Introduction

Abstract

The use of both public and private networks to create a network connection is called a virtual private network (VPN). In this scenario, Electronic, Inc., a fictional company, has deployed Windows 2000 Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) VPN technologies to create secure remote access, branch office, and business partner connectivity solutions. This paper describes the design and configuration of the Electronic, Inc. VPN and dial-up remote access infrastructure.

Introduction

This white paper describes how common virtual private network scenarios are configured for a fictional company by using the Windows 2000 operating system. Although your network configuration may be different than those described here, you can still apply the basic concepts of virtual private networking in your network environment.

The use of both public and private networks to create a network connection is called a virtual private network (VPN).

A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. With a VPN, you can send data between two computers across a shared or public network in a manner that emulates a point-to-point private link. Virtual private networking is the act of creating and configuring a virtual private network.

To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information, which allows the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The link in which the private data is encapsulated and encrypted is a virtual private network (VPN) connection.

Electronic, Inc. is a fictional electronics design and manufacturing company with a main corporate campus in New York and branch offices and distribution business partners throughout the United States. Electronic, Inc. has implemented a VPN solution by using the Windows 2000 operating system to connect remote access users, branch offices, and business partners.

The VPN server at the corporate office provides both remote access and router-to-router PPTP and L2TP VPN connections. In addition, the VPN server provides the routing of packets to intranet and Internet locations.

Based on the common configuration of the VPN server, the following virtual private network scenarios are described:

  • VPN remote access for employees.

  • On-demand branch office access.

  • Persistent branch office access.

  • Extranet for business partners.

  • Dial-up and VPNs with RADIUS authentication.

Note: The example companies, organizations, products, people, and events depicted herein are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.