VPNs Explained | Site-to-Site + Remote Access

Hello guys, welcome to serpros. In this video we will see VPN, so VPN means virtual private network. Its job is to ensure the secure delivery of data over public networks. Doing so allows the user to send data like If they were connected directly to that private network, let me show you what I mean, let's say this is your headquarters. Now your central office is where all your business-critical servers and applications are located, as well as your central office. It also has a smaller network. Branch The smaller branch office also needs

access

to your business's critical servers and applications.

There are different connectivity options available to you, for example you can use a private mpls network. This would be a great option, however, it comes at a price. Internet

access

is very expensive. affordable, but there is the problem that the public Internet is full of bad guys and these bad guys are just waiting to get their hands on your company's valuable data. One solution is to use a virtual private network or VPN. A VPN is often described as In a tunnel, your data is encrypted before passing over the public internet this way, if one of the bad guys gets a hold of your data, they won't be able to make any sense of it once your data is received, They can then be deciphered. using a special key so that it can be read normally, there are two main types of VPN.

The one you see here is known as a

site

-to-

site

VPN. This VPN connects one full site to another full site and is always on, meaning it is always on. A site-to-site VPN needs to be configured on both networks, so it's great for situations like this when you have multiple

remote

sites, but that is not always the case; You may have individual users working from coffee shops at home or anywhere else in the world, these users still need access to the corporate network, but a side-by-side VPN won't work because you have no control over the networks from those that connect.

Instead, they can use the second type of VPN, this is called

remote

access. VPN: A remote access VPN grants access to the corporate network, but only for one device, for example a user's laptop in a coffee shop. This is different from site-to-site VPN that connects to entire networks. Now we know what a VPN is and the two different types, let's look at each one in a little more detail. First, let's start with site-to-site VPNs. Here we have site A and site B. Both sites are connected to the public Internet. Site-to-site VPNs are usually set to either. a router or firewall at both sites a popular site-to-site vpn is ipsec ipsec is a framework or set of rules for creating

vpns

over a network.

It does not define any way to create a VPN, but rather allows various protocols to be used. It is used for each VPN function. IPSEC is often used for site-to-site VPNs, but can also be used for remote access VPNs. Once the VPN is established, all devices at each site can securely send data over the VPN. How does this work? well, let's say a host from site a sends some data to site b, the router will see this data and see that it is destined for site b and realize that it needs to send it over the VPN before it can send it over the VPN first. needs to encrypt the data, it does this by taking the original data and then the encryption key to produce the encrypted data.

Let's take a closer look at this when the IP packet is received it undergoes an encryption formula along with the session key that was previously exchanged once encrypted the router then encapsulates this data with the vpn header and the forward then adds a new ip header this new ip header will have the public ip address of the remote site now there is a bit more when it comes to vpn headers and trailers but this is the general idea, when the router sends the encrypted data the data will arrive in a securely over the public Internet to the remote site and then the encryption process is reversed again.

Let's take a closer look: The router receives the encrypted packet using that session key that has already been exchanged, the router can decrypt the data to the original format from there, the router can forward this packet to the destination, okay, that's it a vpn dating site, this is great when you want to connect one or more offices together sometimes, although you need users to be able to connect to the corporate network from anywhere in the world, this could be a coffee shop on the train or working from home during a pandemic, for this situation there is a different type of VPN Remote Access VPN Remote Access VPN allows a single device to connect to a corporate network, this could be a desktop laptop or even a smartphone or tablet, by Just like a site-to-site VPN, a remote access VPN allows a host computer to securely send and receive encrypted data.

Public Internet, this is great news if you are connecting to a public Wi-Fi network where you have no idea who might be spying on you now, unlike sites like VPNs that always run remote access. VPNs require an app on the host to reconnect. the corporate network the corporate network will be listening for these connection requests an example of a vpn client application is cisco anyconnect or openvpn here is openvpn running on my computer while ipsec is used for site to site

vpns

tls is usually used for remote access vpns tls is the same security protocol used to encrypt your web traffic when connecting to https sites.

It's also useful because some public Wi-Fi networks may block ipsec ports, while tls usually uses the well-known port 443, which is usually allowed when setting up remote access VPN. You need to decide if you want to use something called full tunnel or split tunnel. What does that mean? Well, a full tunnel means that once connected to the VPN, all traffic from the host will be forwarded to the corporate network, even if you are just Browsing Facebook, all of this will be funneled through the corporate network. This is great if you want to enforce corporate firewall policies. Now a split tunnel means that only traffic destined for the corporate network is sent through the VPN.

The rest of the traffic is rooted as usual. great for saving bandwidth and also giving a little more privacy to your users, which one you choose really depends on you and your security needs now, just before we end this video, I want to briefly mention VPN services in recent years, Several companies have emerged offering VPN services that promise to keep all your internet usage private, secure, and away from hackers. You've probably seen their ads. These are like remote access VPNs that connect to that company's network before they forward it to the Internet by using these services.

The idea is that only the VPN provider will see your traffic, so not even your ISP can see what you're doing now. While there are some understandable reasons to use these services, don't get caught up in some of the scare tactics that most of them use. reality and what you would be led to believe is often quite different anyway, that's enough for VPNs. By now you should have a good understanding of what they are and how they work. This video is part of the complete ccna course which can be found in the description. so feel free to go and watch it if you like this video, don't forget to like, leave a comment and subscribe.

Your support really helps this channel grow. Other than that, thanks for watching.