VPN Technique
Preconditions
Preset for the installation of a "Virtual Private Network" (VPN) is a valid ZIH login. For the technical realisation of the VPN a special client program is necessary. This is provided for free for all TU Dresden members.
Technical description
With the help of the VPN-technology, an external user (e.g. with DSL internet access) can create a virtual connection to the private TU Dresden data network via the internet. After authentication this user is - from a tecnical view - part of the TU Dresden data network and is able to use the TU Dresden services.
As tunneling protocols IPSec / L2TP/IPSec are applyed. They use the encryption algorithms 3DES bzw. AES. This allows a secure connection between the user and the VPN gateway of ZIH. The VPN gateway is a Cisco Adaptive Security Appliance (ASA) 5520. By default a official IP-address is allocated.
The ZIH provides own VPN access for Institutes and facilities of TU Dresden. Institutes get their according VPN networks and managee the users by their own web interface. As software Cisco AnyConnect Secure Mobility Client is used.
Firewall (protection of end devices)
With the use of VPN, the end devices is protected by a central firewall of the ZIH. Find the current firewall policy here.
Routing (data tranfer)
The whole data traffic in routed over the VPN gateway. Also the private networks with the addresses 10.x.x.x, 172.16.x.x and 192.168.x.x are routed directly, except the client activates the option Allow Local LAN Access.