Understanding VPN technologies and capabilities

For the longest time, VPN merely meant access for site-to-site connectivity over a provider's backbone that was shared with other customers (e.g., the traditional ATM/Frame WAN backbones). Yes, those old legacy WAN networks were VPNs. The latest and greatest today is the Multiprotocol Label Switching (MPLS) VPN for site-to-site VPN connectivity over an IP-enabled, QoS-capable WAN that can support real-time applications such as voice and video. These applications, along with data, can now be delivered via site-to-site MPLS VPNs.

As I mentioned above, however, mobility is the key -- and today's VPN focus is on end-user access through remote-access VPNs. A great deal of Tunneling" is just a phrase to indicate that there is a virtual connection between the end user's device and the customer premises where the applications reside.

More on this topic VPN All-in-One Guide SSL or IPsec VPNs: Considerations for comparison Webcast: Four Steps to True End-to-End Service for MPLS IP VPNs

IPsec has been the dominant protocol for providing secure remote-access services. The topology of IPsec architecture consists of tunnel termination platforms (router or server) and agents loaded onto remote devices. This was deemed a bring-your-own Internet service, because as long as you had Internet access and could reach the VPN server, you were hooked up to the corporate network. There are tons of vendors who support IPsec remote-access products and technologies (Cisco, Juniper, Microsoft and a host of others). These solutions are well known and work well, but the need to deploy a software agent onto the end-user device limited the types of access available.

With IPsec, end users had to have a company laptop or PDA in order to access the corporate network. The requirement for clientless access is pushing remote-access services built on Secure Sockets Layer (SSL) technologies that utilize Web interfaces such as Internet Explorer to provide the same capabilities (secure, remote access) as an IPsec VPN without the hassles of an agent -- or a laptop, for that matter. This allows remote users to gain access to corporate applications (with email being a major application) from any device that supports a Web browser. This allows folks to communicate even when they do not have their VPN-enabled laptops. Email, order status, order entry and many other functions can be accomplished from almost anywhere.

IPsec and SSL VPN primarily provide the same function: secure, remote access. The capabilities of each differ primarily in how the access is facilitated.

About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Engineering How to achieve server virtualization in your network Limit network energy consumption with computer cooling technologies Understanding remote scripting -- Managing Windows networks using scripts, part 9 Network mapping in Vista for Windows XP Recovering domain controllers after a server disk failure Recovering from a server disk failure: The shortcomings of NTBCKUP Enabling Windows Vista's Network Mapping feature on domain networks Prevent unauthorized USB devices with software restriction policies, third-party apps How to subnet: Subnetting calculations and shortcuts Using Windows Vista group policy to prevent unauthorized USB device use Remote Access VPNs Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' Can I set up a VPN on my wireless router? VPN security: Hiding in plain sight, using network encryption SonicWall acquisition could hurt Aventail users Does IPv6 support encryption in the IP stack? What equipment do I use to connect two LANs in different cities? What are the steps? Are there any architectures of IPsec VPN apart from lookaside and flow-through? NAC -- Strengthening your SSL VPN WAN optimization and acceleration appliances tackle SSL traffic Remote access keeps physicians connected Remote Access VPNs Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.