Creating the VPN is very similar to establishing a point-to-point connection using dial-up networking and demand-dial routing procedures. There are two types of VPN connections: the remote access VPN connection and the router-to-router VPN connection.
Remote Access VPN Connection
A remote access VPN connection is made by a remote access client, or a single user computer, that connects to a private network. The VPN server provides access to the resources of the VPN server or to the entire network to which the VPN server is attached. The packets sent across the VPN connection originate at the remote access client.
The remote access client (the VPN client) authenticates itself to the remote access server (the VPN server) and, for mutual authentication, the server authenticates itself to the client.
Router-to-Router VPN Connection
A router-to-router VPN connection is made by a router and connects two portions of a private network. The VPN server provides a routed connection to the network to which the VPN server is attached. On a router-to-router VPN connection, the packets sent from either router across the VPN connection typically do not originate at the routers.
The calling router (the VPN client) authenticates itself to the answering router (the VPN server), and, for mutual authentication, the answering router authenticates itself to the calling router.