Network Sales and Services Handbook (Cisco Press Networking Technology)

Remote access solutions are deployed by enterprise organizations to provide access to fixed site resources to remote users (not at a fixed workstation) at a site's LAN. A virtual private network (VPN) is a public network being used for this private and secure communication between the remote (telecommuting or mobile) user and the organization's LAN. This VPN connection is authenticated and encrypted across the public network. Often times this public network is the Internet.

A VPN is made up of three technologies, used together, to form a secure connection. These three technologies are as follows:

• Authentication The process of identifying the entity (user, router, network device) requiring access. Some examples of authentication are those schemes using PAP/CHAP or RADIUS.

• Tunneling Used to encapsulate network protocols (TCP/IP, IPX/SPX, AppleTalk, and NetBEUI) into an IP packet that can travel across the Internet. Some examples of tunneling protocols are PPTP, L2TP, or L2F.

• Encryption An extra measure protecting the data through the tunnel. Data is encrypted before it is tunneled (encapsulated). Some examples of encryption are PGP, MD5, or IPSec (if configured to provide encryption).

The following list provides several VPN network architectures deployed by enterprise organizations for VPN services:

• Firewall based (for example, Cisco PIX)

• Black-box based (for example, any VPN vendor proprietary implementation)

• Router based (for example, Cisco 36x0/75xx Series routers)

• Remote-access based (for example, Cisco 300x Series VPN Concentrators)