In years gone by if a remote office needed to connect with a central computer or network at company headquarters it meant installing dedicated leased lines between the locations. These dedicated leased lines provided relatively fast and secure communications between the sites, but they were very costly.
To accommodate mobile users companies would have to set up dedicated dial-in remote access servers (RAS). The RAS would have a modem, or many modems, and the company would have to have a phone line running to each modem. The mobile users could connect to the network this way, but the speed was painstakingly slow and made it difficult to do much productive work.
With the advent of the Internet much of that has changed. If a web of servers and network connections already exists, interconnecting computers around the globe, then why should a company spend money and create administrative headaches by implementing dedicated leased lines and dial-in modem banks. Why not just use the Internet?
Well, the first challenge is that you need to be able to choose who gets to see what information. If you simply open up the whole network to the Internet it would be virtually impossible to implement an effective means of keeping unauthorized users from gaining access to the corporate network. Companies spend tons of money to build firewalls and other network security measures aimed specifically at ensuring that nobody from the public Internet can get into the internal network.
How do you reconcile wanting to block the public Internet from accessing the internal network with wanting your remote users to utilize the public Internet as a means of connecting to the internal network? You implement a Virtual Private Network (VPN). A VPN creates a virtual “tunnel” connecting the two endpoints. The traffic within the VPN tunnel is encrypted so that other users of the public Internet can not readily view intercepted communications.
By implementing a VPN, a company can provide access to the internal private network to clients around the world at any location with access to the public Internet. It erases the administrative and financial headaches associated with a traditional leased line wide-area network (WAN) and allows remote and mobile users to be more productive. Best of all, if properly implemented, it does so without impacting the security and integrity of the computer systems and data on the private company network.
Traditional VPN’s rely on IPSec (Internet Protocol Security) to tunnel between the two endpoints. IPSec works on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application. When connected on an IPSec VPN the client computer is “virtually” a full member of the corporate network- able to see and potentially access the entire network.
