How Virtual Private Networks Work by Jeff Tyson
The world has changed a lot in the last couple of decades. Instead of simply dealing
with local or regional concerns, many businesses now have to think about global markets and
logistics. Many companies have facilities spread out across the country or even around the
world. But there is one thing that all of them need:A way to Maintain Fast,Secure
and Reliable Communications wherever their Offices are.
Until recently, this has meant the use of leased lines to maintain a Wide Area Network
(WAN). Leased lines, ranging from ISDN (Integrated Services Digital Network, 144 Kbps) to
OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand their
private network beyond their immediate geographic area. A WAN had obvious advantages over a
public network like the Internet when it came to reliability, performance and security. But
maintaining a WAN, particularly when using leased lines, can become quite expensive and
often rises in cost as the distance between the offices increases.
As the popularity of the Internet grew, businesses turned to it as a means of extending
their own networks. First came intranets, which are password-protected sites designed for
use only by company employees. Now, many companies are creating their own VPNs (Virtual
Private Networks) to accommodate the needs of remote employees and distant
Image courtesy of Cisco Systems, Inc.
A typical VPN might have a main LAN at the corporate headquarters of a company, other
LANs at remote offices or facilities and individual users connecting from out
in the field.
Basically, a VPN is a private network that uses a public network (usually the Internet) to
connect remote sites or users together. Instead of using a dedicated, real-world connection
such as leased line, a VPN uses "virtual" connections routed through the Internet from the
company's private network to the remote site or employee. This article provides a
fundamental understanding of VPNs, and teaches about basic VPN components, technologies,
tunneling and VPN security.
What Makes A VPN?
There are three common VPN types:
Remote-Access: Also called a Virtual Private Dial-up Network (VPDN), this is a
User-to-LAN connection used by a company that has employees who need to connect to the private network
from various remote locations. Typically, a corporation that wishes to set up a large
Remote-Access VPN will outsource to an Enterprise Service Provider (ESP). The ESP sets up a
Network Access Server (NAS) and provides the remote users with desktop client software for
their computers. The telecommuters can then dial a 1-800 number to reach the NAS and use
their VPN client software to access the corporate network. A good example of a company that
needs a Remote-Access VPN would be a large firm with hundreds of sales people in the field.
Remote-Access VPNs permit secure, encrypted connections between a company's private network
and remote users through a third-party service provider.
Site-to-Site: Through the use
of dedicated equipment and large-scale encryption, a
company can connect multiple fixed sites over a public network such as the Internet.Site-to-Site
VPNs can be either:
- Intranet-based: If a company has one or more remote locations that
they wish to join in a single private network, they can create an intranet VPN to connect
LAN to LAN.
- Extranet-based: When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN,
and that allows all of the various companies to work in a shared environment.
Image courtesy of Cisco Systems, Inc.
Examples of the three types of VPNs
A well-designed VPN can greatly benefit a company. For example, it can:
Extend geographic connectivity
Reduce operational costs versus traditional WAN
Reduce transit time and transportation costs for remote users
Simplify network topology
Provide global networking opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (Return On Investment) than traditional WAN
What features are needed in a well-designed VPN? It should incorporate: