IN THIS CHAPTER

Virtual Private Networks, or VPNs, are a fundamental building block for creating secure links and for enabling secure internetworking. To create VPNs, you need to create a connection, usually one over a public provider network such as the Public Switched Telephone Network (PSTN) or the Internet.

VPNs use a whole host of Data Link and Session layer protocols — Levels 2 and 3 in the OSI model. Some of these protocols are used to secure the data, usually by a process of encryption using cryptography. Other protocols encapsulate data to provide the necessary mechanism to support the VPN connection. Still other protocols are used to transport data over a VPN.

When the payload portion of a packet is encrypted and encapsulated, that data is sent using VPN transport. When the entire packet, both the payload and header, is encrypted and then encapsulated, the data is sent using VPN tunneling. VPN tunneling is most often either remote access or site to site.

VPNs are a combination of hardware and software. VPNs require a routing function to establish a connection and the software necessary to provide the data translation and packaging mechanisms. The various devices used on VPN systems — routers, gateway/concentrators, network access servers, and others — are described in this chapter.

A variety of VPN software packages, ...