Previous Page Next Page

Virtual Private Network (VPN)

By definition, as per RFC 2828—VPN is "a restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network."

Stated more simplistically, a VPN can be defined as

A VPN carries private traffic over a public or shared infrastructure (such as the Internet). The most common and effective VPN technology is applied at the network layer of the OSI model to encrypt traffic flow among specific users, applications, or IP subnet pairs. VPN at the network layer is transparent to intermediate network devices and independent of network topology.

VPN designs can be constructed in a variety of scenarios. The most common deployment scenarios are

In all cases, the VPN consists of two endpoints that may be represented by routers, firewalls, or individual client workstations or servers.

VPN employs the cryptographic and noncryptographic approaches to create a secure communication over insecure channels.

Cryptographic VPN technologies include

Noncryptographic VPN technologies include

The next chapter will cover details of IPsec VPNs with a focus on Cisco VPN solutions that use cryptographic approaches. This chapter builds the foundation of cryptographic algorithms and protocols, which is required before moving on to the IPsec VPN solutions in the next chapter.

Previous Page Next Page