04-09-2012, 02:38 PM
VPN Project: Remote Access to a Novell Network
VPN Project.pdf (Size: 331.84 KB / Downloads: 38)
Our IT department has often been praised for accomplishing much with
limited resources. We often put unique, specialized solutions in place while
keeping costs as low as possible. Providing top service to our internal clients
has always been our primary objective, and the majority of our resources and
time would be allocated to ensure our clientele’s visible requirements were met.
As a result, some remote services had been put in place without adequate
security measures. This problem was identified and we began to focus on
tightening the security of our externally accessible IT services and resources. As
a senior network administrator, I became project leader and was responsible for
directing our security initiative to replace our existing remote access facilities with
encrypted Virtual Private Networking (VPN) technology.
VPN Concentrator
It was clear that the best solution would be obtained by replacing our existing
methods with a Virtual Private Network. The key piece of hardware would be the
VPN concentrator. We wanted to have an installation that had hardware
encryption/decryption capabilities, and also supported Novell NDS. All data was
to be encrypted with a strong algorithm, and it was desirable to have this process
happen as quickly as possible. If we could leverage our existing database of
users (Novell NDS), then we would have fewer administrative headaches both in
terms of deployment, and maintenance. We looked at VPN products including:
· Novell's BorderManager
· Nortel's Contivity
· Cisco's VPN 3000 series
Interfaces
The Cisco concentrator comes with three built-in Ethernet interfaces. The
outside interface would connect into our public segment, where it would be
monitored by one of our Intrusion Detection Systems (IDS). The inside interface
would connect directly back to our internal network. The third interface has been
left unused for the time being, but will eventually provide connection to the
concentrator from our management network.
Our implementation closely followed the Typical VPN Concentrator Network
Installation as shown in Cisco’s Getting Started Guide for Release 3.6. The VPN
was setup and configured as shown in Figure 1.
Access Control Server
In order to provide the second level of authentication, we wanted to
leverage our existing database of users. These accounts and passwords were
already available in Netware Directory Services (NDS). Most of the available
VPN products do not natively support authentication against NDS. Both Cisco
and Nortel product lines have features to easily integrate the VPN into a
Windows based user directory, but do not directly support Novell. Novell’s
BorderManager is a notable exception and does directly support NDS
authentication.