Generally,Virtual Private Network, or VPN, is a technology for connecting the components and resources of one network over another. In common usage, a virtual private network (VPN) is a private corporate network whose wide area network (WAN) connections are made over a shared public network, usually the Internet. A common telecommunications carrier provides connectivity that acts like dedicated lines, but the network backbone is actually shared between all users as in a public network. VPNs are usually more cost-effective for companies than providing traditional remote access services to remote employees by using modem pools, dedicated phones lines, and toll-free numbers.
VPNs use tunneling technologies to allow users to access private network resources through the Internet or another public network. Users enjoy the same security and features formerly available only in their private networks. Tunneling solutions are typically based on Microsoft’s Point-to-Point Tunneling Protocol (PPTP) or Cisco Systems’ Layer 2 Tunneling Protocol (L2TP), depending on resources and requirements.
You can use Internet Connection Services for Microsoft Remote Access Service (RAS), which is included in the Microsoft Windows NT Option Pack, to build VPNs and provide employees with secure remote access to the corporate network over the Internet. Using Windows NT, with its built-in support for PPTP, network administrators must configure two computers on the corporate network:
The Internet service provider (ISP) that provides the far-end tunneling connection services for VPN customers can install a Remote Authentication Dial-In User Service (RADIUS) proxy server and configure it to recognize authentication requests from the customer’s remote employees and forward these requests to IAS on the customer’s private network. In this way, the VPN customer can keep control over remote access permissions for all of its employees.
The ISP can implement other tools from Internet Connection Services for RAS, including the following:
Once everything is set up and configured on the corporate network and at the ISP, remote employees can establish secure, local connections to their private corporate networks from anywhere in the world by dialing local access numbers to their ISPs. The RADIUS proxy server at the ISP forwards their authentication requests to IAS on their corporate networks, which uses their corporate domain controllers to grant access to resources on the corporate network. With Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), secure connections are established between remote employees and the PPTP server on the corporate network. The entire process is transparent to remote employees - as far as they are concerned, they appear to have a local area network (LAN) connection to the corporate network.
Microsoft Windows 98 clients can also use PPTP to connect to VPNs. The Windows 98 client makes two connections to establish a VPN tunnel:
Microsoft Windows 2000 includes support for VPNs similar to that provided by Windows NT, along with the following enhancements: