PSINet Managed VPN November 2000 Confidential PSINet VPN
PSINet Managed VPN 소개 November, 2000 박훈철 대리 Confidential
PSINet VPN Applications & Requirements Extranet Business-to-Business Remote Access DSL Cable POP Intranet Central Site Intranet Branch Remote Access Extension of Dial ADSL, Cable, ISDN User manageablility & deployment scalability Site-to-Site : Intranet & Extranet Extension of classic WAN provided by Service Provider VPN with Firewall service Enhanced VPN service Vscalable performance with VSU 2
Agenda PSINet Remote Access VPN Service PSINet Site-to-Site VPN Service PSINet GIHC VPN Service PSINet Managed VPN Service PSINet Case Studies Q&A 3
PSINet Remote Access VPN Service NAS POP Dial-Up Access Gric Roaming AAA ISP ISDN Access ADSL Service Provider Network AAA ADSL Access Cable Enterprise or ISP Cable Modem VPDN Requirements Robust security Scalability Integrated management Simple & easy-to-use VPN client High availability Deployment flexibility 4
PSINet Remote Access VPN Service VPNremote software VPN NAS POP Dial-Up Access AAA VPN ISDN Access VPN Intranet Server ADSL Access PSINet VSU Cable VPN Cable Modem IPSec Tunnel Enterprise Netwrok ISP VPN Gric Roaming PSINet Remote Access VPN Sulution Easily deployable and manageable IPSec client software Centralized policy-based management of VPN users provides a high degree of scalability 5
PSINet Remote Access VPN Service Client IP Address Pool AAA Intranet Server VPN POP IPSec Tunnel @#!1$%2*&%3#&… Remote Access VSU Enterprise Netwrok IP Pool Address VPNremote Client user has random IP address assigned by ISP VSU translates user’s original IP address to one in Client IP Address Pool Packet Filtering Rule VSUs support packet filtering ACL (Access Control List) consist of Client IP Address Pool Encryption Using strong(3 DES) encryption, VPN’s allow the flow of secure traffic between networks over a public intrastructure such as the Internet. 6
PSINet Remote Access VPN Service VPN AAA Web PSINet Mail POP Gric Roaming VPN POP VSU Remote Access Groupware 기능 PSINet 종류 VPN Packet Mode Tunnel, Transport Tunnel Encryption Algorithm DES, 3 DES Authentication Algorithm MD 5, SHA 1 Compression STAC Key Management IKE, SKIP Firewall Packet Filtering Rule NAT Static, Dynamic, Port System Management SNMP, SSL, Syslog Remote Client Windows 95/98, NT, 2000, Me 7
Agenda PSINet Remote Access VPN Service PSINet Site-to-Site VPN Service PSINet GIHC VPN Service PSINet Managed VPN Service PSINet Case Studies Q&A 8
PSINet Site-to-Site VPN Service Firewall Extranet / Business-to-Business ISP Intranet Server Service Provider Network Firewall Intranet / Branch 1 Intranet / Central Site ISP Intranet / Branch 2 Site-to-Site VPN Requirements Robust security Bandwidth Managemet Multi-Device VPN Management Deployment Flexibility Service-Level Validation 9
PSINet Site-to-Site VPN Service VSU Extranet / Business-to-Business Intranet Server PSINet VSU Intranet / Branch 1 IPSec Tunnel VSU Intranet / Central Site VSU Intranet / Branch 2 PSINet Site-to-Site VPN Sulution Hardware-based Encryption Site Specific Scalability Device Integration Greater VPN Security & Reliability Feature Interoperability Investment Protection 10
PSINet Site-to-Site VPN Service IP Header Original IP datagram Payload VSU Business-to-Business Intranet Server IPSec Tunnel VSU Branch 1 PSINet VSU Intranet / Central Site Tunnel IP Header Payload Tunneling Original IP datagram VSU Branch 2 IP Header Payload Original IP datagram Tunneling IP>traceroute 203. 235. 76. 18 Traceroute 203. 235. 76. 18: 56 data byes 1 123 ms 120 ms 121 ms 203. 235. 76. 18 Trace complete. Enable Routing with Private IP IP>traceroute 10. 1. 34 Traceroute 10. 1. 34: 56 data byes 1 117 ms 115 ms 113 ms 10. 1. 34 Trace complete. 11
PSINet Site-to-Site VPN Service Web VSU Extranet / Business-to-Business PSINet VSU Intranet / Branch 1 Mail VSU Extranet Groupware VSU Intranet / Branch 2 기능 PSINet 종류 VPN Packet Mode Tunnel, Transport Tunnel Encryption Algorithm DES, 3 DES Authentication Algorithm MD 5, SHA 1 Compression STAC Key Management IKE, SKIP Firewall Packet Filtering Rule NAT Static, Dynamic, Port System Management SNMP, SSL, Syslog Remote Client Windows 95/98, NT, 2000, Me 12
Agenda PSINet Remote Access VPN Service PSINet Site-to-Site VPN Service PSINet GIHC VPN Service PSINet Managed VPN Service PSINet Case Studies Q&A 13
PSINet GIHC VPN Service PSINet Public Network Private Network PSINet Backbone Main switch 203. x. x. x Access switch Web Server 203. x. x. 2 10. x. x. 2 OSPF Firewall VSU= 203. x. x. 1 10. x. x. 1 Streaming Server 203. x. 3 10. x. x. 3 Streaming Server 203. x. x. 4 10. x. x. 4 Database 203. x. x. 5 10. x. x. 5 15
Agenda PSINet Remote Access VPN Service PSINet Site-to-Site VPN Service PSINet GIHC VPN Service PSINet Managed VPN Service PSINet Case Studies Q&A 16
PSINet Managed VPN Service MSG(Managed Service Group)란? PSINet NOC(Network Operation Center)소속의 보안 전문가 그룹으로, 고객사의 보안정책수립 및 네트워크 관리를 총괄하는 조직 MSG의 역할 및 책임 • 고객사의 보안정책 컨설팅 • 24 X 7 NMS 및 Monitoring 서비스 • Intranet 이나 VPN등의 Managed 서비스 구축 시 작업 전담 • 고객사 측 CPE(Customer Premises Equipment)에 대한 Setting 및 Maintenance 지원 • Router, 인증 및 로그서버 Configuration 지원 • 각 Intranet sites에 대한 장애처리, NMS 전담 18
PSINet Managed VPN Service VPN ADSL / Cable VSU ISP VPN Dial-Up Access Gric Roaming ISP Extranet / Business-to-Business PSINet VSU Intranet Server IPSec Tunnel Intranet / Branch 1 VSU Intranet / Central Site VSU Radius / Log / VPNmanager Intranet / Branch 2 VSU PSINet Operationg Center 21
PSINet Managed VPN Service PSINet Operationg Center B 1 203. 255. 113. 0/24 IP Pool 217. 207. 101. 10 217. 207. 101. 11 217. 207. 101. 12 217. 207. 101. 13 VPNmanager Directory Server . 24 SNMP, SSL, Syslog. 25 A 1 . 100 . 26 217. 207. 101. 0/24 VSU . 101 PSINet Backbone. 102 VSU. 103 . 57. 58. 59 VSU C 1 210. 128. 239. 0/24 . 104 R 1 R 2 D 1 Remote Account IP ? B 1 A 1 VPN (Tunnel Group 1) 203. 255. 113. 24 217. 207. 101. 100 C 1 A 1 VPN (Tunnel Group) B 1 A 1 VPN (Tunnel Group 2) 203. 255. 113. 25, 26 217. 207. 101, 102, 103 D 1 A 1 VPN (Tunnel Group) (Remote) ID, PW 217. 207. 101. 10, 11, 12, 13 217. 207. 101. 104 210. 128. 239. 57, 58, 59 217. 207. 101. 102, 103 22
Agenda PSINet Remote Access VPN Service PSINet Site-to-Site VPN Service PSINet GIHC VPN Service PSINet Managed VPN Service PSINet Case Studies Q&A 23
PSINet Case Studies CASE 1 : 한국타이어 VSU 일본 지사 Web 210. 238. 254. 0 / 255. 224 ISP 1 ISP VSU 호주 지사 203. 42. 125. 48 / 255. 240 VSU 독일 지사 192. 169. 202. 0 / 255. 0 ISP T 1 Mail VSU F/W Groupware IP Group 203. 31. 6. 0 203. 31. 7. 0 203. 31. 17. 0 서울본사 24
PSINet Case Studies CASE 2 : LG-EDS VPNremote software 600명 부분적 사용자별 Access Point 개별 설정 VPN Dial-Up Access Web VSU VPN ISDN Access VPN ISP 1 ISP ADSL Access VPN F/W ISP Mail F/W VSU Cable Modem VPN Gric Roaming IP Group 210. 103. 148. 0 210. 103. 149. 0 210. 103. 150. 0 Groupware 서울본사 25
Q&A 26
- Slides: 26