In addition to the dial-up remote access features of RRAS covered in the previous section, RRAS supports incoming connections via Virtual Private Network (VPN) . A VPN uses a public medium, such as the Internet, to create a secure, encrypted tunnel to connect a client to a remote access server. After this connection is established, one of the tunneling protocols is used to encapsulate and encrypt all of the commands and data that are passed from point-to-point. This allows the data that is passed to be secure from unauthorized individuals, which is especially important when using a public medium such as the Internet. Another advantage of tunneling is that Windows 2000 supports a VPN that can encapsulate various protocols such as TCP/IP, IPX/SPX, and NetBEUI; the latter two protocols are not normally routable over the Internet. There are two tunneling protocols available for a VPN connection are
A VPN works by having a remote client connect to the Internet via dial-up or some other type of connection. Then the remote client starts the VPN client software and it connects to the remote access server over the Internet. After authorization, the two computers communicate via an encrypted point to point connection. Because a VPN is just another form of remote access, the configuration is virtually identical to the remote access connection that we previously configured. All of the same policy attributes and profiles can be configured for a VPN. |