Virtual Private Network

Hey all,

I was wondering if anyone knows anything about VPNS?

What i want to know is that is it possible to have a network with 3 seperate VPNs within in. I do belive it is but cannot find any information on the internet to bakc this up. Basicly the three different VPNs will then allow three different networks to be able to share resorces without any other network users to get access to them right? And this can be done using a Windows Server 2003 machine to set up adn manage the vpns and configuration?

Thanks alot any help would be awsome!

Relentless.

Not exactly sure what you are talking about but I've heard of a MPLS. It's a subscriber service that typically larger corporations use instead of having multiple daisy-chains of point to point T1 connections to different locations.

ok sorry i will try and explain:

The image below shows a network with a building with three floors. Each floor needs to be on a seperate network so that other floors cannot access information specificly for that floor.

Each floor is on a differnt VPN and the servers on on a public network with the network ip of 10.0.0.0.

Would this be possible and what routing would it need? for example would i need some access routers? of would the active directory server manage all the VPNs so that they can access the servers on the network?

Thanks alot everyone i hope this explains it more clearly.

Relentless.

I also found some information at:

http://www.automation.com/sitepages/pid1444.php

which shows that it is possible but i still need to know how they would be created/managed and if it would be possible for them to be able to connect the the "public (10.0.0.0) network".

found at the link above :

"Virtual LANs are a grouping of Ethernet ports on an IEEE 802.1Q compliant switch or a grouping of switches. A VLAN may be used to help isolate packet and broadcast traffic on a factory automation network, for example, from the IT network. Measures like this are generally reserved for isolating extraneous traffic such as broadcasts that may interfere with control communications, but can also be implemented as security tools.

Switches can be divided into VLANS that could render devices on separate VLANs unreachable. The downside to switch port-based VLANS as a security strategy is management, since a port can belong to multiple VLANs extending across multiple switches.

Multi-layered VLANS can be challenging to administer. For multiple VLANs to span multiple switches, the Spanning Tree Protocol, STP, may have to be disabled as well. For example, if two VLANS exist on each of two switches, each VLAN needs a connection to the corresponding VLAN on the other switch, requiring two links between each switch. STP will disallow multiple links between devices to prevent loops.

VLANs can also be used to segment broadcast domains within a network. Since VLANs are logically segmented local area networks, physical areas do not restrict them. Utilizing VLANS reclaims network bandwidth by breaking down broadcast domains and segments one network of devices from another within the same switch.

VLAN segmentation is accomplished by assigning the ports of a device into separate VLAN memberships. For example, ports 1 and 2 may be assigned to VLAN1. Ports 3 and 4 may be assigned to VLAN2. Ports 1 and 2 will not see broadcasts or traffic from ports 3 and 4, and vice versa. This separation is accomplished at OSI layer 2. If a third VLAN were created using ports 1, 2, 3, 4 and 5, then a device on port 5 would see all broadcast traffic from ports 1, 2, 3 and 4.

An example of this type of implementation is if the network administrator wants to separate traffic from office computers from PLC or SCADA devices. As these devices may not normally communicate with each other, separating them with a VLAN would allow the two networks to co-exist on the same switch."

Thanks again.

Relentless.

Found what i need its VLANS not VPNS. Cheers anywhoo.

R3l3ntl3ss wrote: Found what i need its VLANS not VPNS.

Yeah, that became clear as you described your problem more. However, for future reference, both multiple interconnected VLANs and multiple interconnected VPNs are possible. All hardware VPN solutions have the ability to support more than one VPN connection at a time; at my job, we have two active site-to-site VPNs and additional personal VPNs, all running at the same time.

As for VLANs, the best way to understand how they work is to construct a simulated one yourself. Find a good Cisco simulator and read up on creating VLANs with the Cisco IOS. In a nutshell, VLANs are basically virtually-switched mini-networks that are housed within a physical switch. Just as with an actual network, the virtual network will have routing information maintained and, as such, communication between subnets is possible.

If you have any more networking questions, feel free to ask.