Chapter19.VPN Technology Background

Chapter 19. VPN Technology Background

A Virtual Private Network (VPN) involves transmitting private data over public networks. It is not a new term for data communications. The term VPN initially came from the specific carrier's design, where a part of the carrier's network (referred to as a cloud) is separated from other parts and is leased by an enterprise for purposes of voice, data, and video communications (see Chapter 3, "The Cloud," for more information). Today, VPN is more like a wire in the cloud type of connection, which is explained in this chapter.

Understanding VPN and its complexities is more challenging than for most other technologies on the market because of the many complex mathematical algorithms, and the wide range and types of both deployed and emerging solutions.

In this chapter, you learn about service provider-based VPNs and enterprise VPNs, and their classifications and categories. The focus of this book is on remote access solutions, so information on service provider VPNs is provided solely for the purpose of discussion.

The main topics of the chapter are related to the overview and classification of the existing industry VPN solutions; however, the main focus is on IP Security (IPSec). The chapter presents a concise description of the following topics:

• Service provider VPNs

• Enterprise VPNs

• VPNs on the data link layer and on the network layer of Open System Interconnection (OSI)

• IPSec and security associations

• IPSec modes and protocols

• Key exchange, hashing, and encryption in IPSec