VPN
Authentication Protocol
(a) PAP (Password
Authentication Protocol) It can check
username and password, it does not support any type of encryption.
(b) SPAP (Shiva
PAP) It can check username and password
during remote authentication and also provide reversible encryption. It can
work with Intel chip client machine only.
(c) CHAP (Challenge
Handshake Authentication Protocol) It
does not support GUI based clients but it can provide 40 bit encryption and
also use handshaking process.
(d) MS-CHAP (Microsoft
CHAP) It provide 56 bit encryption and
support all types of OS.
(e) MS-CHAP version
2 It provide 128 bit encryption.
(f) EAP (Extensible
Authentication Protocol) It provide
highest security in the remote authentication but it is costly as it can only
work with smart card.
RAS Diagram :-
PSTN
(Public Switched Telephone Network)
VPN Diagram :-
VPN can be defined as
private network through public infrastructure.
It is connection through Internet.
Requirements for VPN
are:-
1. VPN server (It can
be Windows Server, Cisco router etc.)
2. Router (IP routing
is use)
3. Public IP (for
Direct Access to Internet)
4. Lease Line
NOTE: Lease Line is
dedicated Internet connection and it is digital line. It has 2 types :-
(a)ISDN (Integrated
Switched Digital Network) It use dialing
method to connect Internet. It use separate channels, Channel B (Bearer) to send information or
header and Channel D (Data) to send data. When one channel will finish its
work, then another channel can start working. It is slow.
It has 2 types :-
(i) BRI (Basic Rate
Interface) It has 2 B + D
channels.
(ii) PRI (Primary Rate
Interface) It has 23B + D channels.
(b)ADSL (Asynchronous
Digital Subscriber's Line) It does
not use separate channels, it is faster, it does not use dialing method to
connect. Eg: DSL broadband, T1 Line, E1
Line etc.
VPN Protocols
1. Connectivity
protocol - PPP
2. Authentication
protocol - same as RAS
3. Tunneling
protocol - L2F (Layer 2 Forwarding),
L2TP (Layer 2 Tunneling Protocol), PPTP (Point to Point Tunneling Protocol)
Tunneling means two computers are connected in very large
network but they are acting as peer to peer connection. Tunneling process
include :-
1. Passenger protocol - PPP
2. Encapsulating
protocol - L2F
3. Carrier protocol - IP
Types of Encapsulation
are :-
1. HDLC
2. PPP
3. Frame-Relay
Frame-Relay can be
defined as dedicated path to send all packets in the sequence. It use PVC
(Permanent Virtual Circuits). Frame-Relay process include :-
1. Connection
establishment
2. Data transfer
3. Connection
termination
Types of VPN are :-
1. Access VPN It means company has provided facility to
the employees to work from home or SOHO (Small Office Home Office).
2. Intranet VPN It means branch offices are connected
through VPN. Both routers must have VPN card and IPSec tunnel.
3. Extranet VPN It means company has provided facility to
clients, customers, suppliers etc. to get the information of company whenever, wherever and however they required.
Business will enjoy the same benefit as private network including security and
QOS (Quality of Service).
Eg: -
e-banking, e-ticketing etc.
To
install and configure VPN :
Open Server Manager
-> Roles -> Add Role -> Select Network Policy server -> Next
-> Select NPS, IP Routing, Remote Access -> Next -> Finish
Program -> Admin. tools -> Routing and Remote Access -> Configure and Enable routing and
remote access -> Custom
configuration -> Select VPN -> Next -> Finish
NOTE: We can use DHCP
server or we can define IP address pool within RAS or VPN server.
User(Local user in the
workgroup network and Domain group in the Domain network) -> Properties -> Dial-in tab -> Allow Access -> OK
NOTE: By default all
the users are Deny access for the
remote access including Administrators.
Client machine -> New connection -> VPN client -> Give hostname or IP address of VPN
server -> Finish -> Give username and password to connect
Remote
Access Policy
It can be use in the
domain or workgroup network with RAS or VPN. It is use to allow access or deny
access multiple users at a time.
step1 Add VPN users in a group
step2 User properties -> Dial-in tab -> Control access through remote access
policy -> OK
step3 Routing and Remote Access -> Remote Access Policy (NPS in
windows2008) -> Add windows
group -> Select Group of VPN users -> Grant or Deny -> OK
No comments:
Post a Comment