Manuals / HP / Computer Equipment / Software

HP Access Control Client Software manual Existing Network Infrastructure

Models: Access Control Client Software

1 338
Download 338 pages 18.69 Kb
Page 163
Image 163

Designing Access Controls

Make Decisions about Remote Access (VPN)

Table 3-30. Selecting VPN Options Based on Endpoint

Factor

VPN Protocol

Authentication

Encryption

Client

Gateway

 

 

Method

 

 

 

 

 

 

 

 

 

Endpoint and

PPTP

MS-CHAPv2

MPPE

Windowsnativeor

Any that supports

administrative

 

 

 

Mac OS X native

PPTP

control

L2TP/IPsec

Preshared key

Any

Windowsnativeor

Any that supports

 

 

 

 

 

Mac OS X native

L2TP/IPsec

 

 

 

 

 

 

Existing Network Infrastructure

Finally, you must look at your existing network infrastructure and make sure that your choices make sense within your current environment.

Primarily, your existing infrastructure affects your choice of VPN gateway. Do you have an existing device that supports VPN functionality, and does it make sense to use that device? How much traffic do you expect the VPN to handle? The documentation for the chosen device should indicate the number of tunnels that it can handle simultaneously. Is that sufficient, or do you need to add another device? If you must add a new device, you will need to build that device into your network layout and plan for redundant connections.

Your existing network may also affect your choice of authentication method. If you already have a complete Public Key Infrastructure (PKI), using digital certificates makes more sense. Of course, if users will be using their own endpoint, rather than the company’s endpoint (which has already been con- figured with the certificate), you will not be able to leverage most of your existing PKI. You must still plan on users configuring the endpoints at home.

Example

PCU already has a Secure Router 7203dl, which, with an IPsec VPN Module, supports up to 1000 VPN tunnels. Because PCU has 600 faculty members, the router should easily handle its additional role as VPN gateway. Using the router as the VPN gateway necessitates IPsec as the VPN protocol—a good choice because it is a secure option.

PCU already has a PKI, so the network administrators decide on digital certificates as a feasible and secure option for authentication. They can help faculty members copy the necessary digital certificate from their university endpoint to the ProCurve VPN client, which they will install at home.

When considering only existing network infrastructure, PCU network admin- istrators choose the VPN options displayed in Table 3-31.

3-47

Page 162 Page 164
Page 163
Image 163
HP Access Control Client Software manual Existing Network Infrastructure, Selecting VPN Options Based on Endpoint
Page 162 Page 164