Running head: VIRTUAL PRIVATE NETWORK

Virtual Private Network

Chandra Beasley
Keller Graduate School of Management

VIRTUAL PRIVATE NETWORK

2
Introduction

The Internet has undergone significant advancements over the last few decades. The
modern network architecture is immensely progressing that facilitates its overall
performance. Internet has experienced inexpensive technologies making it affordable to
massive tech organization. However, the main paramount boost is experienced in the virtual
private network (VPN) in the contemporary business environment. The term virtual
essentially describes something that is temporary simulated. Because of this, exclusive
communication between two or more networking devices is accomplished via a public
network (Lewis, 2004).
A VPN is described as a network that utilizes public network passage but retains the
defense and invulnerability of private networks. This type of network is shared where
confidential data is separated from other data traffic. It facilitates access of data to the
predetermined recipient. Additionally, this network has also been integrated to illustrate
private networks including, Frame Relay, and multiprotocol label switching. The VPN has
exceptionally enhanced data security over the internet platform (Mason, 2001). It promotes
data transfer across the network through encryption technologies. The private network is a
shortfall of data security that may facilitate intruders to breach straight into the network. The
attacker can access and modify the data. VPN has integrated IPSec that utilizes the encryption
security mechanism to maintain data security. This document will explore, choose, and justify
the identification of a VPN for a midsize network.
Potentially Acceptable VPN solution
Cisco Remote Access VPN Solution facilitates remote access communication features
across the network. It promotes the IT administrators to reduce the vulnerabilities of
abandoning the organizations data behind (Huang & Frahim, 2008). This may happen
notably after a remote user session. Offering reliable connectivity is another vital

VIRTUAL PRIVATE NETWORK

characteristic of Cisco remote access VPN quick fix. It ensures that distant users remain
harmlessly connected when meandering via different networks. It may happen within the
office department or during standby. Additionally, this solution dynamically chooses the best
significant network access point, and retains its tunnelling protocol to the best useful method.
Because of this, it will enhance users precise connectivity and application arrays.
Presenting endless mobility is another imperative feature of Cisco VPN solution. A
secure solution meets the mobility functionality of the user requirement. It generates a
massive array of supported network endpoints and guarantees that the VPN connection is
continuous (Huang & Frahim, 2008). Moreover, this enhances productivity, facilitating
association, and improving workers satisfaction.
Cisco is the main vendor responsible for providing VPN service solution. The precise
quick fix is generated by the Cisco ASA 5500 Series that offers security mechanism over the
network (Cisco, 2015). It enables the IT administrators to have a distinct point of control to
allow granular access according to the authorized users..
VPN Solution Overview
Technical Functionalities of Cisco Remote Access VPN solution
Promote web-based access network applications not running on desktop software. In
this network type, each particular host possess VPN client application. Similarly, if a host
attempts to convey any kind of data traffic, the VPN encapsulates the data traffic. It also
enciphers the data traffic before transmitting it over the internet platform to the VPN gateway.
Nevertheless, the VPN gateway manages the data traffic similar way as it would have dealt
with from a site-to-site VPN.
Enhancing intrusion free VPN access is another essential technical purpose. It
safeguards against any malicious viruses, worms, and hacker over the network platform. This
is accomplished by incorporating network, and maximum security in the Secure Sockets

VIRTUAL PRIVATE NETWORK

Layer of the VPN platform. It utilizes advanced encryption algorithm and enciphers keys.
The encryption algorithm that it relies on includes, data encryption algorithm. This is a
symmetric key cryptosystem that depends on shared key to execute encryption, and
decryption processes (Yuan & Strayer, 2001).Continuous use of data encryption algorithm
eradicates the need of extra security resources.
Supporting numerous VPN from a one platform is another substantial technical
function. This remote access VPN possesses both internet protocol security (IPSec) and SSL
communication. It promotes improved security aspects, including exceptional encryption
algorithm, and extra exhaustive authentication. It consists of two fundamental encryption
mechanisms that entail tunnel and transport. The primary role of tunnel encryption
mechanism is to encode the header and the payload of the packets. Most importantly, it
conveys the data packets across the network while only encoding the payload. This happens
since only remote access VPN systems that are in conformance with IPSec can benefit from
this protocol (Yuan & Strayer, 2001). Likewise, the overall networking devices need to utilize
a common key for data encryption. The VPN security mechanism enhanced by IPSec can
encipher data between differing devices, including router to router. It can also encode data
between firewall to router, pc to router, pc to server, etc.
Facilitating site to site VPN communication to achieve unified management is another
remarkable technical purpose. The Cisco remote access links the overall network to each
other to form a massive network. A crucial example is that it can join a section office network
to an organization headquarters network. This generates considerable cost benefit through the
quality of services offered, including handling congestion and packet adjoining (Lewis,
2004).
Customer Requirements of Cisco Remote Access VPN solution

