Upload
sahufan-kariapper
View
26
Download
0
Tags:
Embed Size (px)
DESCRIPTION
This project report is the second from the project and focuses on IP VPN security ... architecture is in line with the official IETF architecture proposal
Citation preview
5/22/2018 About the project work
1/102
Department of Computing, Communications Technology and Mathematics
Final Year Project ReportSubmitted in partial fulfilment of the requirements ofthe degree of Bachelor of Science with Honours of
the London Metropolitan University
VIRTUAL PRIVATE NETWORKING
IMPLEMENTATION
FOR
SUN INFOSYS LTD.
By
Rashid Khan
May 2005
ID: 03020935
Supervisor: Professor Algirdas Pakstas
Author: Rashid Khan 1
5/22/2018 About the project work
2/102
ABSTRACT
This project will provide an introduction, research, theory, analysis, solutions & real
time implementation and study of Virtual Private Networking for Sun Infosys Ltd. It
also will provide a structure of content of this document. It will consist of various
concepts, theories and main terminology to understand and implement a Virtual
Private Network.
Chapter 1 (Introduction)will explain the introduction of the project proposal and
project implementation and a presentation in front of students and teachers after the
submission of this documentation. The presentation will clarify; demonstrate the
understanding of this project the actual implementation of this project by myself, and
to see through to implementation of this project.
Chapter 2 (Project Proposal) this is the project proposal report completed in the
previous module and detailed in theory how best to implement this project.
In this Chapter 3 (Literature Search) I will also be using the relevant literature
research, to justify some of the aims and objectives.
Chapter 4 (Project Plan)Here I discuss the project plan which is to examine how
and what I would like to implement.
Chapter 5 (Investigation and Result) This section describes the details of the
experiments or investigations carried out.
Chapter 6 (A critical appraisal of the work done)This section examines the project
in its entirety with a critique of what is achieved, discussion of problems encountered,
examination of the validity of the method chosen to solve the problem, etc.
Author: Rashid Khan 2
5/22/2018 About the project work
3/102
Chapter 7 (Conclusion)This chapter states the purpose of the work and involves a
concise summary of the project.
Chapter 8 (Suggestions for further work)Here I discussed how I could have
improved things.
Chapter 9contains the References.
Chapter 10contains the Appendix.
Author: Rashid Khan 3
5/22/2018 About the project work
4/102
CONTENTS
Chapter 1 - INTRODUCTION.6
1.1 What the Project is about...6
1.2 Organisational Structure............7
Chapter 2 - THE PROJECT PROPOSAL..9
2.1 Background Information on the company10
2.2 The UNIX based solution.12
2.3 The Windows Based solution...13
Chapter 3 - THE LITERATURE SEARCH..15
3.1 What is VPN? .16
3.2 What Makes a VPN?..17
3.3 Types of VPN..18
3.4 Remote-Access VPN...18
3.5 Site-to-Site VPN..20
3.6 Extranet VPN...22
3.7 VPN Security...23
3.8 Firewalls..24
3.9 Encryption...25
3.10 IPSec.26
3.11 AAA Servers.28
3.12 VPN Technologies29
3.13 VPN Concentrator29
3.14 VPN-Optimized Router30
3.15 Cisco Secure PIX Firewall30
3.16 Tunnelling.30
3.17 Carrier protocol.31
3.18 Encapsulating protocol..31
3.19 Passenger protocol.31
3.20 Tunneling: Site-to-Site..32
3.21 Tunnelling: Remote-Access..32
3.22 L2F (Layer 2 Forwarding) ....32
3.23 PPTP (Point-to-Point Tunneling Protocol) ...33
3.24 L2TP (Layer 2 Tunneling Protocol) .33
3.25 MPLS.34
Author: Rashid Khan 4
5/22/2018 About the project work
5/102
Chapter 4 - PROJECT PLAN....38
4.1 Step1.38
4.1 Step2.39
4.1 Step3.39
Chapter 5 - INVESTIGATION AND RESULT...41
5.1 VPN using hardware based tools and technologies.42
5.2 VPN using software based tools and technologies..42
5.3 Protocol Selection....42
5.4 Performance needs..43
5.5 IP Address Planning....43
5.6 ISP Evaluation.44
5.7 Installing & configuring ISA Server 2000..44
Chapter 6 - CRITICAL APPRAISAL OF THE WORK DONE45
Chapter 7 - CONCLUSION...46
Chapter 8 - SUGGESTIONS FOR FURTHER WORK..49
REFERENCES....51
APPENDICES..55
APPENDIX A Implementation Installing Windows Server 2003..56
APPENDIX B Implementation Installing ISA Server 2000...63
APPENDIX C Implementation Installing ISA Server Service Pack 1...74
APPENDIX D Implementation Installing Hotfix isahf255.exe..77
APPENDIX E Implementation Installing Feature Pack 1...80
APPENDIX F Implementation Configuring the ISA Server 2000/VPN Server.82
APPENDIX G Implementation Connecting to the VPN...100
Author: Rashid Khan 5
5/22/2018 About the project work
6/102
ACKNOWLEDGEMENTS
I would like to thank the following people, without their help the completion of this
project was not possible.
Special thanks to Peter Chalk, for all this help, guidance and encouragement.
Mr. Sri Adam for letting me implement this project in his organization.
All my friends and family, for their help, support and suggestions.
All the final year BSc. Computer Networking students for their feedback aboutthis report.
Any one who helped me whether knowingly or unknowingly, willingly orunwillingly, directly or indirectly.
Author: Rashid Khan 6
5/22/2018 About the project work
7/102
Virtual Private Networking Introduction
Chapter 1 - Introduction
1.1What the Project is about
This project is about the Virtual Private Network technology and its implementation
in a real work environment. This is the final year project implementation by me, I am
a final year undergraduate student in BSc Hons. Computer Networking. The chosen
topic for this project is Virtual Private Network implementation for Sun InfoSys Ltd.
http://www.suninfosys.co.uk/
Sun InfoSys Ltd. has a business of CCTV systems. Sun InfoSys Ltd. is established by
I.T and Security experts to provide total security solutions to retail business market.
They provide security systems by integrating Information Technology with their
digital and analogue CCTV systems. Sun InfoSys is the supplier and installer of
various hardware (i.e. Computers, Printers, Point of Sale systems, Digital Internet
enabled CCTV systems and software and hardware (All types of software needed by
EPOS, CCTV, Client business) for retail business in the UK.
The company's aim is to add value in all areas of its involvement with customers
whether simply offering technical support, single hardware components or efficient
security monitoring systems in the form of digital CCTV systems. They also provide
24 hours digital CCTV remote monitoring facility.
Author: Rashid Khan 7
http://www.suninfosys.co.uk/http://www.suninfosys.co.uk/5/22/2018 About the project work
8/102
Virtual Private Networking Introduction
1.2 ORGANIZATIONAL STRUCTURE
Name of Organisation:Sun InfoSys Ltd.
Address:No 8, Exmouth Rd. London, e17 7qq.
Telephone & Fax numbers:Tel: 0870 609 2363
Name of Managing Director:Mr. Sri Adam
Managing Director
SalesAccounts
Warehouse
Technical Support
Customer Services
The motivation behind this project for me is not only to enhance my knowledge of a
complex but very rewarding and currently hot technology of Virtual Private
Networking for an existing company called Sun InfoSys Ltd., but to actually
implement this project in that company. This can bear fruit for me in the form of
possible future job prospect in this company. I had to be able to liaise with the staff
and establish a nice rapport with them.
Furthermore In this project, I will also be developing an online website covering this
report that will be available with this documentation and will publish the web address
within the conclusion of this report.
Previously I actually have worked for several years as a Network Engineer in Pakistan
for several companies and have actually designed, deployed, managed and trouble-
shooted complex networks.
Author: Rashid Khan 8
5/22/2018 About the project work
9/102
Virtual Private Networking Introduction
I have also worked as a web developer and developed several websites for clients in
Pakistan. Clearly I have great interest in the field of Networking and this is the sole
reason for me taking up this degree to further my knowledge and career within this
field.
Author: Rashid Khan 9
5/22/2018 About the project work
10/102
Virtual Private Networking Project Proposal
Chapter 2 - The Project Proposal
2.1 Background Information on the company:
Sun Infosys Ltd. http://www.suninfosys.co.uk/ has a business of not only computer
hardware but software and CCTV systems as well. Because of the varied systems
there was a need for convergence and also availability so that the resources can be
tapped and checked from virtually everywhere as the sales team and director is mostly
mobile. This need coupled with the popularity of VPN systems gave me a chance to
offer myself for this project and offer a solution to their problems. Sun Infosys Ltd.
gladly accepted my offer.
The aims and objectives of this project is that to make proposals and then implement a
suitable proposal that will allow me to investigate the best method and solution of
implementing a Virtual Private Network for Sun InfoSys Ltd. between its Head
Office, Branch office and to provide connectivity to its Managing Director, Sales
team various Installers and Site Engineers requiring access to various resources.
Sun InfoSys Ltd. is established by I.T and Security experts to provide total solutions
to retail business market. Probably Sun InfoSys Ltd. is the only one which provides
total security systems by integrating with I.T Sun Infosys is the supplier and installer
of various hardware (i.e. Computers, Printers, Point of Sale systems, Digital Internet
enabled CCTV systems and software and hardware (All types of software needed by
EPOS, CCTV, Client business) for retail business in the UK.
The companys aim is to add value in all areas of its involvement with customers
whether simply offering technical support, single hardware components or efficient
planning of a large systems integration and installation programme.
Author: Rashid Khan 10
http://www.suninfosys.co.uk/http://www.suninfosys.co.uk/5/22/2018 About the project work
11/102
Virtual Private Networking Project Proposal
By making a Virtual Private Network system, I plan to cater to the companys current
need of providing connectivity to its essential resources as the Managing Director Mr.
S. Peter Andy is always on the move and needs to connect to the company resources
from various national and international venues such as UK and Taiwan when doing
meetings & presentations with his suppliers in Taiwan. He needs to be able to have up
to the minute data about stocks, current requirements, current problems and sales
figures.
The company has a head office in the following location:
Head Office: No 8, Exmouth Rd. London, e17 7qq.
And also has a branch office in the following location:
Branch Office: No 772-776, Romford Rd., London e12.
The sales team need to commute to various organizations to give presentations and
also to convince potential clients, they frequently require on the move connections to
resources such as sales figures, Sage, presentations, Technical Date and live demos
and IP Based demonstrations if their digital CCTV systems.
The Support team and various installers and engineers require on the move access to
technical resources, software, patches, and contact information from the company &
Sage and when visiting client locations varied anywhere in London currently.
In light of the above data and information give to me, I propose a Virtual Private
Network solution. This solution can be delivered under a UNIX system or on a
Microsoft Windows based system.
Author: Rashid Khan 11
5/22/2018 About the project work
12/102
Virtual Private Networking Project Proposal
2.2 The UNIX based solution entitles the following to be done:Installation and configuration of a LINUX box (server). Installation of LINUX
FreeS/WAN. LINUX FreeS/WAN is an implementation of IPSEC & IKE for Linux.
The abbreviation IPSEC stands for Internet Protocol SECurity. It uses strong
cryptography to offer both authentication and encryption services. The reason for
Authentication is that it ensures that packets are from the right sender and have not
been altered in transfer. The purpose of Encryption is that it prevents unauthorisedreading of packet contents. Hence proving even better security.
These services enable to build secure tunnels through untrustworthy and unreliable
networks. Everything that passes through the untrusted network is encrypted by the
IPSEC gateway machine and decrypted by the gateway at the other end. This results
in forming a Virtual Private Network or VPN, a network which is effectively private
even though it includes machines at several different sites connected by the insecure
and public Internet.
The IPSEC protocols were developed by the IETF (Internet Engineering Task Force)
and will be required as part of the next generation IPV or IPVersion 6. They are also
being widely implemented for IP V4. In particular, nearly all vendors of any type of
firewall or security software have IPSEC support either shipping or in development.
There are also several open source IPSEC projects. Several companies are co-
operating in the Secure Wide Area Network (S/WAN) project to ensure that products
will interoperate. There is also a VPN Consortium fostering cooperation among
companies in this area.
The LINUX / FreeS/WAN solution requires basic knowledge of LINUX and a
moderate knowledge of networking protocols.
Author: Rashid Khan 12
5/22/2018 About the project work
13/102
Virtual Private Networking Project Proposal
There are three popular authentication methods that are being supported by LINUX
based FreeS/WAN:
RAW RSA keys - for FreeS/WAN to FreeS/WAN connections only.
A raw RSA key is literally a long string of alphanumeric characters,
which is the encoding of either a public or private key. The public and
private keys go together, so that with the private key the owner can
validate the public key.
X.509 certificates (which are essentially RSA keys in a glorified format)
The X.509 certificates are the same encryption scheme as raw RSA
keys, but use certificates. This allows a trust-inheritance scheme, and
also the certificates themselves contain useful supporting information.
The actual representation of a certificate is a file, and can be encoded
in many different ways (plain-text, binary or combinations of the two)
for example: - PEM, base64, pkcs12, etc.
PSKs (Pre-shared secret keys).
PSKs are not very secure at all. They are simply non-encrypted
passphrases stored in plain-text, eg my_secret_password. They help
get a connection set up if easy authentication is to be used (they are the
easiest of any of these three to set up), but are insecure and should not
be used in the long run.
Hardware Requirements for LINUX FreeS/WAN solution:
The hardware requirements are pretty basic. A 32-bit machine capable of running
Linux, with two NICs (network interface cards; one is connected towards the internet,
the other is connected to the clients).
Author: Rashid Khan 13
5/22/2018 About the project work
14/102
Virtual Private Networking Project Proposal
2.3 The Windows Based solution consists of the following:
Requirements: A Windows based Server operating system ideally Windows Server2003 and Microsoft ISA Server 2000.
Hardware requirements for Windows Server 2003 / ISA Server 2000 solution:
Computer and processor:
PC with a 133-MHz processor required; 550-MHz or faster processor recommended
Memory:
128 MB of RAM required; 256 MB or more recommended; 4 GB maximum
Hard disk:
1.25 to 2 GB of available hard-disk space
Drive:
CD-ROM or DVD-ROM drive
Display:
VGA or hardware that supports console redirection required; Super VGA supporting
800 x 600 or higher-resolution monitor recommended
Author: Rashid Khan 14
5/22/2018 About the project work
15/102
Virtual Private Networking Literature Search
Chapter 3 - Literature Search
Hence I have accumulated key topics for research for Virtual Private Networking:
3.1 What is VPN?
3.2 What Makes a VPN?
3.3 Types of VPN
3.4 Remote-Access VPN
3.5 Site-to-Site VPN
3.6 Extranet VPN
3.7 VPN Security
3.8 Firewalls
3.9 Encryption
3.10 IPSec
3.11 AAA Servers
3.12 VPN Technologies
3.13 VPN Concentrator
3.14 VPN-Optimized Router
3.15 Cisco Secure PIX Firewall
3.16 Tunnelling
3.17 Carrier protocol
3.18 Encapsulating protocol
3.19 Passenger protocol
3.20 Tunneling: Site-to-Site
3.21 Tunnelling: Remote-Access
3.22 L2F (Layer 2 Forwarding)
3.23 PPTP (Point-to-Point Tunneling Protocol)
3.24 L2TP (Layer 2 Tunneling Protocol)
3.25 MPLS
Author: Rashid Khan 15
5/22/2018 About the project work
16/102
Virtual Private Networking Literature Search
3.1 What is VPN?A VPN is a generic term that describes any combination of technologies that
can be used to secure a connection through an otherwise unsecured or
untrusted network.
Cisco Definition:http://www.cisco.com/warp/public/779/largeent/design/vpn.html
[VPN is one of the most used words in networking today and has many
different meanings.
The broadest definition of a VPN is 'any network built upon a public network
and partitioned for use by individual customers'. This results in public frame
relay, X.25, and ATM networks being considered as VPNs. These types of
VPNs are generically referred to a Layer 2 VPNs. The emerging forms of
VPNs are networks constructed across shared IP backbones, referred to as 'IP
VPNs'. ]
Definition by VPN Consortium:http://www.vpnc.org/vpn-technologies.html
[A virtual private network (VPN) is a private data network that makes use of
the public telecommunication infrastructure, maintaining privacy through the
use of a tunneling protocol and security procedures. A virtual private networkcan be contrasted with a system of owned or leased lines that can only be used
by one company. The main purpose of a VPN is to give the company the same
capabilities As private leased lines at much lower cost by using the shared
public Infrastructure. Phone companies have provided private shared resources
for voice messages for over a decade. A virtual private network makes it
possible to have the same protected sharing of public resources for data.
Author: Rashid Khan 16
http://www.cisco.com/warp/public/779/largeent/design/vpn.htmlhttp://www.vpnc.org/vpn-technologies.htmlhttp://www.vpnc.org/vpn-technologies.htmlhttp://www.cisco.com/warp/public/779/largeent/design/vpn.html5/22/2018 About the project work
17/102
Virtual Private Networking Literature Search
Companies today are looking at using a private virtual network for both
extranets and wide-area intranets. ]
My Definition:Basically a VPN is a private network that uses a public network (usually the
Internet) to connect remote sites or users together. Instead of using a
dedicated, real-world connection such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's private network to
the remote site or employee.
