Sunteți pe pagina 1din 6



Organizations whose facilities are split between two or more locations can connect the
locations into a single logical network through the use of routers and wide area networking
(WAN) technologies.
When a circuit-switched network like telephone network, is used, permanent or switched
circuit services are employed to emulate the physical attachment of the two sites for router-to-router packet
exchange obviously it is private. When a packet network, such as the Internet, is used as WAN for
connecting the sites, the private nature of router-to-router communications is threatened, since the network
provides no guarantee regarding packet delivery.
Routers intending to talk to one another over logical Internet circuits will find that packets can be
injected into or ejected out of the circuits indiscriminately.
To keep such circuits private, the packets flowing on the circuit must be encrypted so that injected
packets will be no use of unintended recipients. These private links between routers are called
tunnels.VPNs are so important to organizations supporting telecommuters, branch offices, and off-site
partners, that VPNs are becoming a critical part of corporate Information Technology strategy.

2. What is Virtual Private Network

A VPN is private network constructed with public network infrastructure, such as the global
Internet. A Virtual Private Network connects the components of one network to another. Using tunneling
or public network, a Virtual Private Network as name suggests, safely and securely transfers information
from one network to another system.
VPNs allow users working at home to connect in a secure fashion to a remote corporate sever
using the routing infrastructure provided by a public Internet work. From the user's perspective, the VPN is
a point-to-point connection between the user's computer and a corporate server. The nature of the
intermediate Internet work is irreverent to the user because it appears as if the data is being sent over a
dedicated private link.
VPN technology also allows a corporation to connect to branch office to other companies over a
public inter network. While maintaining secure communications. The VPN connection across the internet
logically operates as a Wide Area Network (WAN) link between the sites. In both the cases, the secure
connection across the Internet work appears to the user to the user as a private network communications
despite the fact that this communication occurs over a public Internet work - hence the name Virtual
Private Network.
3. VPN Implementation

3.1 Remote User Access Over The Internet

VPN provide remote access to corporate resources over the public internet, while maintaining
privacy of information. Rather than making a long distance call to a corporate or outsourced Network
Access Server (NAS), the user calls a local ISP, the VPN software creates a Virtual Private Network
between the dial-up user and the corporate VPN server across the Internet.

3.2 Connecting Networks Over The Internet

There are two methods for using VPNs to connect local area networks at remote sites.

3.2.1 Using dedicated lines to connect a branch office to a corporate LAN:

Rather than using an expensive long haul dedicated circuit between the branch office and the
corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and
local ISP to connect to the Internet. The VPN software uses the local ISP connections and their public
Internet to create a Virtual Private Network between the branch office router and the corporate hub router.

3.2.2 Using a Dial - Up line to connect a branch office to a corporate LAN:

Rather than having a router at the branch office make a long distance call to a corporate on
outsourced NAS, the router at the branch office can call the local ISP. The VPN software uses the
connection to office router and the corporate hub router across the Internet.
Note that in both cases, the facilities that connect the branch office and corporate office to the
Internet are local. The corporate hub router that acts as a VPN server must be connected to a local ISP with
a dedicated line. This VPN server must listen 24 hours a day for incoming VPN traffic.

3.3 Connecting Computers Over An Intranet

In some corporate Internet works, the department data is so sensitive that the department's LAN is
physically disconnected from the rest of the corporate Internet work. While this protects the department's
confidential information, which creates information accessibility problems for those users not physically
connected to the separate LAN.
VPNs allow the department's LAN to be physically connected to the corporate Internet work but
separated by a VPN server. Note that the VPN server is not acting as a router between the corporate
Internet work and the department LAN. A router would interconnect the two networks allowing everyone
access to the sensitive LAN. By using a VPN the network administrator can ensure that only those users on
the corporate Internet work who have appropriate credentials (based on a need to know policy with the
company) can establish a VPN with the VPN server and gain access to the protected resources of the
Additionally, all communications across the VPN can be encrypted for data confidentiality. Those
users who do not have the proper credentials can not view the department LAN.

4. Basic Requirements Of VPNs

Typically when deploying a remote networking solution an enterprise needs to facilitate controlled
access to corporate resources and information. The solution must allow roaming or remote clients to
connect to corporate to each other to share resources and information (LAN-to-LAN connections).

Therefore at a minimum a VPN solution should provide all of the following:

1. User Authentication
The solution must verify the user's identity and restrict VPN access to authorized users only. In
addition, the solution must provide audit and accounting records to show who accessed what information
2. Address Management
The solution must assign a clients address on the private net, and must ensure that the private address are
kept private.
3. Data encryption
Data carried on the public network must be rendered unreadable to unauthorized clients on the
4. Key Management
The solution must generate and refresh encryption Keys for the client and server.
5. Multi protocol Support
The solution must be able to handle common protocols used in the public network. These include
Internet Protocol (IP), internet packet exchange (IPX) and so on.


