VPN trusts a user to connect to private resources securely over public infrastructure networks that we don't trust. VPN creates an encrypted connection (known as a secure VPN tunnel) and all data traffic passes through this secure tunnel.
Let’s consider several different VPNs and think about where they fit. We’ll look at two main classes of VPN, which I will refer to as remote access VPNs and network-based site-to-site VPNs:
- Remote access VPN: This is a perfect solution for users who need to connect to a corporate network to gain access to IT resources remotely. For example, telecommuters, mobile users, and extranet users. The connection between the user and the corp network happens through the internet. VPNs might require users to install the VPN client firewall vendors' specific software, or they may be required to use a web-based client. The VPN client software forms a secure tunnel with the VPN server and encapsulates and encrypts the information before sending it over the internet to the VPN server. IPSec or tunnelling protocols can be used to establish a tunnel between endpoints on a network. VPN technology offers IPSec and SSL, two of the most famous and widely deployed methods to deploy remote VPNs.
A remote access VPN user must have an AAA profile to control access and authorization.
- Site–to–Site VPN: Site-to-site VPNs (often known as point-to-point VPNs) are mostly used in the corporate sector to provide IT resource access to branch offices and partners' offices in different geographic locations. When remote offices of the same organization are connected using site-to-site VPNs, it is known as an intranet based VPN. If the purpose was to provide connectivity to a partner's domain, then it would be known as an extranet VPN.