Data Network Resource
       Earn on the Web

Virtual Private Networks (VPNs)


Completely separate network domains can be connected over an ISP cloud. Cisco's Level 2 Forwarding Protocol (L2F) permits the tunnelling of layer 2 frames over higher protocols. A remote user dials into the ISPs network and the ISP configures it's own end devices to forward the traffic from the Point of Prescence (POP) to the company gateway. Microsoft have a tunnelling protocol called Point to Point Tunnelling Protocol (PPTP) however because the tunnel ends at servers rather than routers, there is duplication of traffic on the company network as the encapsulated traffic traverses the LAN first before being unencapsulated and then traversing the LAN again to it's destination. The tunnelling protocol Level 2 Tunnelling Protocol (L2TP) has been developed so that the tunnels terminate at the routers.

Virtual Private Networks (VPN) or Virtual Private Dialup Networks (VPDN), are effectively 'tunnels' through the Internet that allow users with normal access to the Internet (via dialup or otherwise) to reach their organisation's network without compromising security.

Two disparate networks can be connected over the Internet by tunnelling link layer frames over higher layer protocols. One such protocol that allows this is Level 2 Forwarding Protocol (L2FP) (Cisco) and another is Point to Point Tunnelling Protocol (PPTP) (Microsoft).

The ISP network will have a Network Access Server (NAS) that accepts L2F packets from one end and passes them through the cloud to the other network. Individual connections are identified by the Multiplex ID (MID) where a MID of 0 is reserved for the tunnel itself.

L2F works on point to point links across the Internet where one end encapsulates the frames on one network and the other end strips off the L2F encapsulation and sends the frames on to their appropriate destination. The connection occurs as follows:
  • The user initiates a PPP connection to the ISP.
  • The NAS says OK to the connection using CHAP/PAP.
  • The username is used to identify the user as a VPDN client.
  • An unused MID is used in the creation of a new tunnel.
  • The other end sets up a virtual interface and processes the L2F frames.
Advantages include users being able to access their company's network using their local ISP connection and off-loading the remote access responsibilities to the ISP. In addition, one firewall can be used to contain the whole network.

IPsec VPN connectivity.

Multi Protocol Label Switching (MPLS) is Tag Switching for the Virtual Private Network (VPN).

Home

Valid HTML 4.01 Transitional

Disclaimer



Earn on the Web    


All rights reserved. All trademarks, logos, and copyrights are property of their respective owners.