3.2 What Makes a VPN?A well-designed VPN can greatly benefit a company. For example, it can:
Extend geographic connectivity
Improve security
Reduce operational costs versus traditional WAN
Reduce transit time and transportation costs for remote users
Improve productivity
Simplify network topology
Provide global networking opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (return on investment) than traditional WAN
A well-designed VPN should have the following features:
It should incorporate:
Security
Reliability
Scalability
Network management Policy management
Author: Rashid Khan 17
5/22/2018 About the project work
18/102
Virtual Private Networking Literature Search
3.3 Types of VPN:1) Remote-Access VPN
2) Site-to-Site VPN
3) Extranet VPNs
3.4 Remote-Access VPNCisco Definition:
http://www.cisco.com/warp/public/779/largeent/design/remote_vpn.html
[ Remote Access VPNs provide remote access to a corporate Intranet or
extranet over a shared infrastructure with the same policies as a private
network. Access VPNs enable users to access corporate resources whenever,
wherever, and however they require. Access VPNs encompass analog, dial,
ISDN, digital subscriber line (DSL), mobile IP, and cable technologies to
securely connect mobile users, telecommuters, or branch offices. ]
Remote-Access VPN
My Definition:
Remote-access, also called a virtual private dial-up network (VPDN), is a
user-to-LAN connection used by a company that has employees who need to
connect to the private network from various remote locations. Normally, acompany that wishes to set up a large remote-access VPN will outsource to an
enterprise service provider (ESP). The ESP sets up a network access server
(NAS) and provides the remote users with desktop client software for their
computers. The telecommuters can then dial a Low Call or Free number
(0800, 0500 etc) to reach the NAS and use their VPN client software to access
the corporate network.
Author: Rashid Khan 18
http://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.html5/22/2018 About the project work
19/102
Virtual Private Networking Literature Search
Image source:-
Understanding Virtual Private Networking, from ADTRAN
http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/
EU0GPR0PEFB139RF038BE81ID8.pdf
** Source: Above picture is copyrighted & taken from Cisco website:
http://www.cisco.com/warp/public/779/largeent/design/remote_vpn.html
Author: Rashid Khan 19
http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdf5/22/2018 About the project work
20/102
Virtual Private Networking Literature Search
A good example of a company that needs a remote-access VPN would be a
company with a lot of sales people in the field. Remote-access VPNs permit
secure, encrypted connections between a company's private network and
remote users through a third-party service provider.
3.5 Site-to-Site VPNCisco Definition:
http://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.html
[ Site-to-Site VPNs are an alternative WAN infrastructure that used to connect
branch offices, home offices, or business partners' sites to all or portions of a
company's network. VPNs do not inherently change private WAN
requirements, such as support for multiple protocols, high reliability, and
extensive scalability, but instead meet these requirements more cost-
effectively and with greater flexibility. ]
A company can connect multiple fixed sites over a public network such as the
Internet through the use of dedicated equipment and large-scale encryption.
Site-to-site VPNs can be one of two types:
Intranet-based - If a company has one or more remote locations that they wish
to join in a single private network, they can create an intranet VPN to connect
LAN to LAN.
Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and that allows all of the various
companies to work in a shared environment.
Author: Rashid Khan 20
http://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.html5/22/2018 About the project work
21/102
Virtual Private Networking Literature Search
Image source:-
Understanding Virtual Private Networking, from ADTRAN
http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdf
** Source: Above picture is copyrighted & taken from Cisco website:
http://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.html
Author: Rashid Khan 21
http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.htmlhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdf5/22/2018 About the project work
22/102
Virtual Private Networking Literature Search
3.6 Extranet VPNCisco Definition:
http://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.html
[Extranet VPNs link customers, suppliers, partners, or communities of interest
to a corporate Intranet over a shared infrastructure using dedicated
connections. Businesses enjoy the same policies as a private network,
including security, QoS, manageability, and reliability. ]
* See reference section for resource detail.
** Source: Above picture is copyrighted & taken from Cisco website:
http://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.html
Author: Rashid Khan 22
http://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.html5/22/2018 About the project work
23/102
Virtual Private Networking Literature Search
Image Source:
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdf
3.7 VPN Security:A well-designed VPN uses several methods for keeping your connection and
data secure:
1) Firewalls
2) Encryption
3) IPSec
4) AAA Server
Author: Rashid Khan 23
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdfhttp://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdf5/22/2018 About the project work
24/102
Virtual Private Networking Literature Search
3.8 Firewalls:Definition:
Resource: Webopedia
http://www.webopedia.com/TERM/f/firewall.html
[(frwl) (n.) A system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in both hardware and software,
or a combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to the
Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that
do not meet the specified security criteria. ]
There are several types of firewall techniques:
Packet filter: Looks at each packet entering or leaving the network and
accepts or rejects it based on user-defined rules. Packet filtering is fairly
effective and transparent to users, but it is difficult to configure. In addition, it
is susceptible to IP spoofing.
Application gateway:Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very effective, but can impose
performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can
flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses.
In practice, many firewalls use two or more of these techniques in concert.
Author: Rashid Khan 24
http://www.webopedia.com/TERM/f/firewall.htmlhttp://www.webopedia.com/TERM/f/firewall.html5/22/2018 About the project work
25/102
Virtual Private Networking Literature Search
A firewall is considered a first line of defense in protecting private
information. For greater security, data can be encrypted.
3.9 Encryption Definition:Resource: Webopedia
http://www.webopedia.com/TERM/e/encryption.html
[The translation of data into a secret code. Encryption is the most effective
way to achieve data security. To read an encrypted file, you must have access
to a secret key or password that enables you to decrypt it. Unencrypted data is
called plain text; encrypted data is referred to as cipher text. ]
My Definition:
Encryption is the process of taking all the data that one computer is sending to
another and encoding it into a form that only the other computer will be able to
decode. Most computer encryption systems belong in one of two categories:
Symmetric-key encryption
Public-key encryption
In symmetric-key encryption, each computer has a secret key (code) that it
can use to encrypt a packet of information before it is sent over the network to
another computer. One should know that which computers will be talking to
each other so the key can be installed on each computer. Symmetric-key
encryption is essentially the same as a secret code that each of the two
computers must know in order to decode the information. The code provides
the key to decoding the message.
Author: Rashid Khan 25
http://www.webopedia.com/TERM/e/encryption.htmlhttp://www.webopedia.com/TERM/e/encryption.html5/22/2018 About the project work
26/102
Virtual Private Networking Literature Search
This can be further understood by a simple example: you create a coded
message to send to a friend in which each letter is substituted with the letter
that is two down from it in the alphabet. So "A" becomes "C," and "B"
becomes "D". You have already told a trusted friend that the code is "Shift by
2". Your friend gets the message and decodes it. Anyone else who sees the
message will see only nonsense.
Public-key encryptionuses a combination of a private key and a public key.
The private key is known only to our computer, while the public key is given
by our computer to any computer that wants to communicate securely with it.
To decode an encrypted message, a computer must use the public key,
provided by the originating computer, and its own private key. A very popular
public-key encryption utility is called Pretty Good Privacy (PGP), which
allows encrypting almost anything.
3.10 IPSec Definition:Resource: Webopedia
http://www.webopedia.com/TERM/I/IPsec.html
[ Short for IP Security, a set of protocols developed by the IETF to support
secure exchange of packets at the IP layer. IPSec has been deployed widely to
implement Virtual Private Networks (VPNs). ]
My Definition:
Internet Protocol Security Protocol (IPSec) provides enhanced security
features such as better encryption algorithms and more comprehensive
authentication.
Author: Rashid Khan 26
http://www.webopedia.com/TERM/I/IPsec.htmlhttp://www.webopedia.com/TERM/I/IPsec.html5/22/2018 About the project work
27/102
Virtual Private Networking Literature Search
Image Source:
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdf
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the
header and the payload of each packet while transport only encrypts the
payload. Only systems that are IPSec compliant can take advantage of this
protocol. Also, all devices must use a common key and the firewalls of each
network must have very similar security policies set up. IPSec can encrypt
data between various devices, such as:
Router to router
Firewall to router
PC to router
PC to server
Author: Rashid Khan 27
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdfhttp://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdf5/22/2018 About the project work
28/102
Virtual Private Networking Literature Search
3.11 AAA Servers Definition:Resource: Webopediahttp://www.webopedia.com/TERM/A/AAA.html
[Short for authentication, authorization and accounting, a system in IP-based
networking to control what computer resources users have access to and to
keep track of the activity of users over a network. ]
My Definition:
AAA (authentication, authorization and accounting) servers are used for more
secure access in a remote-access VPN environment. When a request to
establish a session comes in from a dial-up client, the request is proxied to the
AAA server. AAA then checks the following:
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking client use for
security auditing, billing or reporting purposes.
