Winter 2006 ESCC/Internet2 Joint Techs Workshop

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Network Access for Remote Users: Practical IPSec

Time 02/08/06 10:35AM-11:00AM

Session Abstract

The University of London Computer Centre was approached by a number of higher ed institutions in London needing to connect satellite campuses or remote staff users to their campus LANs as securely as possible. None of these colleges had a specific budget for this work, meaning only trivial sums of money were available, and the solutions had therefore to be based around existing hardware (the gateway router) and wide-area network connectivity. The experience we gained designing and installing our solutions over the course of eighteen months formed the basis for an official JANET 'Technical Guide' and several presentations at networking conferences including UKERNA Networkshop 2003 and the TERENA Networking Conference 2003. The installations fell into three distinct categories:
1. Guildhall School of Music & Drama Remote Site (ADSL connection) to Main Campus LAN (E1 Connection to ULCC via 2621 Router)
2. Hammersmith & West London College Remote Users (Windows 2000 + static broadband IP address) to Main Campus.
3. Conservatoire of Dance & Drama Remote Users (Cisco VPN Client + dynamic IP address) to Main Campus with Split Tunneling, Split DNS and IKE XAuth.

This presentation will focus on the practicalities of building robust and flexible VPNs using standard protocols and readily-available hardware and software, and will specifically exclude any vendor-specific 'black box' methodologies. Various interesting issues we encountered whilst designing and building our solutions will be highlighted. These will include coexistence of IPSec with Network Address Translation (NAT) on the same router, issues concerning MTUs and fragmentation, the capabilities of the Cisco VPN Client software, and Windows 2000 gotchas.


Speaker John Graham Indiana University

Presentation Media