Virtual Private Network

February 27, 2007
By

VPN (Virtual Private Network) has now become the means of communication for many small to enterprise level organizations.  If you are scarce on financial resources then VPN may be the way to go for connectivity between two remote locations.  All it will cost is the monthly charge for internet access,   the access can be in the form of DSL, cable internet, ISDN, frame relay, T1, wireless, satellite and any circuit your ISP can provide.  In other words all that you require is unrestricted access to the internet, namely IPSEC traffic.

How does VPN work ?

VPN creates a virtual tunnel between two IP addresses, in most cases the IPs are public and distant from each other. All traffic between the two sites is transmitted within this virtual tunnel.  The tunnel simulates a private circuit.  Because VPN is normally established across the internet, traffic can be exposed and intercepted by anyone sniffing the internet.  Well, there is a solution, all traffic can be encrypted.  There are many levels of encryption that can be applied, the higher it goes the more secure it is.  Anything encryption newer than 3DES is very secure, 3DES has not been hacked or broken yet.  Obviously the higher the encryption, the larger the packet size.  Encryption can add considerable large packets overhead.

VPN Design

The VPN design is much like any other network,  site to site, spoke and hub, VPN client and hub.  The hub can be a Microsoft Windows server, a Linux server, or hardware appliance.   The remote can be VPN client software running on a computer, Windows server, Linux server, or hardware appliance.  There are many hardware appliance vendors, what you choose depends on your budget.   In this case the the term ‘you get what you pay for’ holds true, the more expensive appliances have many value added features and encryption capabilities.  Some of the high end appliances such as Cisco PIX and Netscreen (acquired by Juniper), are not only VPN appliances routers, they also have advance firewall capabilities.

User friendly

I have configured both Cisco PIX and Juniper appliances.  Juniper is a lot more user friendly, they have done a great job creating a browser based interface.  You can pretty much do most of the configuration using a browser, in some cases for advance users you may have to use the command line to configure.  The debug command can only be run using CLI (command line interface).  Cisco is the opposite of Juniper, the browser interface offers very basic configuration capability, advance configuration must be done using the CLI.  I recently met with Cisco representatives and they informed me that Cisco has come a long way since I last used it, they have made great improvements to the browser interface ever since.

Be Sociable, Share!

Leave a Reply