- CCNA Security 210-260 Certification Guide
- Glen D. Singh Michael Vinod Vijay Anandh
- 330字
- 2021-06-25 21:10:25
Remote-access VPN
A Remote-access VPN is also called a VPDN, or virtual private dial-up network.
Similar to the site-to-site access evolution from WAN technologies, remote access has evolved from dial-up technology. The differentiating factors between these two types of VPN are:
- Remote-access VPN clients initiate the VPN on-demand
- The remote-access client requires the Cisco VPN client software to connect
- Remote-access uses a server client mechanism where the server authenticates first
This can be very flexible when implemented as a software solution on a remote user's PC. The teleworker can benefit from the same confidentiality, integrity, and authentication services of a site-to-site VPN.
It allows inpidual users to establish a secure connection with a remote computer network. They can access only the secured resources or data on that particular network, as if they were directly connected with the network. For example, a company where there are hundreds of sales personnel out in the field trying to access information from their sales servers can use a remote-access VPN:
There are two components in a remote-access VPN:
- Network access server (NAS): Also known as media gateway or remote-access server. NAS is a dedicated server that has multiple applications running in it. Users initially connect to the NAS server in order to get connected to the VPN. NAS also provides its own authentication services.
- VPN client software: This helps users to access their data via VPN. The client software establishes and maintains the connection with the NAS server. The modern operating system comes with a few built-in VPN applications; others must install third-party software specific to their organization's VPN configurations. The NAS, using a third-party Certificate Authority (CA), gets its digital certificate, which it will use to prove its identity to the client. Once successfully authenticated, the client software creates a tunnel connection to the NAS server, which is indicated by the user's IP address. The client software maintains the security level by using encryption standards, such as Secure Socket Layer (SSL).