Can you tell me what kinds of hardware are software are needed, in addition to traditional LAN equipment, to build a VPN?
Virtual private networks are hosts or networks that are connected to each other by some type of shared public infrastructure, yet give the appearance of being a single private network. The two most common uses are site-to-site (branch office) VPNs and remote access (user) VPNs. These scenarios require different kinds of hardware and software.
In a site-to-site VPN, a VPN gateway is deployed at the edge of each private office network, facing the public network used to transport data between sites. The VPN gateway can be a router, firewall, or VPN appliance. If your office network is connected to the Internet by a broadband or T1 access router, you may be able to purchase a software upgrade for that router or use existing features in that router to support VPN tunnels. Many companies have a separate firewall attached to their access router. Since most firewalls can now support VPN tunnels, it is very common to use firewalls as VPN gateways for office networks. It's also possible to use a separate device as your VPN gateway -- for example, Microsoft Windows Servers can be used as VPN gateways -- but this topology is less common for site-to-site VPNs.
In a remote access VPN, a VPN gateway is still needed at the edge of the private office network that will be accessed by remote users. But something else is needed at the far end. Usually, a software VPN client is installed on the worker's desktop or laptop, tunneling data from the remote host to the private network as though the user were physically connected to that network. A less common option is to deploy a hardware VPN client -- a small security appliance -- in the user's home network, then connect the user's PC to that appliance. Software VPN clients can be included in host operating systems (e.g., Windows 2000/XP IPsec clients, Windows 98/ME/NT PPTP clients) or third-party software installed on remote hosts (e.g., SafeNet SoftRemote, Cisco VPN Client, Nortel Extranet Access Client). Recently, there's been a surge in "SSL VPN" products that use web browsers as VPN clients. The type of VPN client that you'll need depends on the type of VPN gateway that you use. It's possible to use the same VPN gateway for both site-to-site and remote access VPNs, but companies with large user populations often install a separate "remote access concentrator" for the latter.
Thus far I have described the hardware and software required for "roll your own" VPNs, but there's another option: purchasing a managed VPN service. With managed VPN services, your service provider may supply all the hardware and software for installation at your own site (a CPE VPN). Or your firewall/router and remote users may access a VPN gateway located at the edge of the provider's network (a network VPN). Network-based VPNs can often be activated faster and with lower initial cost, but you'll pay monthly/annual fees for using the VPN service.
Dig Deeper on Network Infrastructure
Related Q&A from Lisa Phifer
As the remote workforce increases, network managers and users might opt to set up two concurrent VPN connections from the same remote device. But ... Continue Reading
Is there a difference between a wireless access point vs. a router? Yes -- while the two wireless devices are related, they meet different needs in a... Continue Reading
Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used ... Continue Reading