18-12-2012, 02:29 PM
VIRTUAL PRIVATE NETWORKS (VPN)
VIRTUAL PRIVATE.doc (Size: 60 KB / Downloads: 29)
INTRODUCTION
Organizations whose facilities are split between two or more locations can connect the locations into a single logical network through the use of routers and wide area networking (WAN) technologies.
When a circuit-switched network like telephone network, is used, permanent or switched circuit services are employed to emulate the physical attachment of the two sites for router-to-router packet exchange obviously it is private.
When a packet network, such as the Internet, is used as WAN for connecting the sites, the private nature of router-to-router communications is threatened, since the network provides no guarantee regarding packet delivery.
Routers intending to talk to one another over logical Internet circuits will find that packets can be injected into or ejected out of the circuits indiscriminately.
To keep such circuits private, the packets flowing on the circuit must be encrypted so that injected packets will be no use of unintended recipients. These private links between routers are called tunnels.
WHAT IS VIRTUAL PRIVATE NETWORK
A VPN is private network constructed with public network infrastructure, such as the global Internet.
A Virtual Private Network connects the components of one network to another. Using tunneling or public network, a Virtual Private Network as name suggests, safely and securely transfers information from one network to another system.
VPNs allow users working at home to connect in a secure fashion to a remote corporate sever using the routing infrastructure provided by a public Internet work. From the user's perspective, the VPN is a point-to-point connection between the user's computer and a corporate server. The nature of the intermediate Internet work is irreverent to the user because it appears as if the data is being sent over a dedicated private link.
VPN technology also allows a corporation to connect to branch office to other companies over a public inter network. While maintaining secure communications.
The VPN connection across the internet logically operates as a Wide Area Network (WAN) link between the sites. In both the cases, the secure connection across the Internet work appears to the user to the user as a private network communications despite the fact that this communication occurs over a public Internet work - hence the name Virtual Private Network.
VPN IMPLEMENTATION
Remote User Access Over The Internet
VPN provide remote access to corporate resources over the public internet, while maintaining privacy of information.
Rather than making a long distance call to a corporate or outsourced Network Access Server (NAS), the user calls a local ISP, the VPN software creates a Virtual Private Network between the dial-up user and the corporate VPN server across the Internet.
Connecting Networks Over The Internet
There are two methods for using VPNs to connect local area networks at remote sites.
Using dedicated lines to connect a branch office to a corporate LAN:
Rather than using an expensive long haul dedicated circuit between the branch office and the corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and local ISP to connect to the Internet. The VPN software uses the local ISP connections and their public Internet to create a Virtual Private Network between the branch office router and the corporate hub router.
Using a Dial - Up line to connect a branch office to a corporate LAN:
Rather than having a router at the branch office make a long distance call to a corporate on outsourced NAS, the router at the branch office can call the local ISP. The VPN software uses the connection to office router and the corporate hub router across the Internet.
Note that in both cases, the facilities that connect the branch office and corporate office to the Internet are local. The corporate hub router that acts as a VPN server must be connected to a local ISP with a dedicated line. This VPN server must listen 24 hours a day for incoming VPN traffic.
Connecting Computers Over An Intranet
In some corporate Internet works, the department data is so sensitive that the department's LAN is physically disconnected from the rest of the corporate Internet work. While this protects the department's confidential information, which creates information accessibility problems for those users not physically connected to the separate LAN.
VPNs allow the department's LAN to be physically connected to the corporate Internet work but separated by a VPN server. Note that the VPN server is not acting as a router between the corporate Internet work and the department LAN. A router would interconnect the two networks allowing everyone access to the sensitive LAN. By using a VPN the network administrator can ensure that only those users on the corporate Internet work who have appropriate credentials (based on a need to know policy with the company) can establish a VPN with the VPN server and gain access to the protected resources of the department.