Organizations can utilize VPN solutions to connect corporate headquarters with branch offices, suppliers, telecommuters and others. VPNs offer flexible and scalable connectivity that can provide a secure, fast and reliable remote connection. VPNs are cost-effective Internet based solutions and they can provide secure communications via encrypted VPN tunnels. These tunnels leverage the Internet without the high cost of dedicated connections.
You basically have two types of VPN networks. Your site to site VPN network in which each site is terminated by a VPN device like a Cisco ASA 5510. They are dedicated firewall boxes that are optimized for such activities and do these tasks better than routers. The sending VPN device is responsible for encapsulation and encrypting outbound traffic and the receiving VPN device is responsible for de-encapsulationg and decrypting the inbound traffic.
VPN Stands for “Virtual Private Network”. Benefits are as follows:
- Cost savings: VPNs enable organizations to use cost-effective Internet connectivity to connect remote locations / users while providing privacy and confidentiality of data.
- Security: VPNs take advantage of advanced encryption and authentication protocols. Two options are IPsec and SSL.
- Compatibility: VPNs work with essentially any Internet connectivity which allow for significant flexibility for telecommuters.
- Scalability: VPNs enable organizations to utilize Internet infrastructure which makes it easy to add users. Hence, organizations can add capacity without significant infrastructure costs.
- Data Integrity: Receiver can verify data was transmitted without being altered. Utilizes checksums which is a redundancy check.
- Confidentiality: Sender encrypts data prior to transmitting packet. Encryption ensures packers cannot be read if intercepted during transmission.
- Authentication: Ensures connectivity is made with the correct destination. IPsec utilizes IKE to authenticate users and devices. IKE can utilize several types of authentication.
- Anti-replay protection: Verifies that each packet is unique and not duplicated.