E-Mail

VPN

START | AD | DNS | FRAMES | W2000 | ISDN | SERVICES | PPP | IIS5 | VLANS | LDAP

TECH | TCP/IPWSHDSL | HI TECHNETMANOSI | SWITCH | DDNS

Web links

 

 

 

William Mohawk

P.O. Box 1612

Santa Monica, CA 90406

(310) 585 - 2634

VPN connections are similar to dial-up connections in that they give remote users access to your network. But unlike dial-up connections, VPNs let you use an existing network—the Internet, for example—as the connection medium. VPNs wrap the Point-to-Point Protocol (PPP) packets used in dial-up connections with additional tunneling protocol headers that let the VPN packets travel securely over a shared network. VPN is especially beneficial in situations where users would otherwise incur long-distance charges when dialing in to your network. To use VPN, all you need at the client is a connection to the Internet (and with the proliferation of broadband Internet connections, VPN users can realize significantly greater connection speeds than dial-up users). Of course, because you're communicating over a public network, it's important that you adequately secure data communications. How you secure data communications depends on the tunneling protocol you use.

Win2K supports two tunneling protocols: PPTP and Layer 2 Tunneling Protocol (L2TP). Win2K and NT 4.0 both support PPTP, so you can use the protocol with both Win2K Professional and NT Workstation clients. Another advantage of PPTP is that PPTP transmissions pass through a Network Address Translation (NAT) server. However, one downside to PPTP is that because it relies on Microsoft Point-to-Point Encryption (MPPE), it doesn’t provide strong security. MPPE can use a 128-bit encryption key, but you must use the default 40-bit encryption key to provide compatibility with NT 4.0 clients.

Several companies developed PPTP specifically to support VPNs. PPTP is a method for sending network packets over an existing TCP/IP connection (called a tunnel). A VPN requires that the client and server each have an active Internet connection. The server typically has a permanent connection to the Internet. The client connects to the Internet via an ISP and initiates a PPTP connection to the PPTP server from a Dial-Up Networking (DUN) entry. The connection request includes access credentials (i.e., username, password, and domain) and an authentication protocol. RRAS adds the ability to provide server-to-server connections over PPTP, as well as permanent network connections.

A VPN connection exists between the server and client only after the PPTP server authenticates the client. The PPTP session acts as a tunnel through which network packets flow—client to server and vice versa. Network packets are encrypted at the source (client or server), travel inside the tunnel, and are decrypted at the destination. Because network traffic flows inside the tunnel, data is invisible to the outside world. Packet encryption inside the tunnel provides an additional level of security. After the VPN connection is established, a remote user can browse the LAN, connect to shares, and pick up and send email just as a locally connected user can.

In short, VPNs supply network connectivity over a possibly long physical distance. In this respect, VPNs are a form of Wide Area Network (WAN). The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that use the same cabling and routers as does a public network, and they do so without sacrificing features or basic security.  In reality, VPNs provide just a few basic, easy to understand, potential advantages over more traditional forms of wide-area networking. These advantages can be quite significant, but they do not come for free. 

The potential problems with VPNs outnumber the advantages and are generally more difficult to understand. (The disadvantages do not necessarily outweigh the advantages, however.) From security and performance concerns to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.

Web Links

 

 

1