Virtual Private Network (VPN) Services

 
 

Description

 

  

A VPN is a Virtual Private Network. A VPN is an alternative to a truly private network, where someone completely owns the infrastructure (i.e., wires) between locations and no one else can use it. Typically a VPN is used when some part of the network path crosses a public network such as the Internet or, in the case of wireless, "airspace." A VPN may also be used to provide additional security on private networks. The VPN builds an encrypted "tunnel" through a public/private network which provides the necessary confidentiality (this prevents snooping), sender authentication (this prevents identity spoofing), and data integrity for secure access to private resources. VPNs create paths of access into the network that must be looked at very carefully from the security perspective to only grant access to the areas required to perform the work. If a personal computer is used to connect to a VPN than the vulnerabilities and viruses that exist on the home computer now have access to the State resources the VPN group was designed with. For these reasons we must pay close attention to the configuration of these VPNs.

There are many types of VPNs but primarily can be grouped in two main types: client based (from your computer) and site-to-site (established between two networks using firewalls). The client based VPN uses software on your computer and two sets of authentications: Group Name / Group Password and User Name / User Password. With this configuration departments and agencies can have multiple groups to limit access to specific network areas. The site-to-site requirements a little more detailed and must be coordinated with the department IT staff to ensure proper design and security issues are addressed.

DII offers the following services:

  • LAN to LAN VPN (IPsec)
  • Client-Based (IPsec) VPN

LAN-to-LAN VPNs are used to connect remote networks to the State's WAN, generally to provide access to or from vendors. Remote-access VPNs are used to allow remote users' PCs to connect securely to resources on the State's WAN.

 

Benefits

 

 

A VPN client allows you to "tunnel" all of your traffic to the State network over an encrypted, authenticated link which terminates on the State’s private network on our VPN system. The VPN server decrypts your traffic and forwards it to its destination, but it changes the source address of your traffic from your ISP-assigned address to a State assigned address. This way, all of your traffic appears to be coming from the State network and may not be limited by Internet firewall rules.

  • Provides data integrity and/or data confidentiality
  • Can also be combined with authentication and authorization mechanisms
  • Provides secure encrypted remote access to information protected by the firewall
  • DII Network Security Analysts provide consultation regarding service options and recommend best practices security policies 

Availability

 

Available 24 x 7

Hours of Staff Operation:

Monday –Friday  7:45 a.m. to 4:30 pm

 

Maintenance Window (if applicable)

WAN maintenance window is slated each week on Thursday from 4:45pm to 8:00pm as needed.

Contact/Order Inquiries

 

Wide Area Network (Govnet) support  inquiries:

 

Use the Footprints Helpdesk Ticketing System:  https://ent-footprints.state.vt.us

Or

Call 802-828-6620 or toll free 855-828-6620 Option 1

The following information will be required:  source, destination, port and protocol information

LAN to LAN Requests:  DII will need a tech contact to work with on the other end for a site-to-site

Client-Based Requests:  DII will need the names of all users and number of concurrent connections needed for a client-based VPN.

 

More Information

 

 

VPN Client -- Getting Connected

Configuring the Cisco VPN Client

 

VPN Diagram

Price Model

 

 

VPN is included in the allocation

 

90% of the NE Services fall under the DII Allocation.