How Virtual Private Networks Work
Document ID: 14106
Introduction Prerequisites Requirements Components Used Conventions Background Information What Makes a VPN? Analogy: Each LAN Is an IsLANd VPN Technologies VPN Products Related Information
This document covers the fundamentals of VPNs, such as basic VPN components, technologies, tunneling, and VPN security.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Background ...view middle of the document...
As the popularity of the Internet has grown, businesses have turned to it as a means of extending their own networks. First came intranets, which are sites designed for use only by company employees. Now, many companies create their own Virtual Private Networks (VPNs) to accommodate the needs of remote employees and distant offices.
A typical VPN might have a main local−area network (LAN) at the corporate headquarters of a company, other LANs at remote offices or facilities, and individual users that connect from out in the field. A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real−world connection, such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.
What Makes a VPN?
There are two common types of VPNs. • Remote−AccessAlso called a Virtual Private Dial−up Network (VPDN), this is a user−to−LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote−access VPN provides some form of Internet dial−up account to their users using an Internet service provider (ISP). The telecommuters can then dial a 1−800 number to reach the Internet and use their VPN client software to access the corporate network. A good example of a company that needs a remote−access VPN would be a large firm with hundreds of sales people in the field. Remote−access VPNs permit secure, encrypted connections between a company's private network and remote users through a third−party service provider. • Site−to−SiteThrough the use of dedicated equipment and large−scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Each site needs only a local connection to the same public network, thereby saving money on long private leased−lines. Site−to−site VPNs can be further categorized into intranets or extranets. A site−to−site VPN built between offices of the same company is said to be an intranet VPN, while a VPN built to connect the company to its partner or customer is referred to as an extranet VPN. A well−designed VPN can greatly benefit a company. For example, it can:
• Extend geographic connectivity • Reduce operational costs versus traditional WANs • Reduce transit times and traveling costs for remote users • Improve productivity • Simplify network topology • Provide global networking opportunities • Provide telecommuter support • Provide faster Return On Investment (ROI) than traditional WAN What features are needed in a well−designed VPN? It should incorporate these items: • Security • Reliability • Scalability • Network Management • Policy Management
Analogy: Each LAN Is an IsLANd
Imagine that you live on an island in a huge ocean. There are thousands of other islands all around you, some very...