Components of virtual private networks

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Components of virtual private networks

A VPN connection includes the following components:

  • VPN server

    A computer that accepts VPN connections from VPN clients.

  • VPN client

    A computer that initiates a VPN connection to a VPN server. A VPN client can be an individual computer or a router.

  • Tunnel

    The portion of the connection in which your data is encapsulated.

  • VPN connection

    The portion of the connection in which your data is encrypted. For typical secure VPN connections, the data is encrypted and encapsulated along the same portion of the connection.

    Note

    • It is possible to create a tunnel and send the data through the tunnel without encryption. This is not a VPN connection because the private data is sent across a shared or public network in an unencrypted and easily readable form.

  • Tunneling protocols

    Protocols that are used to manage tunnels and encapsulate private data. Data that is tunneled must also be encrypted to be a VPN connection. The Windows Server 2003 family includes the PPTP and L2TP tunneling protocols. For more information, see Point-to-Point Tunneling Protocol and Layer Two Tunneling Protocol.

  • Tunneled data

    Data that is usually sent across a private point-to-point link.

  • Transit internetwork

    The shared or public network crossed by the encapsulated data. For the Windows Server 2003 family, the transit internetwork is always an IP internetwork. The transit internetwork can be the Internet or a private IP-based intranet.

The following illustration shows the components of a virtual private network.

Components of a virtual private network

Notes

  • Typically, the tunnel and the VPN connection are along the same portion of the connection. However, in a compulsory tunneling configuration, the tunnel (the encapsulation) and the VPN connection (the encryption) are not defined along the same portion of the connection.

  • On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling Protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling Protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.