Virtual Private Networks

Virtual private networks (VPNs) have become very popular during the past several years because they can give you the connection flexibility and security that is needed for remote connections—and you can use an existing network infrastructure, such as an intranet or even the Internet. VPN connections enable you to use an existing public network, such as the Internet, freely and in a way that is private. When a VPN connection is used, the actual network data that you are transferring is encapsulated in a Point to Point Tunneling Protocol packet (PPTP) or a Layer 2 Tunneling Protocol (L2TP) packet. The packet has the typical header destination that you might find on a typical PPP packet traveling the Internet. The PPTP or L2TP packet can traverse the Internet as a PPP packet. When the packet reaches the destination network, the PPTP or L2TP encapsulation is stripped away and the true data is revealed. The end result? You can connect to segments of your network using the Internet without paying WAN link charges. This feature works well for a company that has a satellite office where a few people need to send data over the VPN connection each day. Of course, the VPN connection is not designed for high levels of traffic, but in many connectivity cases, it is an easy and cost-efficient solution.

PPTP allows tunneled traffic through an IP network, such as the Internet. The second type of protocol is L2TP, which provides more functionality. For example, PPTP can only be used on IP networks, whereas L2TP encapsulates PPP frames to be sent over IP, X.25, frame relay, or ATM networks. Also, L2TP supports header compression and tunnel authentication, as well as the use of IP Security (IPSec). PPTP does support encryption, however, whereas L2TP only supports encryption when IPSec is used. The end result is that L2TP gives you more options and functionality than PPTP, but both are highly effective VPN protocols. However, if you are using Windows XP Professional to access a Windows NT VPN server, note that only PPTP is supported. You can use L2TP to connect to Windows 2000 VPN servers, or another Windows XP Professional computer acting as a VPN server.

You can configure Windows XP Professional to both make VPN connections and allow incoming VPN connections. The following steps show you the process of configuring Windows XP Professional to make VPN calls.

Configuring VPN Connectivity

1. Click Start | Control Panel | Network Connections.

2. Start the New Connection Wizard and click Next on the Welcome page.

3. In the Network Connection Type page, click Connect to the Network at My Workplace and click Next.

4. In the Network Connection page, choose the Virtual Private Network Connection radio button and click Next.

5. In the Connection Name page, enter a friendly name for the connection and click Next.

6. In the Public Network page, choose which existing dial-up connection you want to dial so that the VPN tunnel can be established. For example, if you had a dial-up connection configured to access a RAS server, you could select that connection for the VPN server. Make your selection and click Next.

7. Enter the host name or IP address of the VPN server to which you are connecting.

8. Click Finish. The VPN connection is created and now appears in the Network Connections folder.

The VPN connection’s properties pages are basically the same as a typical dial-up connection. You have the same security setting options, calling options, and so on. The General tab lists the host name or IP address of the destination and the dial-up connection that should be used to generate the VPN connection. If you want to accept incoming VPN connections, you can use the New Connection Wizard to create an incoming connection, and then allow VPN connections during the wizard steps. See the previous section for more information about creating incoming connections. Keep in mind that VPN connectivity can be managed with authentication protocols, just as a typical dial-up connection. This feature enables you to use VPN solutions without compromising network security standards.