Firewall – VPN Environments
Firewall environments are made up of firewall devices and associated systems and applications designed to work together. For example, one site may use a firewall environment composed of a boundary router, a main firewall, and intrusion detection systems connected to the protected network and the network between the router and main firewall.
The latest trend in firewall offerings is to add cryptographic services for firewall to firewall encryption. The encrypted traffic between these firewalls is referred to as an encrypted tunnel or a virtual private network (VPN).
Simply defined,a VPN is a virtual network built on top of existing physical networks, that can provide a secure communications mechanism for data and control information, the same security, management and performance policies that are usually applied in a private network.
A VPN (virtual private network) can be established over different underlying transport networks: service provider IP(internet protocol) backbones,public Internet, as well as service provider Frame Relay and ATM (asynchronous transfer mode) networks.
Today, more and more VPNs are based on IP networks and VPNs are used most often to protect communications carried over public networks such as the Internet because offer organizations of all sizes the promise of a low-cost and a secure electronic network.
By using virtual private network technology, an organization purchases a single connection to the global Internet, and that connection is used to allow remote users access into otherwise private networks and resources.
VPN technology uses a combination of tunnelling, encryption, authentication, and access control mechanisms and services used to carry traffic over the Internet, a managed IP network or a service provider’s backbone.
Just as there is an endless variety of physical network topologies, there are also many Virtual Private Network architectures possible: site-to-site VPNs, remote access , LAN-to-LAN , trusted VPNs, secure VPNs, L1,L2,L3 VPNs, VPWS , VPLS , IPLS , network-based , customer-provisioned , provider-provisioned , Internet VPNs, intranet VPNs, extranet VPNs, point-to-point VPNs, multipoint-to-multipoint , overlay, peer (-to-peer) , connection-oriented , connectionless VPNs, and clientless VPNs.
And then there are L2TPv3-based VPNs, AToM-based ,L2F VPNs, L2TPv2 VPNs, PPTP VPNs, MPLS Layer 3 VPNs, and SSL VPNs.
So, it is confusing but most VPN topologies however fall into one of the following three categories: Intranet VPNs, Remote Access VPNs, and Extranet VPNs.
Intranet VPNs provide site to site internal connectivity within the company. The collection of all internal company sites, connected in this way, is often referred to as the company’s Intranet. Intranet VPNs provide the same level of connectivity and reliability as a fully private network.
Remote Access VPNs extend the internal network to telecommuters, mobile workers and remote offices.
Almost every company has a select group of suppliers, vendors and other business partners they do business with. Business interactions between these organisations include communication, collaboration and commercial transactions.
An Extranet is a private network connecting the networks of two or more businesses, enabling secure communication, collaboration, and commerce.Different technologies can be used to establish an Extranet, the mostrelevant being a Virtual Private Network, or VPN.
Extranet VPNs extend a company network to include suppliers, business partners or customers.
Intranet VPN connects resources from the same company across that company’s infrastructure.
Intranet VPNs are typically full-time connections, which are created through secure tunnels across an IP network.
To implement a VPN solution we need a Service Provider who either provide the Internet connections to create secure tunnels, or they provide a company with a part of their shared IP network.
7 Responses to “Firewall – VPN Environments”
Are virtual private networks (on a public WIFI network) safe?
They are more safe then a normal connection, also depends how the VPN is setup. The traffic route should be these :
Client —-Internet —–vpn server —-proxy server — internet
I can’t see my home network workgroup while connected to work virtual private network. How can I see my local network ?
In general a corporate VPN lock down your local network so that traffic from your home LAN cannot pass to the corporate network, for protection.
Maybe your work virtual private network overlaps your home network.
For example, your virtual private network connection assigns you the IP address 192.168.0.15 with subnet mask 255.255.255.0 and your home LAN IP is 192.168.0.120 with subnet mask 255.255.255.0.
The virtual private network client software assumes anything you want to reach at 192.168.0.x is in your work network, so you can’t reach anything locally.
Can two virtual private network instances be installed on one computer ?
2 user accounts with different VPN configuration profile for each.
interesting post
a very good article about Firewall – VPN Environments