Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

VPN

 

What is VPN?

A VPN (Virtual Private Network) is a way of creating a secure connection to and from a network or computer. VPNs have been used for years, but they have become more robust in recent years. They are more affordable and also much faster. There are many different types of VPNs available. Let's take a look at most common types.

 

 

Types of VPN

 

PPTP VPN (Dial-up VPN)

 

A simple method for VPN is PPTP. It is a software based VPN system that uses your existing Internet connection. By using your existing Internet connection, a secure "tunnel" is created between two points allowing a remote user to connect to a remote network. You can setup this type of connection with various types of software or hardware. Windows Server has a PPTP build-it and you can connect to it via a native VPN client within Windows. Juniper and Cisco also have this ability, but require a 3rd party software to be loaded on remote workstations. There is some overhead associated with this as all data transmitted and received in encrypted. The can be referred to as the poor man's VPN. There is little to no cost to setup this type of VPN, and you can often use your existing equipment and software. It is sometimes referred to as "dial-up VPN" because when the client software connects it looks like it's dialing up.

 

A newer implenmentation of this concept called an SSL VPN uses HTTPS (port 443) to connect securely via an SSL certificate. Popular SSL VPN solutions include Juniper's JunOS pulse (formerly Network Connect) and Cisco's Anyconnect VPN. SSL VPNs are now the industry standard for "road warrior" corporate VPN access.

 

 

Site-to-Site VPN

 

Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in use. Each site has it's own internet connection which may not be from the same ISP or even the same type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both ends do all the work. They do all the routing and encryption. This is an easy way to connect two offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with hardware or software-based firewall devices. On the software side, you can use something like Clarkconnect. On the hardware side, you can have many different devices to choose from. Personally, I use the Juniper SSG firewalls. The technology commonly used with this type of setup is IPsec or GRE.

 

 

Point-to-Point VPN

 

A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs." Simply put, two or more networks are connected using a dedicated line from an ISP. These lines can be packet or circuit switched. For example, T1's, Metro Ethernet, DS3, ATM or something else. The main strength of using a leased line is the direct point-to-point connection. It does not go out over the public Internet, so there performance is not degraded by routing problems, latency, and external congestion.

 

These types of connections can be expensive. A physical "loop" of wire or fiber must be used to connect the destinations. However, these are true point-to-point connections the maximum throughput can usually be achieved. Meaning, a T1 passes data at a full 1.54 Mbps. Leased line point-to-point connections are usually required when two offices need to transfer large amounts of data. The most popular solution today is Metro Ehternet. See the diagram to the right:

 

 

MPLS VPN

 

MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net" connection*. There is a way to configure this using different ISP's or "off-net" but you never get the same performance. I've tried... While it does use your existing Internet connection, tweaks are made by your ISP for performance and security.

 

MPLS (Multi-Protocol Label Switching) was originally designed to improve the store-and-forward speed of routers. MPLS was created as a team effort on the part of Ipsilon, Cisco, IBM, and Toshiba. These companies worked together as part of the IETF (Internet Engineering Task Force) and MPLS was born. MPLS does perform better than a site-to-site VPN because there is less overhead, and the routing between sites is optimized by static routes from your ISP. Most larger ISPs can even bring your data center (if you have one) into your MPLS network. A real MPLS network should provide ping times between sites in under 10 ms. Traditional site-to-site VPNs can range anywhere from 30 ms (at best) to over 100 ms.

 

 

Conclusion:

 

The technology powering VPNs is becoming more efficient and more cost effective. If you are looking at VPNs take several things into consideration:

 

  • Number of users
  • Amount of bandwidth
  • Security
  • Topology
  • Cost

 

Also See:

Version history
Revision #:
2 of 2
Last update:
‎08-23-2017 01:08 PM
Updated by:
 
Labels (1)
Contributors
Everyone's tags (3)