VPN – Virtual Private Network
Tunneling - network communications process that protects the contents of
the protocol packets by encapsulating them in packets of another protocol -
encapsulation creates a logical illusion of communications tunnel over an
untrusted network
How VPN's work
Establish over any other network - LAN cable connection or LAN wireless or
remote dial up or WAN link
Can connect 2 individual systems or entire networks
Remote access servers or firewalls at the border act as starting points
Common VPN protocols
PPTP - operated at the data link layer or layer 2
o Not encrypted often replaced by L2TP
L2F - operated at the data link layer or layer 2
L2TP - operated at the data link layer or layer 2
IPSec - requires Internet networks - most common - includes security
elements for IPv6
o AH - Authentication Header for authentication, integrity and
nonrepudiation
o ESP - Encapsulating Security Payload - encryption to protect the
confidentiality of transmitted data - performs limited
authentication - operates at the Session layer or Layer 3
o Transport or tunnel mode
PPTP- requires Internet networks
VPN Native Native Protocols Dial-up # of
Protocol Authentication Data Supported Links Simultaneous
Protection Encryption Supported Connections
PPTP Yes No PPP Yes Single point
to point
1
Tunneling - network communications process that protects the contents of
the protocol packets by encapsulating them in packets of another protocol -
encapsulation creates a logical illusion of communications tunnel over an
untrusted network
How VPN's work
Establish over any other network - LAN cable connection or LAN wireless or
remote dial up or WAN link
Can connect 2 individual systems or entire networks
Remote access servers or firewalls at the border act as starting points
Common VPN protocols
PPTP - operated at the data link layer or layer 2
o Not encrypted often replaced by L2TP
L2F - operated at the data link layer or layer 2
L2TP - operated at the data link layer or layer 2
IPSec - requires Internet networks - most common - includes security
elements for IPv6
o AH - Authentication Header for authentication, integrity and
nonrepudiation
o ESP - Encapsulating Security Payload - encryption to protect the
confidentiality of transmitted data - performs limited
authentication - operates at the Session layer or Layer 3
o Transport or tunnel mode
PPTP- requires Internet networks
VPN Native Native Protocols Dial-up # of
Protocol Authentication Data Supported Links Simultaneous
Protection Encryption Supported Connections
PPTP Yes No PPP Yes Single point
to point
1
