VPNs can fall into one of three categories: remote access, site-to-site intranet, and business-to-business extranet. Figure 2.1 depicts an illustration of each of these categories. Figure 2.1. Three VPN categories.Remote access VPNs enable telecommuters and mobile users to connect to the main office via tunneling protocols such as Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec. With the abundance of Internet access via analog, ISDN, cable, DSL, and mobile IP, remote users can access resources in the corporate network as if they were directly connected to the network inside the corporate office. Remote offices can connect to each other as well as to the main office over the public Internet via site-to-site intranet VPNs. This is more flexible and less expensive than traditional remote office connections, such as packet-switched networks with frame relay and ATM, as well as leased line connections. Business-to-business extranet VPNs utilize VPN tunnels to connect to extranet business partners or other networks that are not part of the corporation. Access rights to the corporate network from the extranet should be defined by the corporation's security policy. |