IP address connectivity can take a number of different forms. In this video, you’ll learn about SSL VPNs, VLANs, network address translation, and more.
<< Previous Video: Assigning IP Addresses Next: Internet Connection Types >>
Knowledge of assigned IP addresses to your devices. There’s many ways that you could take advantage of this. In this video, we’ll look at many ways to use these IP addresses.
One common type of virtual private network, or VPN, is one that uses SSL, or Secure Sockets Layer. These SSL VPNs use a very common protocol, which is TCP/443. This is the same protocol that we use to communicate securely to web servers inside of our browser. This means we can avoid a lot of problems with firewalls by using this very common and well-used protocol.
SSL VPNs are commonly used for end user communication so that you can have a secure tunnel between your device and your corporate network. And SSL VPN can also be relatively easy to install. You would simply assign authentication credentials to a user so they would use the same username and password they always use to gain access to this SSL VPN. You don’t necessarily need to roll out digital certificates to everybody’s workstation or configure shared pass phrases like you do with IPSec.
Many SSL VPN clients can run inside of a browser, or they might already be built into your operating system. You simply provide the username and password and the IP address that you want to connect to, and you’ve got an SSL VPN tunnel. You often hear these SSL VPNs referred to as client-to-site VPNs, or remote access VPNs, because you can be anywhere remotely out in the world and be able to communicate securely back to your corporate network.
If you have your laptop at a hotel or a coffee shop and you want to communicate back to corporate, you simply start the SSL VPN software on your laptop, and it creates this encrypted tunnel back to your VPN concentrator at your corporate facility. This means if anyone was to capture any of this traffic between your workstation and this VPN concentrator, all they would see is encrypted communication.
Your VPN concentrator is responsible for then decrypting that information and sending it into the corporate network. When this information is sent back to your remote laptop, it is encrypted by the VPN concentrator and sent over that encrypted tunnel and then decrypted by your laptop. This means that no matter where you are in the world, you know you can start your SSL VPN software and have this encrypted secure tunnel back to your corporate network.
A LAN is a local area network. We define this as a group of devices that happen to share the same broadcast domain. For example, we have two switches on our network. The switch on the left and all of the devices connected to that switch are one broadcast domain. And we have a switch on the right, and there’s devices connected to that switch. Those devices are on a different broadcast domain.
We often maintain the separation between different local area networks for security reasons and to maintain the efficiency of the network. But this also means that we would have to have a separate switch every time we wanted to have a separate broadcast domain. To simplify this, we create a virtual local area network or a VLAN, which means that we can have a single switch. But inside the switch, we are logically separating these different networks into two pieces.
We still have the red network on the left, and all of the devices on the red network can only see the other devices on the red network. And then we have the blue broadcast domain network on the right side. And again, only the blue devices can communicate back and forth to other blue devices. This greatly simplifies the administration and the cost of having multiple switches on our network. Instead, we can configure a single switch to act and operate as if it’s multiple switches.
For example, here’s a single switch where three separate VLANs have been configured. We have the red VLAN, which is VLAN 1. That’s for the gate room. We have VLAN 2. That’s the blue one that has the dialing room. And then the green VLAN is VLAN 3 for the infirmary.
So all of the devices that are connected to the red ports can communicate to each other on VLAN 1. The devices on the blue network can communicate to each other and the devices on the green network can communicate to each other. And none of the devices on these separate networks are able to communicate across that VLAN separation. That allows you to maintain the security and the efficiency of the network while minimizing the number of switches that you need to have running at any particular time.
It’s estimated that there are over 20 billion devices connected to the internet. But we know that IP version 4 can only support just over 4 billion addresses. This also means that the entire address space for IPv4 has been easily exhausted at this point. But we still have a requirement to connect these 20 billion devices that are on the internet.
The way we do that is by using Network Address Translation, or NAT. This is just one of the ways that we can take advantage of using NAT. But it’s one of the most common ways so that you can have many devices on the inside of your network all translating out to a single device on the public internet side.
Network Address Translation literally changes, or translates, one IP address to another. For example, we have an internal network, where Vala has her laptop. And she wants to communicate out on the public internet to my website, professormesser.com. When she sends traffic from her workstation, the source IP will be that of her laptop, which is 10.10.20.50. And she wants to communicate to my web server, which is 220.127.116.11.
When she sends this information to her router, her router has been configured to perform Network Address Translation. And it changes the source IP from her internal address to the external address on the public internet and then sends that information to my web server. When my web server wants to respond back, it simply reverses those IP addresses, has the source IP as my web server, and the destination IP as the public IP address on the internet. When it’s received by that router, the router translates it again back to Vala’s internal IP address and sends that information down to her laptop.
This Network Address Translation happens for all of the devices on your internal network. So you can have hundreds or even thousands of devices on your internal network all being translated to one single IP address on the internet.