What is VPN?

When you make a long distance telephone call from your home to a relative far away, you are creating a private network. You can hold a conversation and exchange information about the happenings on opposite sides of the state, or the continent, that you are mutually interested in. When your next door neighbor picks up the phone to call her daughter at college, at the same time you are talking to your relatives, your calls don't overlap, but each is separate and private. Neither house has a direct wire to the places they call. Both share the same lines on the telephone poles (or underground) on the street. These calls are vir tual private networks. Virtual, because they appear to be direct connections between the calling and answering parties, even though they travel over the public wires and switches of the phone company; private, because neither pair of calling and answering parties interacts with the other; and networks, because they exchange information.

Computers can do the same thing; it's called Virtual Private Networks (VPNs). Equipped with VPN Routers, a single computer or private network (LAN) can establish a private connection with another computer or private network over the public network (Internet). The VPN Router can be used in VPNs either to initiate the connection or to answer it. When used in this way, the routers are said to be tunnelling through the public network (Internet). The advantages are that, like your long distance phone call, you don't need a direct line between one computer or LAN and the other, but use the local connections, making it much cheaper; and the information you exchange through your tunnel is private and secure.

Tunneling

Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look "virtually" like a private secure network. When two networks communicate with each other through a network based on the Internet Protocol, they are said to be tunneling through the IP network.

Unlike the phone company, private and public computer networks can use more than one protocol to carr y your information over the wires. Three such protocols are in common use for tunnelling, Point-to-Point Tunnelling Protocol (PPTP), IP Security (IPSec), and Ascend Tunnel Management Protocol (ATMP). The VPN Router can use any of them.

Point-to-Point Tunneling Protocol (PPTP) is an extension of Point-to-Point Protocol (PPP) and uses a client and server model. VPN's PPTP implementation is compatible with Microsoft's and can function as either the client (PAC) or the server (PNS). As a client, a VPN R-series router can provide all users on a LAN with secure access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services (RAS) or with another VPN Router. As a server, a VPN R-series router can provide remote users a secure connection to the resources of the LAN over a dial-up, cable, DSL, or any other type of Internet access. Because PPTP can create a VPN tunnel using the Dial-Up Networking (DUN) utility built into Windows 95, 98, or NT, no additional client software is required.

IP Security (IPsec) is a set of protocols that supports secure exchange of IP packets at the IP layer. IPsec is widely used to implement Virtual Private Networks. DES stands for Data Encryption Standard, a popular symmetric-key encryption method. DES uses a 56-bit key.

Ascend Tunnel Management Protocol (ATMP) is the protocol that is implemented in many Ascend routers. ATMP is a simple protocol for connecting nodes and/or networks together over the Internet via a tunnel. ATMP encapsulates IP or other user data without PPP headers within General Routing Encapsulation (GRE) protocol over IP. ATMP is more efficient than PPTP for network-to-network tunnels.

When used to initiate the tunnelled connection, the VPN Router is called a PPTP Access Concentrator (PAC, in PPTP language), or a foreign agent (in ATMP language). When used to answer the tunnelled connection, the VPN Router is called a PPTP Network Server (PNS, in PPTP language) or a home agent (in ATMP language).

In either case, the VPN Router wraps, or encapsulates, information that one end of the tunnel exchanges with the other, in a wrapper called General Routing Encapsulation (GRE), at one end of the tunnel, and unwraps, or decapsulates, it at the other end.

Configuring the VPN Router for use with any of the three protocols is done through the console-based menu screens. Each type is described in its own section:

Your configuration depends on which protocol you (and the router at the other end of your tunnel) will use, and whether or not you will be using the VPN client software in a standalone remote connection.

Note: You must choose which protocol you will be using, since you cannot both export PPTP and use ATMP, or vice versa, at the same time. Having both an ATMP tunnel and a PPTP export is not possible because both functions require GRE and the router's PPTP export/server does not distinguish the GRE packets it forwards. Since it processes all of them, ATMP tunneling is impaired. For example, you cannot run an ATMP tunnel between two routers and also have PPTP exported on one side.

Summary

A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this by allowing you to tunnel through the Internet or another public network in a manner that provides the same security and features formerly available only in private networks. VPNs allow networks to communicate across an IP network. Your local networks (connected to the VPN Router) can exchange data with remote networks that are also connected to a VPN-capable router. This feature provides individuals at home, on the road, or in branch offices with a cost-effective and secure way to access resources on remote LANs connected to the Internet with VPN Routers. The feature is built around two key technologies: PPTP and ATMP.