This appendix addresses frequently asked questions about virtual private networking in the Microsoft Windows family of operating systems.
Q. How does Microsoft define a virtual private network (VPN)?
A. Microsoft defines a virtual private network as the extension of a private network that encompasses links across shared or public networks such as the Internet. With a VPN, you can send data between two computers across a shared or public network in a manner that emulates a point-to-point private link (such as a dial-up or long-haul T-Carrier-based wide area network [WAN] link). Virtual private networking is the act of creating and configuring a virtual private network.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information. This design allows the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The link in which the private data is encapsulated and encrypted is a VPN connection.
There are two major VPN scenarios—remote access and site-to-site. In remote access, the communications are encrypted between a remote computer (the VPN client) and the remote access VPN gateway (the VPN server) to which it connects. In site-to-site (also known as router-to-router), the communications are encrypted between two routers (VPN gateways) that link two sites.
Q. What are the benefits of using VPN connections?
A. For remote access connections, an organization can use VPN connections to leverage the worldwide connectivity of the Internet and trade its direct-dial remote access solutions (and its corresponding equipment and maintenance costs) for a single connection to an Internet service provider (ISP). And the organization can do this without sacrificing the privacy of a dedicated dial-up connection.
For routed connections, an organization can use VPN connections to leverage the worldwide connectivity of the Internet and trade long-distance dial-up or leased lines for simple connections to an Internet service provider (ISP). Again, this can be done without sacrificing the privacy of a dial-up or dedicated site-to-site link.