Author: Rashid Khan 28
http://www.webopedia.com/TERM/A/AAA.htmlhttp://www.webopedia.com/TERM/A/AAA.html5/22/2018 About the project work
29/102
Virtual Private Networking Literature Search
3.12 VPN TechnologiesDepending on the type of VPN (remote-access or site-to-site), certaincomponents will need to be put in place to build the VPN. These might
include:
Desktop software client for each remote user
Dedicated hardware such as a VPN concentrator or secure PIX firewall
Dedicated VPN server for dial-up services
NAS (network access server) used by service provider for remote-user
VPN access
VPN network and policy-management center
Because there is no widely accepted standard for implementing a VPN, many
companies have developed turn-key solutions on their own.
I will discuss some of the solutions offered by Cisco, one of the most prevalent
networking technology companies:-
3.13 VPN ConcentratorIncorporating the most advanced encryption and authentication techniques
available, Cisco VPN concentrators are built specifically for creating a remote-
access VPN. They provide high availability, high performance and scalability
and include components, called scalable encryption processing (SEP)
modules, which enable users to easily increase capacity and throughput. The
concentrators are offered in models suitable for everything from small
businesses with up to 100 remote-access users to large organizations with up
to 10,000 simultaneous remote users.
Author: Rashid Khan 29
5/22/2018 About the project work
30/102
Virtual Private Networking Literature Search
3.14 VPN-Optimized RouterCisco's VPN-optimized routers provide scalability, routing, security and QoS(quality of service). Based on the Cisco IOS (Internet Operating System)
software, there is a router suitable for every situation, from small-office/home-
office (SOHO) access through central-site VPN aggregation, to large-scale
enterprise needs.
3.15 Cisco Secure PIX FirewallCisco PIX Firewall is a really technology, the PIX (private Internet exchange)firewall combines dynamic network address translation, proxy server, packet
filtration, firewall and VPN capabilities in a single piece of hardware.
Instead of using Cisco IOS, this device has a highly streamlined OS that trades
the ability to handle a variety of protocols for extreme robustness and
performance by focusing on IP.
3.16 Tunnelling Definition:Resource: Webopedia
http://www.webopedia.com/TERM/t/tunneling.html
[(tun&l-ing) (n.) A technology that enables one network to send its data via
another network's connections. Tunneling works by encapsulating a network
protocol within packets carried by the second network. For example,
Microsoft's PPTP technology enables organizations to use the Internet to
transmit data across a VPN. It does this by embedding its own network
protocol within the TCP/IP packets carried by the Internet. ]
Author: Rashid Khan 30
http://www.webopedia.com/TERM/t/tunneling.htmlhttp://www.webopedia.com/TERM/t/tunneling.html5/22/2018 About the project work
31/102
Virtual Private Networking Literature Search
My Definition:
Most VPNs rely on tunneling to create a private network that reaches across
the Internet. Essentially, tunneling is the process of placing an entire packet
within another packet and sending it over a network. The protocol of the outer
packet is understood by the network and both points, called tunnel interfaces,
where the packet enters and exits the network.
To explain and simplify the process of Tunneling I will give an example: Its
like having a Mobile phone delivered by Royal Mail. The Mobile Phone
Company packs the Mobile Phone (passenger protocol) into a box
(encapsulating protocol) which is then put on a Royal Mail delivery truck
(carrier protocol) at the Mobile Phone Companys warehouse (entry tunnel
interface). The truck (carrier protocol) travels over the Motorways (Internet) to
customers home (exit tunnel interface) and delivers the Mobile Phone. The
customer opens the box (encapsulating protocol) and removes the Mobile
Phone (passenger protocol). Thats called Tunneling. Simple!
Tunneling requires three different protocols:
3.17 Carrier protocol - The protocol used by the network that theinformation is traveling over
3.18 Encapsulating protocol - The protocol (GRE, IPSec, L2F,PPTP, L2TP) that is wrapped around the original data
3.19 Passenger protocol - The original data (IPX, NetBeui, IP)being carried
Tunnelinghas several nice uses for VPNs. For example, a packet that uses a
protocol not supported on the Internet (such as NetBeui) can be placed inside
an IP packet and sent safely over the Internet. Or a packet that uses a private
(non-routable) IP address can be put inside a packet that uses a globally unique
IP address to extend a private network over the Internet.
Author: Rashid Khan 31
5/22/2018 About the project work
32/102
Virtual Private Networking Literature Search
3.20 Tunnelling: Site-to-SiteIn a site-to-site VPN, GRE (generic routing encapsulation) is normally the
encapsulating protocol that provides the framework for how to package the
passenger protocol for transport over the carrier protocol, which is typically
IP-based. This includes information on what type of packet is being
encapsulated and information about the connection between the client and
server. Instead of GRE, IPSec in tunnel mode is sometimes used as the
encapsulating protocol. IPSec works well on both remote-access and site-to-
site VPNs. IPSec must be supported at both tunnel interfaces to use.
3.21 Tunnelling: Remote-AccessIn a remote-access VPN, tunneling normally takes place using PPP. Part of the
TCP/IP stack, PPP is the carrier for other IP protocols when communicating
over the network between the host computer and a remote system. Remote-
access VPN tunneling relies on PPP.
Each of the protocols listed below were built using the basic structure of
PPP and are used by remote-access VPNs.
3.22 L2F (Layer 2 Forwarding)
Definition:
Resource: Webopedia
http://www.webopedia.com/TERM/L/Layer_Two_Forwarding.html
[Often abbreviated as L2F, a tunneling protocol developed by Cisco Systems.
L2F is similar to the PPTP protocol developed by Microsoft, enabling
organizations to set up virtual private networks (VPNs) that use the Internet
backbone to move packets. ] Developed by Cisco, L2F will use any
authentication scheme supported by PPP.
Author: Rashid Khan 32
http://www.webopedia.com/TERM/L/Layer_Two_Forwarding.htmlhttp://www.webopedia.com/TERM/L/Layer_Two_Forwarding.html5/22/2018 About the project work
33/102
Virtual Private Networking Literature Search
3.23 PPTP (Point-to-Point Tunnelling Protocol)
Definition:
Resource: Webopedia
http://www.webopedia.com/TERM/P/PPTP.html
[Short for Point-to-Point Tunneling Protocol, a new technology for creating
Virtual Private Networks (VPNs) , developed jointly by Microsoft
Corporation, U.S. Robotics, and several remote access vendor companies,
known collectively as the PPTP Forum. A VPN is a private network of
computers that uses the public Internet to connect some nodes. Because the
Internet is essentially an open network, the Point-to-Point Tunneling Protocol
(PPTP) is used to ensure that messages transmitted from one VPN node to
another are secure. With PPTP, users can dial in to their corporate network via
the Internet. ]
PPTP was created by the PPTP Forum, a consortium which includes US
Robotics, Microsoft, 3COM, Ascend and ECI Telematics. PPTP supports 40-
bit and 128-bit encryption and will use any authentication scheme supported
by PPP.
3.24 L2TP (Layer 2 Tunneling Protocol)
Definition:Resource: Webopedia
http://www.webopedia.com/TERM/L/L2TP.html
[ Short for Layer Two (2) Tunneling Protocol, an extension to the PPP
protocol that enables ISPs to operate Virtual Private Networks (VPNs).
Author: Rashid Khan 33
http://www.webopedia.com/TERM/P/PPTP.htmlhttp://www.webopedia.com/TERM/L/L2TP.htmlhttp://www.webopedia.com/TERM/L/L2TP.htmlhttp://www.webopedia.com/TERM/P/PPTP.html5/22/2018 About the project work
34/102
Virtual Private Networking Literature Search
L2TP merges the best features of two other tunneling protocols: PPTP from
Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the
ISP's routers support the protocol. ]
L2TP is the product of a partnership between the members of the PPTP
Forum, Cisco and the IETF (Internet Engineering Task Force). Combining
features of both PPTP and L2F, L2TP also fully supports IPSec.
L2TP can be used as a tunneling protocol for site-to-site VPNs as well as
remote-access VPNs. In fact, L2TP can create a tunnel between:
Client and router
NAS and router
Router and router
3.25 MPLS:
** Note: MPLS Information & Description Is Taken From The Article
Resource:
The MPLS FAQ - MPLS-RC - The MPLS Resource Center
http://www.mplsrc.com/mplsfaq.shtml
Copyright 2000-2004, MPLSRC.COM
**
MPLS History
a. What is MPLS?
MPLS stands for "Multiprotocol Label Switching". In an MPLS network,
incoming packets are assigned a "label" by a "label edge router (LER)".
Packets are forwarded along a "label switch path (LSP)" where each "label
switch router (LSR)" makes forwarding decisions based solely on the contents
of the label. At each hop, the LSR strips off the existing label and applies a
new label which tells the next hop how to forward the packet.
Author: Rashid Khan 34
http://www.mplsrc.com/mplsfaq.shtmlhttp://www.mplsrc.com/mplsfaq.shtml5/22/2018 About the project work
35/102
Virtual Private Networking Literature Search
Label Switch Paths (LSPs) are established by network operators for a variety
of purposes, such as to guarantee a certain level of performance, to routearound network congestion, or to create IP tunnels for network-based virtual
private networks. In many ways, LSPs are no different than circuit-switched
paths in ATM or Frame Relay networks, except that they are not dependent on
a particular Layer 2 technology.
An LSP can be established that crosses multiple Layer 2 transports such as
ATM, Frame Relay or Ethernet. Thus, one of the true promises of MPLS is
the ability to create end-to-end circuits, with specific performance
characteristics, across any type of transport medium, eliminating the need for
overlay networks or Layer 2 only control mechanisms.
To truly understand ["What is MPLS", RFC 3031 - Multiprotocol Label
Switching Architecture], is required reading.
b. How did MPLS evolve?MPLS evolved from numerous prior technologies including Cisco's "Tag
Switching", IBM's "ARIS", and Toshiba's "Cell-Switched Router". More
information on each of these technologies can be found at
http://www.watersprings.org/links/mlr/. The IETF's MPLS Working Group
was formed in 1997.
c. What problems does MPLS solve?
The initial goal of label based switching was to bring the speed of Layer 2
switching to Layer 3. Label based switching methods allow routers to make
forwarding decisions based on the contents of a simple label, rather than by
performing a complex route lookup based on destination IP address. This
initial justification for technologies such as MPLS is no longer perceived as
the main benefit, since Layer 3 switches (ASIC-based routers) are able to
perform route lookups at sufficient speeds to support most interface types.
Author: Rashid Khan 35
5/22/2018 About the project work
36/102
Virtual Private Networking Literature Search
However, MPLS brings many other benefits to IP-based networks, they
include:
Traffic Engineering - the ability to set the path traffic will take through the
network, and the ability to set performance characteristics for a class of traffic
VPNs - using MPLS, service providers can create IP tunnels throughout
their network, without the need for encryption or end-user applications
Layer 2 Transport - New standards being defined by the IETF's PWE3 and
PPVPN working groups allow service providers to carry Layer 2 services
including Ethernet, Frame Relay and ATM over an IP/MPLS core
Elimination of Multiple Layers - Typically most carrier networks employ an
overlay model where SONET/SDH is deployed at Layer 1, ATM is used atLayer 2 and IP is used at Layer 3. Using MPLS, carriers can migrate many of
the functions of the SONET/SDH and ATM control plane to Layer 3, thereby
simplifying network management and network complexity. Eventually,
carrier networks may be able to migrate away from SONET/SDH and ATM
all-together, which means elimination of ATM's inherent "cell-tax" in carrying
IP traffic.
d. What is the status of the MPLS standard?
Most MPLS standards are currently in the "Internet Draft" phase, though
several have now moved into the RFC-STD phase. See "MPLS Standards" for
a complete listing of current ID's and RFC's. For more information on the
current status of various Internet Drafts, see the IETF's MPLS Working Group
home page at http://www.ietf.org/html.charters/mpls-charter.html
Author: Rashid Khan 36
5/22/2018 About the project work
37/102
Virtual Private Networking Literature Search
There's no such thing as a single MPLS "standard". One day there will be a
set of RFCs that together will allow you to build an MPLS system. For
example today, a typical IP router spec. sheet will list about 20 RFCs to which
this router will comply. If you go to the IETF web site (http://www.ietf.org),
then click on "I-D Keyword Search", enter "MPLS" as your search term, and
crank up the number of items to be returned, (or visit
http://www.mplsrc.com/standards.shtml) you'll find over 100 drafts currently
stored. These drafts have a lifetime of 6 months. Some of these drafts have
been adopted by the IETF WG for MPLS.
Further reading:
Additional information on MPLS:
For articles, papers, and additional resources, see the MPLS Resource Center
at http://www.mplsrc.com
**
Author: Rashid Khan 37
http://www.mplsrc.com/http://www.mplsrc.com/5/22/2018 About the project work
38/102
Virtual Private Networking Project Plan
Chapter 4 - Project Plan
My project plan consisted of three major steps:
4.1 Step1)My first step would be to collect information and data about the companys
existing hardware and software. To visit and inspect the premises, furthermore I
would need to make an inventory to determine what would be suitable next step for
their organization.
When I visited the premises I did a small survey and noted that they were using ten
computers in a Local Area Network Domain based environment connected together
through a Router. These computers are comprised of Shuttle workstations see
[Shuttle], running Microsoft Windows 2000 Professional operating systems, a Fujitsu
Siemens Server see [Fujitsu] running Microsoft Windows Server 2003 operating
system. The hardware configurations are as following:
Figure1. Shuttle workstation
Shuttle Small form factor CPUs.
AMD Athlon XP processor.
Kingston 512 MB DDR RAM
Seagate 160 GB Hard Disk Drives
NVidia 64 MB Graphics Card
Lite-On CD-Writer
Sony Floppy Drive
1 Gigabit Ethernet Adaptor
Author: Rashid Khan 38
5/22/2018 About the project work
39/102
Virtual Private Networking Project Plan
Logitech Keyboard
Logitech Mouse
The server is a Fujitsu Siemens server and has the following hardware specifications:
Figure2. Fujitsu Siemens Server
Intel Pentium 4 3.0 Ghz processor
Kingston 3 GB DDR RAM
320 GB SATA Hard disk drives
NVidia 128 MB Graphics Card
Lite-On DVD Rewriter
1 Gigabit Ethernet Adaptors (two in quantity)
Sony Floppy Drive
Logitech Keyboard
Logitech Mouse
4.2 Step 2)After taking the inventory the next step would be to prepare Windows
Server 2003 for configuration changes. Following that, the next step was to install
ISA Server 2000 and to configure it for VPN.
These steps in great detail are demonstrated and documented in the Appendices A, B,
C, D, E and F.
4.3 Step3)To educate the staff about connecting to the VPN. Please [see Appendix
G.]
Author: Rashid Khan 39
5/22/2018 About the project work
40/102
Virtual Private Networking Project Plan
RESOURCES AND ASSIGNMENTS START
DATE
FINISH
DATE
Abstract 17/02/2005 22/02/2005
Introduction 24/02/2005 24/02/2005
The project proposal 25/02/2005 03/03/2005
Investigation and result 04/03/2005 28/04/2005
Conclusion & Completion of Final Report 29/04/2005 18/05/2005
Web Site 19/05/2005 20/05/2005
Article 20/05/2005 20/05/2005
Author: Rashid Khan 40
5/22/2018 About the project work
41/102
Virtual Private Networking Investigation and result
Chapter 5 - Investigation and result
When I analyzed the problem I saw two problems instead of one! First being
convergence of various services and platforms and second being remote availability.
However these are two separate problems but they can actually be addressed by just
one solution. Virtual Private Networking!
Virtual Private Networking offers scalability, remote availability and eventually offersconvergence as well. How does VPN offer convergence? You might ask? Well lets
take Sun Infosys Ltds Scenario. They have CCTV systems which are currently
offline systems, PC hardware assembling and sales. By leveraging VPN the offline
CCTV systems can be linked to the internet and intranet eventually and effectively
making the CCTV systems ONLINE system, the PC assembling department has to go
through various procedures such as hardware procurement, supplier chain
management, stock, sales, dispatch, returns, technical support and marketing. All
these aspects can be brought together via a single either online system or networked
system in both cases VPN again is the answer bridging the gap.
In my view the possible methods to achieve the objective would be:
5.1 Virtual Private Networking using hardware based tools and technologies.
5.2 Virtual Private Networking using software based tools and technologies.
5.3 Protocol Selection
5.4 Performance needs
5.5 IP Address Planning
5.6 ISP Evaluation
5.7 Installing and configuring ISA Server 2000 and on Windows Server 2003
for Remote VPN
Author: Rashid Khan 41
5/22/2018 About the project work
42/102
Virtual Private Networking Investigation and result
5.1Hardware Based Solutions:
For hardware based solutions, various tools and devices are available by a number of
vendors; these include Cisco as the foremost mentioned, Sonicwall, Shiva etc. The list
is endless. These are VPN enabled / pass through routers, VPN Concentrators, VPN
Optimized Routers and VPN Firewalls etc.
5.2Software Based Solutions:
For software based solutions there are numerous products in the market each catering
to all the needs of any kind of scenario. The good side about software based solutions
is that they are very much customizable and upgradeable, scaleable. The bad point is
that they are prone to fallouts, attacks, viruses, and performance issues.
