ROUTING AND

REMOTE ACCESS
11.2 ICS, NAT, DHCP RELAY AGENT
 ICS
• Internet Connection Sharing (ICS) is the use of a device with Internet access such
as 3G cellular service, broadband via Ethernet, or other Internet gateway as an
access point for other devices.
• It was implemented by Microsoft as a feature of its Windows operating system
(as of Windows 98 Second Edition and later) for sharing a single Internet
connection on one computer between other computers on the same local area
network.
• It makes use of DHCP and network address translation (NAT).
• ICS offers configuration for other standard services and some configuration of
NAT.
 NAT

• NAT stands for network address translation.

• It’s a way to map multiple local private addresses to a public one before
transferring the information.
• Organizations that want multiple devices to employ a single IP address use NAT,
as do most home routers.
How Does NAT Work?

• Let’s say that there is a laptop connected to a home router. Someone uses the
laptop to search for directions to their favorite restaurant. The laptop sends this
request in a packet to the router, which passes it along to the web. But first, the
router changes the outgoing IP address from a private local address to a public
address.
• If the packet keeps a private address, the receiving server won’t know where to
send the information back to
• By using NAT, the information will make it back to the laptop using the router’s
public address, not the laptop’s private one.
DHCP Relay Agent

• Generally, DHCP messages are broadcasted. So, for the messages to be

exchanged between a DHCP client (PC) and a DHCP server, both the client and
server have to reside on the same subnet.
• That is because routers do not forward any broadcast IP packet (i.e. one with a
destination MAC address of FF:FF:FF:FF:FF:FF and a destination IP address of
255.255.255.255) to other interfaces.
• Thus a broadcast DHCP packet sent by a DHCP client cannot be delivered to DHCP
server(s) on different subnet(s) through a router (shown in Figure 1 - (a)).
• This restriction requires all individual subnets to have its own DHCP server for
DHCP operation, which is practically not feasible in network operators' networks
or corporate computer networks (too many DHCP servers are required in the
network!).
• To address this problem, the concept of a DHCP relay agent has long been
adopted [1]. As shown in Figure 1 - (b), enabling the DHCP relay agent function in
the router allows DHCP messages to be exchanged between a DHCP client and
DHCP server residing on different subnets.1 The core function of this DHCP relay
agent is to convert a broadcast DHCP packet into a unicast one, and forward it to
a DHCP server.
11.5 VPN - PPTP, L2TP
VPN

• A VPN, or virtual private network, is a secure and private network connection

through the public internet.
• VPN services protect your personal data, hide your IP address when you use the
internet, and let you bypass censorship, content blocks, and website restrictions.
• VPNs hide your IP address and physical location while encrypting your internet
traffic so that no one can tell who you are, where you are, or what you’re doing
online.
• That’s why VPN means virtual private network — it’s an on-demand private
tunnel through the internet.
How does a VPN work?

• A VPN works by using encryption protocols to funnel all your internet traffic
through an encrypted tunnel — a virtual private network — between your
computer and a remote VPN server.
• This hides your IP address and secures your data, preventing others from
intercepting it.
• Without a VPN, all your internet traffic is potentially exposed to your internet
service provider (ISP), the government, advertisers, or other people on your
network. That’s why VPN connections boost your privacy and security online.
What does VPN stand for?

• VPN means virtual private network.

• A VPN is virtual because it’s created digitally — there isn’t a physical cable that
reaches from your device directly to the VPN server.
• A VPN is private because it encrypts your data and hides your IP address.
• A VPN is a network because it creates a connection between multiple computers
— your device and the VPN server.
PPTP

• The Point-to-Point Tunneling Protocol (PPTP) is a VPN protocol used to secure the
connection between your device and a VPN server.
• One of the oldest VPN protocols, PPTP is plagued by multiple security issues and
is now considered obsolete.
• Despite this, its broad compatibility with a huge range of legacy software and
hardware, its ease of setup, and its lightweight nature enable its widespread use.
How it works
• PPTP is a tunneling protocol, not in itself, a complete VPN protocol. Encryption
and authentication are handled by the Point-to-Point Protocol (PPP), but PPP
includes no routing mechanism to direct packets to their destination.
• PPTP establishes a TCP connection to the VPN server over port 1723, repackaging
the PPP IP packets using Generic Routing Encapsulation (GRE).
• These packets are encrypted with Microsoft Point-to-Point Encryption (MPPE),
which uses an RSA RC4 stream cipher with a maximum key size of 128-bits.
L2TP

• Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point

Tunneling Protocol (PPTP) used by internet service providers (ISPs) to enable
virtual private networks (VPNs).
• To ensure security and privacy, L2TP must rely on an encryption protocol to pass
within the tunnel.
• L2TP can transfer most L2 data types over an IP or Layer Three (L3) network.
• The end user initiates a PPP connection to an ISP through either an Integrated
Services Digital Network (ISDN) or public switched telephone network service
(PSTN).