Using tunneling can create a VPN. Tunneling is a Technology that lets a network transport protocol
carry information for other protocols within its own packets.
Tunneling is a method of using an Internet work infrastructure to transfer data from one network
over another network. The data to be transferred can be frames or packets of another protocol. Instead of
sending a frame ad it is produced by the originating node, the tunneling protocol encapsulates the frame in
an additional header. The additional header provides routing information so that the encapsulated payload
can traverse the intermediate Internet work.
The encapsulated packets are then routed between tunnel end points over the Internet work. The
logical path through which the encapsulated packets travel through the Internet work is called a tunnel.
Once the encapsulate frames reach their entire process (encapsulation, transmission and encapsulation of

5.1 Tunneling Technologies

1. SNA tunneling over IP Internet works

When System Network Architecture (SNA) traffic is sent across a corporate IP Internet work, the SNA
frame is encapsulated in a UDP and IP header.
2. IPX tunneling for Novell Netware over IP Internet works
When an IPX packet is sent to a NetWare server or IPX router, server or router wraps the IPX packet in a
UDP and the IP header, and then sends it across an IP Internet work. The destination IP-to-IPX router
removes the UDP and IP header and forwards the packet to the IPX destination.
3. Point-to-Point tunneling protocol (PPTP)
PPTP allows IP, IPX traffic to be encrypted and then encapsulate in an IP header to be sent across a
corporate IP Internet work or a public IP Internet work such as the Internet work.
4. Layer2 Tunneling Protocol (L2TP)
L2TP allows IP, IPX traffic to be encrypted and then sent over any medium that supports point-to-point
data gram delivery such as IPX 25, Frame Relay.
5. IP security (IPSEC) tunnel mode
IPSEC tunnel mode allows IP payloads to be encrypted and then encapsulate in an IP header to be sent
across a corporate IP Internet work or a public Internet work such as the Internet.

5.2 Tunneling Protocols

1.Tunneling technology can be based on either a Layer2 or Layer3 tunneling protocol. These layers
correspond to the Open Systems Interconnection (OSI) reference model.
2. Layer2 protocol corresponds to the data link layer and use frames as their unit of exchange. PPTP and
L2TP and L2F are Layer2 tunneling protocols.
3. Layer3 protocols correspond to the network layer and use packets. IP over IP and IP Security (IPSEC)
tunnel mode are examples of Layer 3 tunneling protocols.
5.3 How Tunneling Works

For Layer2 tunneling terminologies such as PPTP and L2TP a tunnel is similar to a session. Data
transferred across the tunnel using a datagram based protocol. A tunnel maintenance protocol is used as a
mechanism to manage the tunnel. For layer2 protocols, however a tunnel must be created maintained and
then terminated.
Once the tunnel is established, tunnel data can be sent. The tunnel client or server uses a tunnel data
transfer protocol to prepare the data to transfer.
For example when the tunnel client sends a payload to tunnel server, the tunnel client first appends
a tunnel data transfer protocol header to the payload. The client then sends the resulting encapsulated
payload across the Internet work, which routes it to the tunnel server. The tunnel server accepts the
packets, removes the tunnel data transfer protocol header and forward the payload to the target network.

6. How VPNs differ from ordinary networks

VPN differ from ordinary networks in three ways:

1.Virtual Private Networks allow any valid remote user to become part of a corporate central network,
using the same network scheme and addressing as users on this central network.
2.Each Corporate central network can also be responsible for validating their own users, despite the fact
that they are actually dialing into a public network.
3.The Internet Service Provider can give each of their customer's a unique dial-up telephone number,
which will distinguish their service from any other. But this is depends on the software that will be used by
the remote user.

7.Example use of VPN

A remote employee wants to connect into the corporate network and access their company's internal web.
Step1. The remote user dials into their local ISP and logs into the ISP's network as usual.
Step2. When connectivity to the corporate network is desired, the user initiates a tunnel request to the
destination Security server on the corporate network. The Security server authenticates the user and creates
the other end of tunnel.
Step3. The user then sends data through the tunnel, which encrypted by the VPN software before being
sent over the ISP connection.
Step4. The destination Security server receives the encrypted data and decrypts. The Security server then
forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote
user is also encrypted before being sent over the Internet.
8. Benefits of Virtual Private Network
1) Secure data transmission with Tunneling Protocol through Internet.Cost effectiveness which eliminates
long distance charges. VPN links are always based on telephone calls, anywhere around the world
resulting in increased performance and productivity.
2) VPN using the Internet provides an effective medium for communication.
3) Since communication via the Internet using VPN costs a fraction of an identical link, more remote units
can be interconnected.


Thus VPN is an outgrowth of the Internet technology, which will transform the daily method of
doing business faster than any other technology. A Virtual Private Network, or VPN, typically uses the
Internet as the transport backbone to establish secure links with business partners, extend communications
to regional and isolated offices, and significantly decrease the cost of communications for an increasingly
mobile workforce. VPNs serve as private network overlays on public IP network infrastructures such as
the Internet.