Software based solutions are best offered by the software giant Microsoft, Then
Symantec, Check point software, Cisco and many others.
5.3Protocol Selection
When talking about protocol selection for a VPN implementation I have to take into
account Sun InfoSys Ltds existing infrastructure, scale of the company, the costs and
budget.
Keeping in view of the above factors Sun InfoSys is a small to medium sized
organization and in my view the best protocol to go for would be IPSec, with IPSec to
IPSec implementation, given its various qualities which is discussed and researched
further in the proposal.
When talking about software based solutions a point to note is that they are all
platform dependent. Hence they can incur overhead costs and expensive expertise to
pay for installation and or management. I chose ISA Server 2000 for this
implementation. I decided to show the work done and with the help of figures to
better understand each step that I took. The next steps were:
Performance needs of the remote applications IP Address Planning
Author: Rashid Khan 42
5/22/2018 About the project work
43/102
Virtual Private Networking Investigation and result
ISP Evaluation
Installing and configuring ISA Server 2000 and on Windows Server
2003 for Remote VPN
5.4Performance needs:
The applications that are being used in Sun InfoSys Ltd. are SAGE, MSOffice,
Internet Explorer, Microsoft Outlook, Microsoft Remote Desktop, and IP cameras
and DVRs propriety softwares. The most resource hungry applications are SAGE and
the IP Cameras and DVRs remote viewing softwares.
My analysis after actual testing is that these applications are not incredibly resource
hungry yet are not on the basic level as well, in other words they are nor enterprise
class application on the other hand they are not basic or home applications, they are
medium level moderate application which requite a fairly consistent performance if
not super fast performance.
Because of the nature of the Camera and DVR software, they need to have the highest
frames per second and need no frames to be dropped, the reason being if any frame is
dropped and a burglary is occurring in that given time and frame then the evidence
could become lost. Therefore I decided that I should choose a solution that should
provide me consistency and little amount of errors while also delivering adequate
speed levels and performance.
5.5IP Address Planning:
Sun InfoSys Ltd. does not need a huge amount of IP addresses to be purchased from
an ISP because the whole network only need to be available for certain individuals
and they can log on the internet.
Author: Rashid Khan 43
5/22/2018 About the project work
44/102
Virtual Private Networking Investigation and result
In my investigation I found out that they need 5 static IP addresses which should be
purchased by their ISP. One for the remote connection capability, one for backup
purposes, another for network allotment and rest two for future requirements like
windows media server as they are planning to do web casting for some of their
customers.
5.6ISP Evaluation:
Sun InfoSys Ltd. already is on a business plan with an Internet Service Provider called
Eclipse Internet. The service provider is excellent and already providing all the
necessary broadband needs and bandwidth, the requested 5 static IP address were
readily provided by them. I did not find any need to move on to another ISP and this
ISP is excellent.
5.7Installing and configuring ISA Server 2000 and on Windows Server 2003 for
Remote VPN:
I installed and configured (partitioning the hard drive, formatting the hard drive
etc)a Windows Server 2003 for the purpose of VPN. SeeAppendix A.for the
detailed procedures.
After this step I followed the excellent articles and help available in abundance by
Microsoft and on the internet on how to install and configure VPN on Microsoft
Windows Server 2003.
I installed ISA Server 2000 because it was cheap, offered everything that this project
required and fairly easy to deploy. SeeAppendix B, C, D, E and F.
The articles can be found at:
[ http://www.microsoft.com/]
[ http://www.microsoft.com/isaserver/default.mspx]
Author: Rashid Khan 44
http://www.microsoft.com/http://www.microsoft.com/isaserver/default.mspxhttp://www.microsoft.com/isaserver/default.mspxhttp://www.microsoft.com/5/22/2018 About the project work
45/102
Virtual Private Networking Critical Appraisal
Chapter 6 - Critical appraisal of the work done
The work done in this project was analysis of the current situation for Sun InfoSys
Ltd. and coming up with solutions, the solution I followed for implementation was
real time implementation of Virtual Private Networking. I decided to follow the
software based route rather than the hardware based route because of companys
budget and size considerations. I eventually did manage to implement the solution and
generally had a most pleasant time in doing so.
I encountered problems in actually communicating with the company as to make them
aware of the demands of this project. I found it quite a difficult task to communicate
with non technical management for such a technical task. I think I should improve my
project management skills which would have enabled me to communicate effectively
and on their level. Point noted!
Looking back at the work that I carried out, I could have tried to implement this
solution on Unix platform but I still think that the time frame that would have required
to complete would have exceeded the given time frame by the company and hence
would invalidate this research, however the really low cost involved in deploying
Unix based solutions are quite enticing for companies. In the end I am satisfied I
chose the right solution and the company is satisfied as well.
Website: http://www.rashidkhan.co.uk
Author: Rashid Khan 45
http://www.rashidkhan.co.uk/http://www.rashidkhan.co.uk/5/22/2018 About the project work
46/102
Virtual Private Networking - Conclusion
Chapter 7 - Conclusion
I developed a Website for this project and it can be found at:
http://www.rashidkhan.co.uk/
When Microsoft released Windows 2000 in the year 2000 it caused a stir in the
industry by announcing that Windows 2000 would offer Virtual Private Networking.
There were several concerns and complaints in the industry such as that Microsoft's
implementation adds data overhead and slows down transaction processing. And
Will established VPN products from other vendors work with Microsoft's
technology?
"If you're using IP, we don't see the reason to use L2TP," comments Iris Tal [see
CNN], RadGuard's technical support manager. "It only causes overhead for network
traffic because it's 'double-tunneling.' But because of Microsoft's L2TP client
software, I'm sure we'll do the support for it in our product."
Many VPN vendors have opposed Microsoft's VPN implementation, complaining that
it adds data overhead and slows down transaction processing. On the other hand some
companies, such as Check Point Software and Newbridge Networks, acknowledge
that they can't afford to ignore that hundreds of thousands of desktops will probably
end up running Microsoft's new software. This fact by far is most significant and very
crucial and has to be taken into account as most companies have a Microsoft
environment already in place and this is the scenario in Sun InfoSys Ltd as well.
Another point that I noted is that Microsoft has since releasing Windows 2000 have
progressed, updated and made advanced changes on their Windows Server 2003
operating system.
Author: Rashid Khan 46
http://www.rashidkhan.co.uk/http://www.rashidkhan.co.uk/5/22/2018 About the project work
47/102
Virtual Private Networking - Conclusion
I did several meetings With Mr. Andy the managing director, the sales team, support
team, technicians and visited both head office and branch offices. I took inventory of
existing hardware, [see Project Plan] computer systems, budget and the time frame
required. Their budget was simply low and literally spelt out that I must use the
existing systems.
I had proposed two options in my Project Proposal but the UNIX based proposal was
declined due to their low budget and inability to adopt an abrupt system wide change
of operating systems, especially since everything was already functioning and in
place. A key note to be taken into account here is that they already had Windows
Server 2003 as part of their Server. That meant that they did not need to purchase it.
Consequently these facts made the Windows based solution the winning choice.
I found out that installing Microsoft's ISA server 2000 and using it to its full potential
is quite a complicated and difficult task to perform even though it might look simple.
The minute intricacies and planning procedures involve a great deal of time and effort
and if miscalculated or carried out improperly can result in complete failure and
double the time frame required implementing.
The related personnel were briefed and shown how to use the new system to its full
potential. It took a bit of time and effort on my behalf, I gave them instructions on
how to connect to their VPN[see Appendix G]and doing their related tasks of
managing warehouse, despatch, sales and technical support all remotely. It was not an
easy task as this was quite a new and complex task to grasp for them. But it was not
be a major issue and eventually it was overcome by trying and trying again.
This placement has had many positive effects on me. I have learnt a lot, for example
how to communicate, how to analyze problems, analyzing company expectations,
how to come up with various solutions that might be possible and feasible. I found out
that planning things, taking personal notes, being highly observant and determined atall times really does help.
Author: Rashid Khan 47
5/22/2018 About the project work
48/102
Virtual Private Networking - Conclusion
After this work placement I am able to identify with the real life professional work
environment. I am able to organize myself, able to face challenges and complete
personal and professional milestones.
I have come to conclude that this company actually did benefit enormously with a
Virtual Private Network because they have made gains in managing their recourses
which shows in their Sales figures and better customer feedback made possible by
even better and informed technical support because they are in touch all the time. This
project was also successful partly because they already had most of the infrastructure
in place most importantly the Windows Server 2003 operating system software. That
was definitely a deciding factor for the management to take up my Windows based
solution as they did not had to incur extra cost in procuring any other operating
system software or expertise to maintain it.
