Elements of a VPN Connection

  • Article

A Microsoft® Windows® 2000 VPN connection includes the following components as illustrated in Figure 9.2:

VPN server. A computer that accepts VPN connections from VPN clients. A VPN server can provide a remote access VPN connection or a router-to-router VPN connection. For more information, see "VPN Connections" later in this chapter.

VPN client. A computer that initiates a VPN connection to a VPN server. A VPN client can be an individual computer that obtains a remote access VPN connection or a router that obtains a router-to-router VPN connection. Microsoft® Windows NT® version 4.0, Windows 2000, Microsoft® Windows® 95, and Microsoft® Windows® 98–based computers can create remote access VPN connections to a Windows 2000–based VPN server. Microsoft® Windows® 2000 Server and Microsoft® Windows NT® Server 4.0–based computers running the Routing and Remote Access service (RRAS) can create router-to-router VPN connections to a Windows 2000–based VPN server. VPN clients can also be any non-Microsoft Point-to-Point Tunneling Protocol (PPTP) client or Layer Two Tunneling Protocol (L2TP) client using IPSec.

Tunnel. The portion of the connection in which your data is encapsulated.

VPN connection. The portion of the connection in which your data is encrypted. For secure VPN connections, the data is encrypted and encapsulated along the same portion of the connection.

note-icon

Note

It is possible to create a tunnel and send the data through the tunnel without encryption. This is not a VPN connection because the private data is sent across a shared or public network in an unencrypted and easily readable form.

Tunneling protocols. Communication standards used to manage tunnels and encapsulate private data. (Data that is tunneled must also be encrypted to be a VPN connection.) Windows 2000 includes the PPTP and L2TP tunneling protocols. For detailed information about these protocols, see "Point-to-Point Tunneling Protocol" and "Layer Two Tunneling Protocol and Internet Protocol Security" later in this chapter.

Tunneled data. Data that is usually sent across a private point-to-point link.

Transit internetwork . The shared or public internetwork crossed by the encapsulated data. For Windows 2000, the transit internetwork is always an IP internetwork. The transit internetwork can be the Internet or a private IP-based intranet.

Cc978120.INBE02(en-us,TechNet.10).gif

Figure 9.2 Components of a VPN Connection