Virtual Private Network (VPN) is a collection of technologies that creates secure connections via the Internet. In simplest terms, a VPN network is a secure connection between two or more locations over some type of a public network.
In a large-scale corporate network, it can consist of multiple local private networks that are separated in different countries. Each private local sites can have 50 to 70 computers with a bandwidth of an equivalent of T1 (1.544 Mbps) to each site. Setting up direct circuit connections would not be the right solution; cost and availability might just be two issues that will be faced. So the right solution should be using the internet connection – the VPN network.
VPN is a secure connection between two or more locations over some type of a public network. There are four types of different protocols used in creating the VPN network via Internet (un-trusted network):
- PPTP—point-to-point tunneling protocol
- L2F—layer 2 forwarding
- L2TP—layer 2 tunneling protocol
- IPSec—IP security protocol
PPTP, L2F, and L2TP are largely targeted at remote access, like dial-up. LAN-to-LAN solutions would use IPSec. See also SonicWall TZ 210 series.
Point-to-point tunneling protocol (PPTP)
Microsoft Windows starting Windows NT server 4 includes RAS (remote access server) that supports PPTP. VPN network that uses PPTP, builds on the functionality of PPP to provide remote access that can be tunneled through the Internet to a destination site or computer. See also the concept of VPN connection.
Generic routing encapsulation (GRE) protocol in PPTP is used to encapsulate PPP packets to provide the flexibility of handling protocols other than IP. PPTP is designed based on Layer 2 OSI model while IPSec operates at layer 3.
Layer 2 forwarding (L2F)
VPN network can also be build using L2F protocol which is developed by Cisco Systems. It is almost similar to PPTP that uses layer 2 tunneling protocol.
Layer 2 tunneling protocol (L2TP)
VPN network can also be build using L2TP which is a combination technology of Microsoft’s PPTP and the Cisco L2F. L2TP is a network protocol which can send encapsulated PPP packets over IP, X.25, Frame Relay, or Asynchronous Transfer Mode (ATM) networks.
The VPN is secured by using a technology known as IPSec. IPSec is a simple version of an emerging Internet IP security protocol. In traditional solution for connecting two remote sites would be to lease a line for each site. But for a low cost solution, VPN network can be used. A virtual private network is a network that is not in actuality private but is as safe as a private network.
IP security protocol (IPSec)
Since the VPN network uses public network as the transportation media, IPSec protocol can be used to secure the connection. IPSec will encrypt all outgoing data and decrypt all incoming data. There are two types of encryption mode that are supported by IPSec:
- Transport mode, encrypts the data portion of each packet but leaves the header unencrypted
- Tunnel mode is the more secure version of IPSec which encrypts both the header and the data.
An IPSec-compliant device is used to decrypt each packet at the receiving side and both devices at the sending and receiving sides must use the share key.
The public key is used to encrypt the data by accomplishing through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley) which allows the receiver to obtain a public key and authenticate the sender using digital certificates. Key-based cryptography requires a method of exchanging a key, or one key of a pair, between the sender and the recipient.
Suggested reading:
Recent Comments