What is a VPN?

Here at Microsolve we provide our clients with a way to maintain fast, secures and reliable communications to accommodate the needs of remote employees and distant offices, through their own VPN (Virtual private network).
Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.

A well-designed VPN can greatly benefit a company. For example, it can:

•   Extend geographic connectivity

•   Improve security

•   Reduce operational costs versus traditional WAN

•   Reduce transit time and transportation costs for remote users

•   Improve productivity

•   Simplify network topology

•   Provide global networking opportunities

•   Provide telecommuter support

•   Provide broadband networking compatibility

•   Provide faster ROI (return on investment) than traditional WAN

At Microsolve we also construct a well –designed VPN which incorporates:

• Security

• Reliability

• Scalability

• Network Management

Typically, when deploying a remote networking solution, an enterprise needs to facilitate controlled access to corporate resources and information. The solution must allow roaming or remote clients to connect to LAN resources, and the solution must allow remote offices to connect to each other to share resources and information (router-to-router connections). In addition, the solution must ensure the privacy and integrity of data as it traverses the Internet. The same concerns apply in the case of sensitive data traversing a corporate internetwork.

Therefore, a VPN solution should provide at least all of the following:

• User Authentication. The solution must verify the VPN client's identity and restrict VPN access to authorized users only. It must also provide audit and accounting records to show who accessed what information and when.

• Address Management. The solution must assign a VPN client's address on the intranet and ensure that private addresses are kept private.

• Data Encryption. Data carried on the public network must be rendered unreadable to unauthorized clients on the network.

• Key Management. The solution must generate and refresh encryption keys for the client and the server.

•   Multiprotocol Support. The solution must handle common protocols used in the public network. These include IP, Internetwork Packet Exchange (IPX), and so on.

An Internet VPN solution based on the Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) meets all of these basic requirements and takes advantage of the broad availability of the Internet. Other solutions, including Internet Protocol Security (IPSec), meet only some of these requirements, but remain useful for specific situations.

Tunneling is a method of using an internetwork infrastructure to transfer data for one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork.

The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is decapsulated and forwarded to its final destination. Tunneling includes this entire process (encapsulation, transmission, and decapsulation of packets).

Tunneling Protocols

• Point-to-Point Tunneling Protocol (PPTP). PPTP allows IP, IPX, or NetBEUI traffic to be encrypted, and then encapsulated in an IP header to be sent across a corporate IP internetwork or a public IP internetwork such as the Internet.

•  Layer Two Tunneling Protocol (L2TP). L2TP allows IP, IPX, or NetBEUI traffic to be encrypted, and then sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, Frame Relay, or ATM.

•   IPSec tunnel mode. IPSec tunnel mode allows IP packets to be encrypted, and then encapsulated in an IP header to be sent across a corporate IP internetwork or a public IP internetwork such as the Internet.

For a tunnel to be established, both the tunnel client and the tunnel server must be using the same tunneling protocol.

Source: http://technet.microsoft.com/en-us/library/bb742566.aspx