Virtual private networks
A virtual private network (VPN) is the extension of a private
network that encompasses links across shared or public networks like
the Internet. With a VPN, you can send data between two computers across
a shared or public network in a manner that emulates a point-to-point
private link. Virtual private networking is the act of creating and
configuring a virtual private network.
To emulate a point-to-point link, data is encapsulated, or
wrapped, with a header that provides routing information, which allows
the data to traverse the shared or public network to reach its endpoint.
To emulate a private link, the data is encrypted for confidentiality.
Packets that are intercepted on the shared or public network are
indecipherable without the encryption keys. The link in which the
private data is encapsulated and encrypted is a virtual private network
(VPN) connection.
The following illustration shows the logical equivalent of a VPN connection.
Users working at home or on the road can use VPN connections to establish a remote access connection to an organization server by using the infrastructure provided by a public network such as the Internet. From the user's perspective, the VPN is a point-to-point connection between the computer (the VPN client) and an organization server (the VPN server). The exact infrastructure of the shared or public network is irrelevant because it appears logically as if the data is sent over a dedicated private link.
Organizations can also use VPN connections to establish routed connections with geographically separate offices or with other organizations over a public network such as the Internet while maintaining secure communications. A routed VPN connection across the Internet logically operates as a dedicated WAN link.
With both remote access and routed connections, an organization can use VPN connections to trade long-distance dial-up or leased lines for local dial-up or leased lines to an Internet service provider (ISP).
Note:
On Windows Server 2003, Web Edition, and Windows Server 2003, Standard
Edition, you can create up to 1,000 Point-to-Point Tunneling Protocol
(PPTP) ports, and you can create up to 1,000 Layer Two Tunneling
Protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can
accept only one virtual private network (VPN) connection at a time. For
more information about feature availability on Windows Server 2003, Web
Edition, see Overview of Windows Server 2003, Web Edition. Windows
Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN
connections. If 1,000 VPN clients are connected, further connection
attempts are denied until the number of connections falls below 1,000. There are two types of Point-to-Point Protocol (PPP)-based VPN technology in the Microsoft Windows 2003 family:
-
Point-to-Point Tunneling Protocol (PPTP)
PPTP uses user-level PPP authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption. -
Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPSec)
L2TP uses user-level PPP authentication methods and computer-level certificates with IPSec for data encryption, or IPsec in tunnel mode, in which IPsec itself provides encapsulation (for IP traffic only).
No comments:
Post a Comment