What Are VPNs?

VPNs mean different things to different people. Some people claim that leased lines using Frame Relay connecting their offices is a VPN. It's virtual because the offices are not really connected with a single cable, but rather through a service provider's switched network. It's definitely a network, which the company uses to share data, but is it private? Many people have different minds on the subnet. Some people claim that the provider's switched network is secure and that data cannot be compromised even though it is sent in cleartext. Others claim that "If there is a will, there is a way," and that if someone wants the data bad enough, he can obtain it off the provider's equipment.

What we want in a VPN is exactly what the acronym stands for: a virtual private network. We want a private network on which we can send and receive data and be sure that it cannot be compromised as it traverses the medium.

VPNs have two main categories:

• Remote-access VPNs

• Site-to-site VPNs

Remote-Access VPNs

Remote access VPNs are those in which a point-to-point connection is established between a remote user and the central office. Usually implemented over dial-up connections using the Point-to-Point Protocol (PPP), remote-access VPNs are now also implemented over DSL and cable modem connections to allow for high-speed access to resources on a corporate network over the Internet. Because the Internet is a multi-access network, PPP cannot be used to transport data to and from the corporate network. New secure protocols are required for today's remote access VPNS, and they include Layer 2 Forwarding (L2F) Protocol, Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec.

Site-to-Site VPNs

Site-to-Site VPNs create secure connections between two or more corporate offices over a public medium, such as the Internet. These types of VPNs allow many users to use a secure tunnel created between these offices. It is important to remember that with site-to-site VPNs, the VPN gateways secure all data between sites; end users do not secure data but only send it to the opposite site. VPN gateways can include Cisco IOS routers, Cisco VPN Concentrators, Cisco PIX Firewalls, and third-party VPN products.