I have many questions regarding VPNs. Could you kindly give me an explanation of these terms and processes in a clear and easy way?
- Is AAA server located at ISP
- What is ESP (Enterprise service provider)?
- What is NAS? And is it located at ISP?
- Does a remote user in remote access VPN has dynamic IP?
- In site to site VPN do we have static IP?
- What is RAS (Remote Access Server)?
- I have read that VPN is b/w two LANs, is this true?
- Is tunnel just a representation of encrypted data over the public network (shown in diagrams)? If no then could please explain what are they?
- Why is VPN subject to virus attacks although it is safe from eavesdropping?
- A triple-A server is usually a RADIUS server that is used by ISP providing dial-up or consumer DSL services to implement authentication, authorization and accounting. In addition to controlling access to services, AAA servers also record connection times and usage that are used in billing systems. Many enterprise also use AAA servers for enterprise remote access and VPN applications.
- ESP stands for encapsulating security payload and is one of the methods used in IPSec VPN. ESP is the basis for VPN tunnels, IP packets are encapsulated into IPSec packets.
- Some folks refer to NAS as network access server, a device at an ISP that provides coordinated access among various ISP points-of-presence.
- In a remote access VPN, the remote user has to addresses: the address assigned to them by the ISP when they connect to the ISP's network and an address used by them when they connect to the enterprise network through the VPN. The IP address assigned by the ISP is usually served up via dynamic host control protocol (DHCP) and is dynamic. The address used within the VPN can also be dynamic or static depending on how you implement your VPN.
- In a site-to-site VPN, most implementations require a static IP address for each location. This limits your choices in regard to the types of ISP connections you can use. However, some implementations now also support dynamic IP address assignment for site-to-site VPN.
- RAS is a remote access service or remote access server. Remote access servers are used for ISP dial-up services and enterprise remote access. It's all the same stuff.
- A VPN can connect two LANs or an individual and a LAN.
- A VPN tunnel is something separate from encryption. In fact, you can build VPN tunnels that have no encryption at all. A tunnel is provides route control and allows two devices with private addresses to communicate with each other through an intervening public network. Even though the devices may be half a world apart, the "see" each other as though they were on the same private network. Encryption is added to tunneling protocols to maintain privacy of the information as it is tunneled.
- VPN and VPN traffic are not subject to virus attacks. However, many people get concerned about virus attacks on any device that can be connected directly to the Internet from outside the corporate network. With a VPN, a device is simultaneously connected to the Internet and to the corporate network.
If you're concerned about virus attacks, you can force all traffic to go through the VPN whenever an Internet connection is established. So, although the device is physically connected to the Internet, not traffic flows between the device and the Internet. It's all forced through the VPN tunnel.
Dig Deeper on Network Design
Related Q&A from Retired Expert - Mark Tuomenoksa
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.