[AI] Tech Dose of the day: Virtual Private Network (VPN)

vishnu ramchandani vishnuhappy at yahoo.com
Thu Feb 21 04:12:37 EST 2008

Virtual Private Network (VPN)
contributor : Baskar P (from MphasiS Software
What is VPN?
VPN is a private network that uses a public network
(usually the Internet) to connect remote sites or
users together. Instead of using a dedicated,
real-world connection such as leased line, a VPN uses
"virtual" connections routed through the Internet from
the company's private network to the remote site or
employee. Virtual private networks help distant
colleagues work together, much like desktop sharing.
­As the popularity of the Internet grew, businesses
turned to it as a means of extending their own
networks. First came intranets, which are
password-protected sites designed for use only by
company employees. Now, many companies are creating
their own VPN (virtual private network) to accommodate
the needs of remote employees and distant offices.
A typical VPN might have a main LAN at the corporate
headquarters of a company, other LANs at remote
offices or facilities and individual users connecting
from out in the field.
What Makes a VPN?
­A well-designed VPN can greatly benefit a company.
For example, it can:
• Extend geographic connectivity
• Improve security
• Reduce operational costs versus traditional WAN
• Reduce transit time and transportation costs for
remote users
• Improve productivity
• Simplify network topology
• Provide global networking opportunities
• Provide telecommuter support
• Provide broadband networking compatibility
• Provide faster ROI (return on investment) than
traditional WAN
What features are needed in a well-designed VPN?
It should incorporate: 
Security, Reliability, Scalability, Network management
and Policy management.
Types of VPN:
There are two common types of VPN:-
1.	Remote-access.
Also called a virtual private dial-up network (VPDN),
is a user-to-LAN connection used by a company that has
employees who need to connect to the private network
from various remote locations. 
2.      Site-to-Site VPN
Through the use of dedicated equipment and large-scale
encryption, a company can connect multiple fixed sites
over a public network such as the Internet.
Site-to-site VPNs can be one of two types:
Intranet-based –
If a company has one or more remote locations that
they wish to join in a single private network, they
can create an intranet VPN to connect LAN to LAN. 
Extranet-based –
When a company has a close relationship with another
company (for example, a partner, supplier or
customer), they can build an extranet VPN that
connects LAN to LAN, and that allows all of the
various companies to work in a shared environment.
VPN Technologies:
Depending on the type of VPN (remote-access or
site-to-site), you will need to put in place certain
components to build your VPN. These might include:
• Desktop software client for each remote user
• Dedicated hardware such as a VPN concentrator or
secure PIX firewall
• Dedicated VPN server for dial-up services
• NAS (network access server) used by service provider
for remote-user VPN access
• VPN network and policy-management center
Because there is no widely accepted standard for
implementing a VPN, many companies have developed
turn-key solutions on their own.
What is Tunneling?
Most VPNs rely on tunneling to create a private
network that reaches across the Internet. Essentially,
tunneling is the process of placing an entire packet
within another packet and sending it over a network.
The protocol of the outer packet is understood by the
network and both points, called tunnel interfaces,
where the packet enters and exits the network.
Tunneling requires three different protocols:
• Carrier protocol - The protocol used by the network
that the information is traveling over
• Encapsulating protocol - The protocol (GRE, IPSec,
L2F, PPTP, L2TP) that is wrapped around the original
• Passenger protocol - The original data (IPX,
NetBeui, IP) being carried
Tunneling has amazing implications for VPNs. For
example, you can place a packet that uses a protocol
not supported on the Internet (such as NetBeui) inside
an IP packet and send it safely over the Internet. Or
you could put a packet that uses a private
(non-routable) IP address inside a packet that uses a
globally unique IP address to extend a private network
over the Internet.
Applications deployed across the Internet today are
increasingly mission-critical, whereby poor
performance or a lack of security can jeopardize
business success. VPNs can play a major role in
ensuring that these risks are mitigated. By addressing
security and performance issues, a VPN can be a viable
alternative to dedicated, private network links.
Understanding the myriad VPN solutions can help
organizations build infrastructures that will support
their tactical business needs today as well as their
strategic business needs for tomorrow. 
Further References
How Virtual Private Networks Work: 

      5, 50, 500, 5000 - Store N number of mails in your inbox. Go to http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html

More information about the AccessIndia mailing list