|
Home > Archive > 70-218 > September 2002 > Need help understanding VPNs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Need help understanding VPNs
|
|
| Tech Ranger 2002-09-19, 8:34 pm |
| RRAS assigns IP addresses, netmasks, and sometimes other scope options to dial-in clients. When RRAS is used to receive VPN connections, the clients have already been assigned IP configurations by their ISP's. Does RRAS use those IP addresses or what happens? | |
|
|
| Tech Ranger 2002-09-20, 1:44 pm |
| Thanks a lot. I am at work, but I am looking forward to studying this tutorial tonight. | |
| Tech Ranger 2002-09-20, 7:30 pm |
| I read this tutorial. It does not address my question. I configured my Win 2K Server as a VPN server, and as part of the configuration process, you are asked whether to establish an IP address pool or to assign VPN clients their IP configurations automatically. You can use RRAS user option classes and configure the VPN server to be a DHCP relay agent so as to pass scope options to the clients. What has me totally confounded is that according to my understanding of how VPNs work, the client first connects to its ISP. Obviously the ISP configures the client in terms of IP address, subnet mask, etc. So how can the VPN server configure these already configured clients? | |
| Teck Shark 2002-09-23, 8:57 am |
| Basically the VPN Server will re-address the Client machine, allowing the user to become part of the network.
For example, many departments on our University network have resources only available to machines with campus IP addresses (128.192.x.x). If a user connects from their ISP, they will not have a campus address and thus will not be able to connect to campus-specific resources. If, however, they connect to their department's VPN, their machine will be re-addressed with a campus address. Now the user is able to access the campus-specific information remotely.
Hope that helps...  | |
| Tech Ranger 2002-09-23, 5:43 pm |
| You are saying that if I am sitting at home and connect to AOL, the ISP assigns my host an IP configuration, and if I am connecting to a VPN server at mycompany.com, the VPN server gives me a new configuration? How does AOL see me one way, and the VPN another way? Can you explain this to me or give me a link that addresses this particular issue? | |
| Slinky 2002-09-23, 7:12 pm |
| Tech Ranger,
If you do IPCONFIG while you are connected to the VPN, you will notice that you have 2 addresses. The first one is the dynamic or static address that you get from your ISP, and the other one is the address assigned by the RRAS server. It should say something like "PPP adapter Virtual Private Connection" The machine isn't really readdressed so to speak, it just gets another address so it can communicate over that network. | |
|
| Hi Tech,
Tunneling and encapsulation make it happen.
How you route a non-routable private IP address over the Internet is basically done the same way you route a non-routable protocol, by encapsulating the packet in a TCP/IP packet.
The machine does not get re-assigned an address so to speak. Basically you'll have an actual IP address(the one from AOL for example) and a virtual address (from the corporate/private LAN via RRAS VPN). The private LAN address is encapsulated within your encapsulation protocol (PPTP or L2TP)
Tunneling breaks down this way:
The carrier protocol (TCP/IP)
The encapsulation protocol (PPTP, L2TP)
The passenger protocol (NetBeui, DLC, A Private IP address).
It is similar to routing a non-routable protocol via TCP/IP.
So in the case of a VPN, your Private IP address information is encapsualted within the PPTP or L2TP packet which is sent via TCP/IP over the Internet between the connection points (yours by AOL, the companies by it's VPN access point).
Anyone else with a little more VPN experience than myself have a take on this? | |
| Slinky 2002-09-23, 8:07 pm |
| I'm assuming that you don't have a copy of the Server Resource Kit, Tech Ranger. I never thought I would say this about an MS Press book, but it has ALOT of invaluable information regarding VPNs and RRAS. Here is the link if you don't have a hard copy, but I highly, highly recommend this book if you don't already have it. 
http://www.microsoft.com/technet/tr...wk/intintro.asp | |
| Tech Ranger 2002-09-23, 9:24 pm |
| Thanks guys. I really appreciate the help. | |
| Slinky 2002-09-23, 9:26 pm |
| Oh, BTW thats Chapter 9 that you need to read in the Internetworking Guide. |
|
|
|
|