I am very pleased with the outcome of this project and so is the company. The project
was well managed and finished on time with a small budget. A nice possible outcome
for me could be that they might even offer a permanent position in their company.
Author: Rashid Khan 48
5/22/2018 About the project work
49/102
Virtual Private Networking Suggestions for further work
Chapter 8 - Suggestions for further work
The project can be implemented using the Unix operating system on a much more
cheaper scale and surprisingly more secure manner but the down side is the time
frame required to install, configure and deploy such an option is often too long for
organization.
Another fact is that organizations generally do not have Unix administrators and find
that costly to obtain. If Sun InfoSys Ltd.s company size and operations increases two
folds then I would suggest to implement a Unix solution and hire a Unix
Administrator to maintain the network.
The benefits & advantages of a UNIX based solution are that it is a cheaper option to
procure and implement than the more proprietary Windows based solutions by
Microsoft , it is more effective on a larger scale and offers more stability and security.
The biggest advantage that lies in the UNIX platform is its security since the
Microsoft platform is plagued by security loopholes, viruses, hackings, bugs, patches
etc hence not offering the stability a larger organization would require to keep its
operations up and running all the time.
Another advantage of the UNIX environment is that it does not require expensive new
hardware or updated to run and can run on an old cheaper computer. Its offers more
speed.
UNIX operating system was originally adopted by big financial institutions like banks
etc which required ultimate security and stability as they have huge amounts of money
and consumer confidentiality etc at stake. UNIX was written with these requirements
in mind so it utilizes less memory and hardware, furthermore it is a centralized
operating system with one source being accessed by thousand of users
simultaneously.
Author: Rashid Khan 49
5/22/2018 About the project work
50/102
Virtual Private Networking Suggestions for further work
With all the above in mind my suggestions for further work would be to research a
solution offering Virtual Private Networking under a UNIX platform rather than the
Microsoft Platform. Just like Microsoft, UNIX is an operating system but is more
stable and secure, in order to implement Virtual Private Networking there are
applications that can be installed and configured namely the Apache Tomcat server
which is very similar to the Microsoft Internet Information Server (IIS). The Apache
server can then be configured to offer Virtual Private Networking via third party
software.
One key point to note is to consider the organizations size and its budget to
implement a solution. At the given time this organization had a very low budget but
also a small organization size. In my opinion a UNIX based solution would have not
been feasible because there are underlying factors namely expensive staff to manage
and monitor UNIX. Because UNIX is generally used in big financial organizations
they have a complex structure and quite difficult to manage and require expert UNIX
staff to maintain their facilities. These staff work in high paid postitions and would
not consider working in a smaller organization such as Sun InfoSys Ltd. with lower
wages.
Therefore I would only recommend such a UNIX based solution, when this company
expands and increases in size exponentially. As only then it will have the adequate
resources to justify the expensive labour.
Author: Rashid Khan 50
5/22/2018 About the project work
51/102
Virtual Private Networking - References
Chapter 9 - References
Sun InfoSys Ltd.
http://www.suninfosys.co.uk/
email:- [email protected]
The company has a head office in the following location:
Head Office: No 8, Exmouth Rd. London, e17 7qq.
And also has a branch office in the following location:
Branch Office: No 772-776, Romford Rd., London e12.
Telephone: 0044 0870 609 2363
[Microsoft1]
Deploying Virtual Private Networks with Microsoft Windows Server 2003
by Joseph Davies and Elliot Lewis
Microsoft Press 2004 (496 pages)
ISBN:0735615764
[Microsoft2]
Microsoft Privacy Protected Network Access: Virtual Private Networking and
Intranet SecurityResource:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/re
moteaccess/nwpriv.asp
[CNN]
Windows 2000 VPN technology causes stir
Resource:
http://archives.cnn.com/2000/TECH/computing/01/12/vpn.stir.idg/index.html
[Shuttle]
Shuttle XPC WorkstationsResource: Shuttle
http://eu.shuttle.com/en/desktopdefault.aspx/tabid-72/169_read-2791/
[Fujitsu-Siemens]
Fujitsu-Siemens Server
Recourse: Fujitsu-Siemens
http://www.fujitsu-
siemens.co.uk/sme/promos/intel_servers/primergy_tx200s2.html
Author: Rashid Khan 51
http://www.suninfosys.co.uk/mailto:[email protected]://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/nwpriv.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/nwpriv.asphttp://archives.cnn.com/2000/TECH/computing/01/12/vpn.stir.idg/index.htmlhttp://eu.shuttle.com/en/desktopdefault.aspx/tabid-72/169_read-2791/http://www.fujitsu-siemens.co.uk/sme/promos/intel_servers/primergy_tx200s2.htmlhttp://www.fujitsu-siemens.co.uk/sme/promos/intel_servers/primergy_tx200s2.htmlhttp://www.fujitsu-siemens.co.uk/sme/promos/intel_servers/primergy_tx200s2.htmlhttp://www.fujitsu-siemens.co.uk/sme/promos/intel_servers/primergy_tx200s2.htmlhttp://eu.shuttle.com/en/desktopdefault.aspx/tabid-72/169_read-2791/http://archives.cnn.com/2000/TECH/computing/01/12/vpn.stir.idg/index.htmlhttp://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/nwpriv.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/nwpriv.aspmailto:[email protected]://www.suninfosys.co.uk/5/22/2018 About the project work
52/102
Virtual Private Networking - References
[Cisco1]
Virtual Private Network Design:-
Resource: Ciscohttp://www.cisco.com/warp/public/779/largeent/design/vpn.html
[Cisco2]
Remote Access VPNs:
Resource: Cisco
http://www.cisco.com/warp/public/779/largeent/design/remote_vpn.html
[Cisco3]
Site-to-Site VPNs:-
Resource: Cisco
http://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.html
[Cisco4]
Extranet VPNs:-
Resource: Cisco
http://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.html
[Cisco5]
Resource2: Cisco IPSec White Paper
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdf
[Webopedia1]
Firewalls:-
Resource: Webopedia
http://www.webopedia.com/TERM/f/firewall.html
[Webopedia2]
Encryption:-
Resource: Webopedia
http://www.webopedia.com/TERM/e/encryption.html
[Webopedia3]IPSec:-
Resource1: Webopedia
http://www.webopedia.com/TERM/I/IPsec.html
[Webopedia4]
AAA Servers:-
Resource: Webopedia
http://www.webopedia.com/TERM/A/AAA.html
Author: Rashid Khan 52
http://www.cisco.com/warp/public/779/largeent/design/vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdfhttp://www.webopedia.com/TERM/f/firewall.htmlhttp://www.webopedia.com/TERM/e/encryption.htmlhttp://www.webopedia.com/TERM/I/IPsec.htmlhttp://www.webopedia.com/TERM/A/AAA.htmlhttp://www.webopedia.com/TERM/A/AAA.htmlhttp://www.webopedia.com/TERM/I/IPsec.htmlhttp://www.webopedia.com/TERM/e/encryption.htmlhttp://www.webopedia.com/TERM/f/firewall.htmlhttp://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.pdfhttp://www.cisco.com/warp/public/779/largeent/design/extranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/intranet_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/remote_vpn.htmlhttp://www.cisco.com/warp/public/779/largeent/design/vpn.html5/22/2018 About the project work
53/102
Virtual Private Networking - References
[Webopedia5]
Tunnelling
Resource: Webopediahttp://www.webopedia.com/TERM/t/tunneling.html
[Webopedia6]
L2F (Layer 2 Forwarding)
Resource: Webopedia
http://www.webopedia.com/TERM/L/Layer_Two_Forwarding.html
[Webopedia7]
PPTP (Point-to-Point Tunneling Protocol)
Resource: Webopedia
http://www.webopedia.com/TERM/P/PPTP.html
[Webopedia8]
L2TP (Layer 2 Tunneling Protocol)
Resource: Webopedia
http://www.webopedia.com/TERM/L/L2TP.html
[MPLS1]
Resource: The MPLS FAQ - MPLS-RC - The MPLS Resource Center
Copyright 2000-2004, MPLSRC.COM
http://www.mplsrc.com/mplsfaq.shtml
[MPLS2]
The MPLS Resource Center
Resource:
http://www.mplsrc.com/
[VPNC]
Resource:
Virtual Private Network Consortium
http://www.vpnc.org
[VPN Whitepapers]
Virtual Private Network White papers:-
Resource:
http://www.vpnc.org/white-papers.html
[Adtran]
Understanding Virtual Private Networking, from ADTRAN
Resource:
http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU
0GPR0PEFB139RF038BE81ID8.pdf
Author: Rashid Khan 53
http://www.webopedia.com/TERM/t/tunneling.htmlhttp://www.webopedia.com/TERM/L/Layer_Two_Forwarding.htmlhttp://www.webopedia.com/TERM/P/PPTP.htmlhttp://www.webopedia.com/TERM/L/L2TP.htmlhttp://www.mplsrc.com/mplsfaq.shtmlhttp://www.mplsrc.com/http://www.vpnc.org/http://www.vpnc.org/white-papers.htmlhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdfhttp://www.vpnc.org/white-papers.htmlhttp://www.vpnc.org/http://www.mplsrc.com/http://www.mplsrc.com/mplsfaq.shtmlhttp://www.webopedia.com/TERM/L/L2TP.htmlhttp://www.webopedia.com/TERM/P/PPTP.htmlhttp://www.webopedia.com/TERM/L/Layer_Two_Forwarding.htmlhttp://www.webopedia.com/TERM/t/tunneling.html5/22/2018 About the project work
54/102
Virtual Private Networking - References
[FreeS/WAN]
http://www.freeswan.org/
[Linux]
Resourse:
http://www.samag.com/documents/s=4072/sam0203c/sam0203c.htm
Author: Rashid Khan 54
http://www.freeswan.org/http://www.samag.com/documents/s=4072/sam0203c/sam0203c.htmhttp://www.samag.com/documents/s=4072/sam0203c/sam0203c.htmhttp://www.freeswan.org/5/22/2018 About the project work
55/102
APPENDICES
APPENDIX A
APPENDIX B
APPENDIX C
APPENDIX D
APPENDIX E
APPENDIX F
Author: Rashid Khan 55
5/22/2018 About the project work
56/102
APPENDIX A
Implementation Installing Windows Server 2003
Author: Rashid Khan 56
5/22/2018 About the project work
57/102
Virtual Private Networking Appendix A Installing Windows Server 2003
WEBSITE:
http://www.rashidkhan.co.uk/AND ALSO AVAILABLE ON CD
INSTALLING WINDOWS SERVER 2003
To install Windows Server 2003 following actions were taken:
Booted directly from the Windows Server 2003 CD.
