Components of virtual private networking

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Components of virtual private networking

A virtual private network can include the following components:

• Virtual private network (VPN) servers

  You can configure your computer to provide access to an entire network or to restrict access to just the resources of the computer acting as the VPN server.

• VPN clients

  VPN clients are either individual users who obtain a remote access VPN connection or routers that obtain a router-to-router VPN connection. VPN clients running a member of the Windows server 2003 family, Windows XP, Windows 2000, Windows NT 4.0, Windows 95, Windows 98, or Windows Millennium Edition can create remote access VPN connections to the VPN server. Computers running either a member of the Windows server 2003 family or Windows 2000 and Routing and Remote Access, or Windows NT server 4.0 and the Routing and Remote Access Service (RRAS), can create router-to-router VPN connections. VPN clients can also be any Point-to-Point Tunneling Protocol (PPTP) client or Layer Two Tunneling Protocol (L2TP) client that uses Internet Protocol security (IPSec).

• LAN and remote access protocols

  LAN protocols are used by application programs to transport information. Remote access protocols are used to negotiate connections and provide framing for LAN protocol data that is sent over wide area network (WAN) links. Routing and Remote Access supports the PPP remote access protocol. Windows Server 2003, Datacenter Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Web Edition; and Windows Server 2003, Standard Edition all support LAN protocols such as TCP/IP and AppleTalk, which enable access to Internet, UNIX, Apple Macintosh, and Novell NetWare resources.

• Tunneling protocols

  VPN clients use tunneling protocols to create secured connections to a VPN server by using the PPTP or L2TP tunneling protocols.

• WAN options

  VPN servers are connected to the Internet by using permanent WAN connections such as T1 or Frame Relay. VPN clients are connected to the Internet by using permanent WAN connections or by dialing in (by using standard analog telephone lines or ISDN) to a local Internet service provider (ISP).

• Security options

  Routing and Remote Access supports logon and domain security, support for security hosts, data encryption, smart cards, IP packet filtering, and caller ID to provide secure network access for VPN clients.

The following illustration shows all the virtual private networking components and possible configurations. Your actual implementation and configuration of virtual private networking may vary.

Note

• On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.