The basic concept of a VPN is really quite simple: If a user wants to send traffic from one point to another, that data is placed inside another packet and sent to its destination. This process is known as encapsulation . For example, if Jack wants to send traffic from his computer to the headquarters office across the Internet, Jack first establishes a secure VPN tunnel with HQ. Then, all the traffic directed to HQ is broken up and placed into other packets being encapsulated, and perhaps even encrypted from prying eyes.
To give an analogy, VPNs are like having truck carry a payload of data for you. If you want to send data to another location, you place that data in the truck. Instead of an open , flatbed truck where everyone can see your data, the truck has a canopy enclosing (encrypting) the payload so other users cannot view your true data. Figure 12.1 displays Jack's traffic flowing through a remote access VPN tunnel to HQ. After the traffic reaches HQ, the data is taken out of the tunnel, reassembled, and sent along its way. As you can see, VPNs just perform a middleman action to carry data from one peer to another in a secure manner.
Figure 12.1. Basic access VPN traffic.