Joe Davies Principal Writer Windows Server Documentation

Similar documents
7.1. Remote Access Connection

Windows Server 2003 Remote Access Overview

Application Note: Onsight Device VPN Configuration V1.1

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Virtual Private Networks

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Connecting Remote Users to Your Network with Windows Server 2003

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Module 6. Configuring and Troubleshooting Routing and Remote Access. Contents:

VPN Solutions. Lesson 10. etoken Certification Course. April 2004

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

VPN. VPN For BIPAC 741/743GE

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Defender EAP Agent Installation and Configuration Guide

Creating a VPN Using Windows 2003 Server and XP Professional

Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows

Computer Networks. Secure Systems

Cisco Which VPN Solution is Right for You?

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Network Security Fundamentals

VPN. Date: 4/15/2004 By: Heena Patel

Internet Authentication Service (IAS) Operations Guide

Implementing and Managing Security for Network Communications

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Step-by-Step Guide for Setting Up Network Quarantine and Remote Access Certificate Provisioning in a Test Lab

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Network Access Security. Lesson 10

How to configure VPN function on TP-LINK Routers

ASA and Native L2TP IPSec Android Client Configuration Example

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

INTRODUCTION... 2 Windows Windows Mac OS X Ubuntu Advanced routing Windows Mac OS X Ubuntu...

How to configure VPN function on TP-LINK Routers

iphone in Business Security Overview

Security. TestOut Modules

ipad in Business Security

This section provides a summary of using network location profiles to identify network connection types. Details include:

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Understanding the Cisco VPN Client

Microsoft Windows Server System White Paper

How To Understand And Understand The Security Of A Key Infrastructure

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Network Security. Lecture 3

Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client

Intranet Security Solution

Configuration examples for the D-Link NetDefend Firewall series DFL-210/800/1600/2500

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Using a VPN with Niagara Systems. v0.3 6, July 2013

Using a VPN with CentraLine AX Systems

Network Security Part II: Standards

Administrator's Guide

Comparing Mobile VPN Technologies WHITE PAPER

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Wireless Network Configuration Guide

SSL SSL VPN

Exam Questions SY0-401

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Configuring Eduroam on Microsoft Windows Vista and 7 (all editions, 32 and 64 bits)

Configuring L2TP over IPsec

Overview. Protocols. VPN and Firewalls

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Internet Protocol Security IPSec

IHSVPN IHS Secure Network Access

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Configuring GTA Firewalls for Remote Access

With a little bit of IPv6 magic: Windows 7 DirectAccess

Virtual Private Network and Remote Access Setup

Site to Site Virtual Private Networks (VPNs):

Seamless Roaming in a Remote Access VPN Environment

(d-5273) CCIE Security v3.0 Written Exam Topics

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

SSL VPN Technical Primer

Practice Test. Microsoft Upgrading MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist

Executive Summary and Purpose

Windows Remote Access

FortiOS Handbook - IPsec VPN VERSION 5.2.2

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Deploying iphone and ipad Security Overview

Transcription:

Joe Davies Principal Writer Windows Server Documentation Presented at Seattle Windows Networking User Group monthly meeting September 1, 2010

Agenda Brief VPN technology overview VPN features in Windows Server 2003/Windows XP VPN features in Windows Server 2008/Windows Vista VPN features in Windows Server 2008 R2/Windows 7

VPN technology overview Remote access VPN

VPN technology overview Site-to-site VPN VPN connection

VPN technologies in Windows Server 2003/Windows XP VPN protocols Point-to-Point Tunneling Protocol (PPTP) Password-based authentication possible 128-bit Microsoft Point-to-Point Encryption (MPPE) IP GRE PPP IP Upper layer PDU Encrypted by MPPE

VPN technologies in Windows Server 2003/Windows XP (cont.) VPN protocols Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec) Certificate-based authentication Transport mode 3DES encryption IP ESP UDP L2TP PPP IP Payload ESP trailer Auth Data Encrypted by IPsec Authenticated by IPsec

