A virtual private network (VPN) extends the capabilities of a private network to encompass links across shared or public networks such as the Internet. With a VPN, you can send data between two computers across a shared or public network in a manner that emulates a point-to-point link on a private network. Virtual private networking is the act of creating and using a virtual private network.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information, which allows the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data is encrypted for confidentiality. Packets that are intercepted on the shared or public network cannot be read without the encryption keys. The link in which the private data is encapsulated and encrypted is a VPN connection.
The following table describes the advantages of using VPN connections. For more information, click an advantage.
| Advantage | Example |
|---|---|
| Cost advantages | The Internet is used as a connection instead of a long-distance telephone number or 1-800 service. Because an Internet service provider (ISP) maintains communications hardware, such as modems and ISDN adapters, to access the Internet, your network requires less hardware to purchase and manage. |
| Outsourcing dial-up networks | You can make a local call to the telephone company or ISP, which then connects you to a remote access server and your corporate network. The telephone company or ISP manages the modems and telephone lines required for dial-up access. Because the ISP supports complex configurations of communication hardware, a network administrator is free to centrally manage user accounts at the remote access server. |
| Enhanced security through VPN | The connection over the Internet is encrypted and secure. Authentication and encryption are enforced by the VPN server. Sensitive data is hidden from unauthorized users, but it is accessible to users authorized through the connection. |
| Network protocol support | You can remotely run any application that depends on the most common network protocols, including TCP/IP and IPX. |
| IP address security | Because information sent over a VPN is encrypted, the addresses you specify are protected, and the Internet sees only the external IP address. For organizations with private addresses, this advantage is substantial, because no administrative costs are incurred from having to change IP addresses for remote access over the Internet. |
You can create a VPN connection by dialing an ISP or by connecting directly to the Internet, as shown in the following examples.
In the first example, the VPN user makes a call to an ISP. After a connection is established with the ISP, the ISP server then makes a call to the remote access server that establishes the Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) tunnel. These protocols are automatically installed on your computer. After the VPN connection is made, you can access the corporate network, as shown in the following illustration.
In the second example, a user who is already connected to the Internet uses a VPN connection to connect to the VPN server. Examples of this type of user include a person whose computer is connected to a local area network, a cable modem user, or a subscriber of a service such as ADSL, where IP connectivity is established immediately after the user's computer is turned on. The VPN client makes a tunnel through the Internet and connects to the PPTP-enabled or L2TP-enabled VPN server. After the VPN connection is made, the user can access the corporate network, achieving the same functionality as the user in the preceding example.
For information about creating a VPN connection, see To make a virtual private network (VPN) connection. For information about the ways Active Directory can tighten security measures for VPNs, see VPN administration.
Note