Setup loaded all the needed files and drivers.
The setup process begins loading a blue-looking text screen. I was asked to accept the
EULA and choose a partition on which to install 2003, then I was asked to format it
by using either FAT, FAT32 or NTFS. I chose NTFS.
Selected to Setup Windows Server 2003 by pressing ENTER.
Read and accepted the licensing agreement by pressing F8 to accept it.
The hard disk was unpartitioned, created and sized the partition on which to install
Windows Server 2003.
Selected the NTFS file system for the installation partition.
Setup then began copying necessary files from the installation CD.
Author: Rashid Khan 57
http://www.rashidkhan.co.uk/http://www.rashidkhan.co.uk/5/22/2018 About the project work
58/102
Virtual Private Networking Appendix A Installing Windows Server 2003
The computer then restarted in graphical mode, and the installation continued in a
GUI mode phase. It then began to load device drivers based upon what hardware was
found on the computer.
I didn't need to make any changes to the system local etc and just pressed Next.
Setup then copied the necessary files from the installation CD.
I was then prompted to enter a name, organization name, the product key, the
appropriate license type and number of purchased licenses.
I was prompted to type the computer name and a password for the local Administrator
account. Selected the date, time, and time zone settings. Setup then installed the
networking components. I then highlighted the TCP/IP selection and pressed
Properties. In the General tab entered the required information. I had to specify the IP
address of the computer and Subnet Mask. Next step was to finish copying files and
the setup. After the copying and configuring phase finished, setup finished and booted
Windows Server 2003.
Author: Rashid Khan 58
5/22/2018 About the project work
59/102
Virtual Private Networking Appendix A Installing Windows Server 2003
After carefull study I found out that the following procedures must be performed to
install ISA Server 2000 on a Windows Server 2003 computer and they must be in the
following order:
Install Windows Server 2003
Install ISA Server 2000
Install ISA Server Service Pack 1
Install isahf255.exe
Install Feature Pack 1
ISA Server 2000 can be installed in one of thee mode:
Cache ModeCaching mode ISA Server is designed to have one or two network interfaces.
Each interface must be located on the internal network because packet filtering
is not enforceable on a caching only ISA Server machine.
Firewall ModeFirewall mode provides a high level of firewall protection from external
intruders and also protects your network by enabling granular outbound access
control. Firewall mode does not include the Web caching features that are part
of the Cache mode server.
Integrated ModeIntegrated mode provides all the firewall and caching features available with
ISA Server 2000
The Windows Server 2003 server machine that I was using for VPN deployment
had to have the following characteristics:
At least two network interfaces one internal and one external
DNS setting on the internal interface uses an internal DNS server that canresolve Internet host names
All non-essentials services on the ISA Server 2000 machine are disabled
An Integrated mode ISA Server firewall requires at least one internal and one external
interface.
The internal interface is never configured with a default gateway address. TheIP address on the internal interface is always on the LAT.
The external interface is configured with a default gateway that routes packetsto the Internet. The external interface is never on the LAT.
Author: Rashid Khan 59
5/22/2018 About the project work
60/102
Virtual Private Networking Appendix A Installing Windows Server 2003
Windows Server 2003, like Windows 2000, allows a single default gateway. The
result is ISA Server 2000 on Windows Server 2003 supports a single external
interfaceor single Internet interface. I can have multiple public address DMZinterfaces, but only a single interface can connect the internal network to the Internet.
The DNS settings on the ISA Server interfaces must be configured correctly.
Misconfiguration of the DNS settings is the most common configuration error made
on ISA Server firewalls in production. The preferred setup is to
Configure the internal interface of the ISA Server with the address of a DNSserver on the internal network that is capable of resolving Internet host names
Place the internal interface on the top of the interface list. Windows Server2003 uses the interface orderto determine which name server addresses to
query first.
Do not enter a DNS server address on the external interface
I had to perform the following steps to configure the interface order on the ISA Server
computer:
1. Clicked Start, pointed to Control Panel and right clicked on NetworkConnections. Clicked the Opencommand (figure 1).
Figure 1
2. In the Network Connectionswindow, clicked the Advanced menu and thenclicked the Advanced Settingscommand (figure 2).
Author: Rashid Khan 60
5/22/2018 About the project work
61/102
Virtual Private Networking Appendix A Installing Windows Server 2003
Figure 2
3. In the Advanced Settingsdialog box, selected the interface representing the
internal interface and clicked the up arrow to move the internal interface to thetop of the interface list. Clicked OKin the Advanced Settings dialog box
after making the changes to the interface order.
Author: Rashid Khan 61
5/22/2018 About the project work
62/102
Virtual Private Networking Appendix A Installing Windows Server 2003
Figure 3
I disabled all non-essential services on the ISA Server firewall computer. Whileindividual implementations of ISA Server firewalls require a customized set of
services, it is safe to conclude the IIS W3SVC (the World Wide Web service) should
not run on the ISA Server firewall.
Author: Rashid Khan 62
5/22/2018 About the project work
63/102
APPENDIX B
Implementation Installing ISA Server 2000
Author: Rashid Khan 63
5/22/2018 About the project work
64/102
Virtual Private Networking Appendix B Installing ISA Server 2000
Installing ISA Server 2000
I located the ISA Server 2000 CD-ROM disk and put it into the CD-ROM drive. Performed thefollowing steps to install ISA Server on a Windows Server 2003 machine:
1. Double click on the ISAAutorun.exefile on the ISA Server CD (figure 4), local harddisk, or network share point.
Figure 4
2. Click on the Install ISA Serverlink on the Internet Security & Acceleration Server2000splash page (Figure 5).
Figure 5
Author: Rashid Khan 64
5/22/2018 About the project work
65/102
Virtual Private Networking Appendix B Installing ISA Server 2000
3. I saw an ISA 2000dialog box informing that I need to install ISA 2000Service Pack1 (figure 6). Error messages occurred during the installation. I was not concerned
about these errors as I will perform the required procedures to prevent them frombecoming a problem. Clicked Continue.
Figure 6
4. Clicked Continueon the Welcome to the Microsoft ISA Server installationprogrampage (figure 7).
Author: Rashid Khan 65
5/22/2018 About the project work
66/102
Virtual Private Networking Appendix B Installing ISA Server 2000
Figure 7
5. Entered the CD Key in the CD Keydialog box (figure 8). Clicked OK.
Figure 8
6. Wrote down the Product ID as list in the Product IDdialog box. Clicked OKin theProduct IDdialog box after writing this number down.
Author: Rashid Khan 66
5/22/2018 About the project work
67/102
Virtual Private Networking Appendix B Installing ISA Server 2000
7. Clicked I Agreein the Microsoft ISA Server Setupdialog box (figure 9).
Figure 9
8. Clicked the Full Installationbutt