VPN Question

350 pts.
Tags:
Remote access
VPN
Windows Server 2003
What information about a peer would I need to establish a VPN?
ASKED: September 10, 2008  4:39 AM
UPDATED: September 10, 2008  9:35 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Generally speaking, things that you need to know include the IP address of the remote VPN endpoint, the type and level of encryption being used and any pre-shared or other encryption/session keys that will be used. If it is a Windows Server OS based VPN, you also need a valid user name and password. For more details, review the following TechNet article <b><a href=”http://technet.microsoft.com/en-us/library/cc758391.aspx”>Introduction (Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs)</a></b>.
*****************************************************************************

The router on the network you want to connect to will sometimes require an account to be set up to allow VPN connection. Some networks will use one main account that all users VPN through. Others, like the one I run, have a seperate account, or login for each user (We only have about 15 people who use VPN) Having a seprate login for each user allows me better access control. I can remove, or restrict one account with out affecting everyone else. It also makes it easier to track who is connecting to our LAN and when they connected.
****************************************************************************

This may be too much info, but maybe it’ll help if you are setting up a LAN to LAN IPSEC VPN between two devices such as routers or firewalls.

First IPSec has to decide that data traffic is “interesting” and should be encrypted. It does this by matching an access-list or an interface on the device. Once traffic is matched the following occurs.

IPSec has 2 phases, both of which need to be configured. The peers negotiate the attributes in each phase.

The FIRST phase, which must be successful before the second phase can begin, authenticates the IPSec peers and sets up a secure channel. This secure channel encrypts the 2nd phase negotiations. You’ll configure the following.

peer IP address
encryption algorithm – examples: DES, 3DES, AES256
hash – examples MD5, SHA1
lifetime – usually in kbits or seconds
Diffe-Hellman exchange
secret key – this is your pre-shared key

The SECOND phase (occurs after the first) negotiates the IPSec Security Association (SA) parameters. This SA is what protects the data sent between the peers. The attributes in the SA that you configure is;

encryption algorithm – examples: DES, 3DES, AES256
hash – examples: MD5, SHA1
lifetime – usually in kbits or seconds
Diffie-Hellman exchange for PFS – optional

That is pretty much it. If you are setting up a LAN to LAN VPN it’s important to remember the steps when troubleshooting. 1) Traffic has to be “interesting” 2) Phase 1 has to complete 3) Phase 2 has to complete. They have to occur in order and if any fail you won’t be able to send traffic between your peers.

Good luck!

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following