VPN technologies in Windows Server 2003/Windows XP (cont.) Authentication protocols MS-CHAP, MS-CHAP v2 Extensible Authentication Protocol (EAP)-based authentication methods EAP-Transport Layer Security (TLS) Authentication, Authorization, and Accounting (AAA) support Windows or RADIUS

VPN technologies in Windows Server 2003/Windows XP (cont.) Centralized configuration of VPN connectoids in the Network Connections folder Connection Manager Connection Manager Administration Kit (CMAK) Client Dialer Connection Point Services Access control Network Access Quarantine Control Listener component on the VPN server Notifier component on the VPN client Script run as post-connect action to perform system health checks

VPN technologies in Windows Server 2008/Windows Vista New VPN protocol Secure Socket Tunneling Protocol (SSTP) Changes to authentication protocols MS-CHAP removed Protected EAP (PEAP)-based authentication methods added PEAP-MS-CHAP v2 and PEAP-TLS Changes to access control Network Access Protection (NAP) VPN enforcement method

Protected EAP (PEAP) Problem: EAP authentication exchange is sent as plaintext Occurs before encryption starts Password-based EAP exchanges subject to capture and offline dictionary attacks PEAP is an EAP type that creates a secure TLS channel between the VPN client and the VPN or RADIUS server TLS channel encrypts subsequent VPN client authentication Allows password-based EAP methods One-way certificate authentication VPN client verifies the certificate of the VPN or RADIUS server Buy a third-party certificate

PEAP-MS-CHAP v2 MS-CHAP v2 EAP type is used after the PEAP TLS channel is created Two phase authentication process: 1. PEAP authentication creates encrypted TLS channel 2. MS-CHAP v2 authentication exchanges challenges and responses to authenticate VPN client and the VPN or RADIUS server (mutual authentication)

VPN technologies in Windows Server 2008/Windows Vista (cont.) New IPv6 support Built in to remote access client and server services Types of traffic Over the IPv4 Internet IPv4-encapsulated IPv6 traffic over a VPN tunnel Native IPv6 traffic over a VPN tunnel Over the IPv6 Internet IPv4-encapsulated IPv6 traffic over a VPN tunnel Native IPv6 traffic over a VPN tunnel

VPN technologies in Windows Server 2008/Windows Vista (cont.) Changes to cryptographic support L2TP/IPsec Advanced Encryption Standard (AES) with 128 and 256-bit keys. Weaker cryptographic algorithms 40 and 56-bit MPPE for PPTP and DES with MD5 for L2TP/IPsec are disabled by default (registry setting) Additional certificate checking for L2TP/IPsec connections Changes to Connection Manager Multiple-locale support DNS dynamic update

SSTP PPTP and L2TP/IPsec might not work behind Firewall/NAT Proxy server Windows Vista Service Pack 1 and later SSTP uses an HTTPS session with RC4 or AES IPv4 or IPv6 TCP SSTP PPP IPv4 or IPv6 packet Encrypted by SSL session

VPN technologies in Windows Server 2008 R2/Windows 7 VPN Reconnect Provides seamless and consistent VPN connectivity when Internet connectivity is temporarily lost Automatically re-establishes the VPN connection Transparent to the user and application 2 sets of addresses Inside the tunnel addresses Applications bind to and use Tunnel endpoint addresses Can be temporarily lost or can change and not bring down the entire VPN connection

How VPN Reconnect Works Combination of IPsec tunnel mode Internet Key Exchange version 2 (IKEv2) IKEv2 mobility and multihoming extension (MOBIKE) Can recover from Frequent disconnections (lossy WWAN connection) Loss of an interface Change in IPv4 or IPv6 address Switch from IPv4 to IPv6 addresses Switch from Internet to intranet

Setting up VPN Reconnect On the VPN client, select IKEv2 as the type of VPN on the Security tab Select EAP-based authentication or the use of a machine (computer) certificate VPN server requires a certificate with the Server Auth EKU

Questions or comments

Resources Windows Server Networking on TechNet Windows Server Networking on MSDN Windows Networking Writing Team blog Windows Server Documentation Twitter feed

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information