VIRTUAL PRIVATE NETWORK

Data privacy is a vital prerequisite of the remote access VPN quick fix. A major
security challenge is safeguarding data from sniffers across the network (Lewis, 2004). This
mechanism is designed to safeguard the details of the message from interference by
unauthorized sources. It meets data privacy using techniques of encoding and encapsulation.
Data integrity is another essential customer specification that is met by the remote
access solution. Information and data receivers have no authority over the passage the data
has been observed while it travelled across the internet. This demonstrates that there is always
a probability that the data is altered in some way. Because of this, Cisco remote access VPN
guarantees data integrity via integrating the hashing mechanism. It consistently exploits the
hashes to promote data integrity across the network. It relies on the hash function that maps
bitstrings of random precise length into sample strings of definite size. It is demonstrated
with the function h that maintains essential features to bolster data integrity across the
remote network (Mason, 2001). Its major features constitute data compression and
computation flexibility.
Data authentication is another relevant customer requirement that is satisfied by Cisco
remote access solution. Authentication guarantees that the message originates from an
authentic source, and is transmitted to a legitimate destination. Remote access VPN utilizes
strong password method, real digital certificates, and efficient biometrics. These security
mechanisms determine that theres authenticity of parties identity involved at the destination
end (Mason, 2001).
Network Design of Cisco Remote Access VPN solution
This VPN solution has become exceedingly common service among Cisco routers,
and its firewalls. The popular firewall devices that are utilized to promote security in the
remote access VPN are the ASA firewalls (Mason, 2001). Additionally, the ease of adopting
remote access to our contemporary organization network, and its technical resources has

VIRTUAL PRIVATE NETWORK

justified its usefulness. In many situations it has proven irreversible demonstrating its
ultimate significance in enhancing security at the private network.
Diagram 1.0 illustrate organization network providing VPN access to remote users

The illustration above indicates that internal host has VPN client software. If the host
attempts to transmit any data traffic, the VPN client application encodes the data. It then
encrypts the data traffic before transferring it over the internet to the VPN gateway.
Furthermore, there are various VPN security mechanism that have been adopted the above
illustration of the organizations network. The company utilizes the AAA servers security
feature that is necessary at the remote access VPN. It is an authorized group authentication
recommendation that is in accordance to the credible user credential (Mason, 2001).
Steps
1) The group authorizations is keyed in once and saved in the VPN connection access.
Nevertheless, the users authorizations are not saved, and are demanded every time a
secure connection is generated. This is demonstrated by the following Cisco interface
at the time of remote access VPN configuration.
2) Cisco IPSec VPN is recommended to during configuration of the VPN client.

VIRTUAL PRIVATE NETWORK

Logical requirements to configure VPN client to achieve secure remote access

Routers AAA model needs to be activated to facilitate data authenticity. This initial
commonly refers to Authentication, Authorization, and Accounting. The mechanism is
required to facilitate more secure passage in a remote-access VPN setting. It generates a way
of for determining user who are already accessing the router, and have connection to the
servers. Besides, it also establishes the degree of access that has been allowed to particular
user. It also analyses the users activity to generate accounting data. This is accomplished
through activating the AAA new-model solution service, and x-auth for user
authorization. It is achieved by using the command prompt R2 (config) #aaa authentication
login vpn_xauth_ml_1 local (Yuan & Strayer, 2001).
Configuring user accounts is the next logical requirement to configure the VPN client.
The user credentials needs to be issued to our remote users. Whenever the users attempt to
establish a connection to the companys VPN, they will be demanded to enter their
credentials. A decisive command line example is R2 (config) #username administrator secret
$ Cisco$ firewall (Yuan & Strayer, 2001).
Establishing internet security association and key management protocol policy is the
next underlying step. It can be achieved by this command line illustration R2 (config)# crypto
isakmp policy 1. It ensures there is key management protocol policy in the organizations
network. The DNS server also needs to be configured and other additional parameters, such
as client configuration group. This configuration is activated by using the client-VPN
group command. It needs to be configured with a pre-association key of firewall.cx.
Besides, users validating to this particular client group will keep their domain name system
set up to exactly 10.0.0.10 (Yuan & Strayer, 2001). An utmost number of five valid users
are permitted to link concurrently to this client group. It is set up in the router by using R2

VIRTUAL PRIVATE NETWORK

(config-isakmp-group) # max-users 5.The users will have authorized ingress to the resources
controlled by access-list 120. Ultimately, the users accrediting to this client group will
generate their IP addresses from VPN-Pool. This issue a length of IP addresses from
192.18.0.20 to 192.168.0.25. It is accomplished via this R2 (config) # ip local pool VPNpool 109.168.0.20 to 192. 168. 0. 25
In conclusion, the remote access virtual private network is a materializing technology
that has originated from a long way over the decades. It has developed from vulnerable public
landline networks to a contemporary business aid that integrates internet as its main portal.
The technology of VPN is gradually developing, and is becoming inclusive in massive
business enterprises. Thanks to this, there is better quality of services. Staff member can
adequately work from their residence, and electronic businesses are broadening because of
secure remote access. Companies are widening their geographic connectivity since remote
access VPN link employees to the principal resources. Productivity of the staff members has
significantly improved by eradicating time exhausting commutes. It has enhanced internet
security on private network via additional security feature, such as data encryption,
encapsulation, firewalls etc.

VIRTUAL PRIVATE NETWORK

References
Huang, Q., & Frahim, J. (2008). SSL Remote Access VPNs (1st ed.). New York: Cisco
Press.
Lewis, M. (2004). Troubleshooting Virtual Private Networks (VPN) (2nd ed.). New York:
Cisco Press.
Mason, A. (2001). Cisco Secure Virtual Private Networks (1st ed.). London: Pearson
Education.
Cisco, C. (2015). SSL VPN Solution - Cisco. Retrieved from
http://www.cisco.com/c/en/us/solutions/enterprise-networks/ssl-vpnsolution/index.html
Yuan, R., & Strayer, W. (2001). Virtual Private Networks: Technologies and Solutions
(1st ed.). London: Addison-Wesley Professional.

VIRTUAL PRIVATE NETWORK

10