Microsoft Windows graphic

Virtual Private Network (VPN) Connections Overview

With the Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP), which are automatically installed on your computer, you can securely access resources on a network by connecting to a remote access server through the Internet or other network.  The use of both private and public networks to create a network connection is called a virtual private network (VPN).  The following table describes the advantages of using VPN connections.

Advantage

Example

Cost advantages

The Internet is used as a connection instead of a long distance telephone number or 1-800 service. Because an ISP maintains communications hardware such as modems and ISDN adapters, your network requires less hardware to purchase and manage.

Outsourcing dial-up networks

You can make a local call to the telephone company or Internet service provider (ISP), which then connects you to a remote access server and your corporate network. It is the telephone company or ISP that manages the modems and telephone lines required for dial-up access. Because the ISP supports complex communications hardware configurations, a network administrator is free to centrally manage user accounts at the remote access server.

Enhanced security

The connection over the Internet is encrypted and secure. The remote access server enforces new authentication and encryption protocols. Sensitive data is hidden from Internet users, but made securely accessible to appropriate users through a VPN.

Network protocol support

Because the most common network protocols (including TCP/IP and IPX) are supported, you can remotely run any application dependent upon these particular network protocols. The IPX/SPX protocol is not available on Windows XP 64-Bit Edition.

IP address security

Because the VPN is encrypted, the addresses you specify are protected, and the Internet only sees the external IP address. For organizations with nonconforming internal IP addresses, the repercussions of this are substantial, as no administrative costs are associated with having to change IP addresses for remote access via the Internet.


VPNs and The Internet

Back to Top


There are two ways to create a VPN connection: 

1).  VPNs through the ISP

By making a private connection through the network provided by your ISP.  In this case no additional hardware is required but you must use the same ISP at both ends of the connection.  In this example, the VPN connection makes a call to the remote access server through the VPN gateway setup at the ISP.  After authentication, you can access the corporate network, as shown in the following illustration.  
   

This option is available through Cybertronic.net for an additional $50 per month per connection with the internet connections we sell.   This user makes use of the full-time, high speed SDSL or T1 internet connection setup for them at their remote location.

2). VPNs over the Internet

The second method does not require using the same ISP on both ends.  The VPN tunnel is created by connecting through the Internet as shown in the following examples. 

When the dial-up client calls the ISP, it adds a default route using the connection to the ISP as shown in following figure. At this point, it can reach all Internet addresses through the router at the ISP NAS.

intch0915  
 Default Route Created When Dialing an ISP

When the VPN client creates the VPN connection, another default route and a host route to the IP address of the tunnel server are added, as illustrated in the next figure. 

intch0916

Default Route Created When Initiating the VPN

In the second example, the VPN connection is made through the tunnel established to the VPN gateway server that Cybertronic.Net sets up at your office.  Examples of this type of user include a person whose computer is connected through a modem, a local area network, a cable modem user, or a subscriber of a service such as ADSL, where IP connectivity is established immediately after the user's computer is turned on.  The PPTP or L2TP driver makes a tunnel through the Internet and connects to the PPTP-enabled or L2TP-enabled remote access server.  After authentication, the user can access the corporate network, achieving the same functionality as the preceding example.

note Note

·         Connecting directly to the Internet means direct IP access without going through an ISP. 
(For example, some hotels allow you to use an Ethernet cable to connect to the Internet.)

·         If you have an active Winsock Proxy client, you cannot create a VPN.  A Winsock Proxy client immediately redirects data to a configured proxy server before the data can be processed in the fashion required by a VPN.  To establish a VPN, the Winsock Proxy client should be disabled.

Last maintained on Sunday, August 06, 2006.