With the Point-to-Point Tunneling Protocol (PPTP)or Layer Two Tunneling
Protocol (L2TP), which are automatically installed on your computer, you can
securely access resources on a network by connecting to a remote
access server through the Internet or other network. The use of both private
and public networks to create a network connection is called a virtual private
network (VPN). The
following table describes the advantages of using VPN connections.
Advantage
Example
Cost advantages
The Internet is used as a connection instead of a long distance telephone
number or 1-800 service. Because an ISP maintains communications hardware such
as modems and ISDN
adapters, your network requires less hardware to purchase and manage.
Outsourcing dial-up networks
You can make a local call to the telephone company or Internet service
provider (ISP), which then connects you to a remote access server and your
corporate network. It is the telephone company or ISP that manages the modems
and telephone lines required for dial-up access. Because the ISP supports
complex communications hardware configurations, a network administrator is free
to centrally manage user accounts at the remote access server.
Enhanced security
The connection over the Internet is encrypted and secure. New authentication
and encryption protocols are enforced by the remote access server. Sensitive
data is hidden from Internet users, but made securely accessible to appropriate
users through a VPN.
Network protocol support
Because the most common network protocols (including TCP/IP and IPX)
are supported, you can remotely run any application dependent upon these
particular network protocols. The IPX/SPX protocol is not available on
Windows XP 64-Bit Edition
IP address security
Because the VPN
is encrypted, the addresses you specify are protected, and the Internet only
sees the external IP address. For organizations with nonconforming internal IP addresses, the
repercussions of this are substantial, as no administrative costs are associated
with having to change IP addresses for remote access via the
Internet.
There are two ways to create a VPN connection: By dialing an ISP, or by connecting
directly to the Internet, as shown in the following examples.
In the first example, the VPN connection first makes a call to an ISP. After the
connection is established, the connection then makes another call to the remote
access server that establishes the PPTP or L2TP tunnel. After authentication,
you can access the corporate network, as shown in the following illustration.
In the second example, a user who is already connected to the Internet uses a
VPN connection to
dial the number for the remote access server. Examples of this type of user
include a person whose computer is connected to a local area network, a cable
modem user, or a subscriber of a service such as ADSL, where IP connectivity is
established immediately after the user's computer is turned on. The PPTP or L2TP
driver makes a tunnel through the Internet and connects to the PPTP-enabled or
L2TP-enabled remote access server. After authentication, the user can access the
corporate network, achieving the same functionality as the preceding
example.
Notes
Connecting directly to the Internet means direct IP access without going
through an ISP. (For example, some hotels allow you to use an Ethernet cable to
connect to the Internet.)
If you have an active Winsock Proxy client, you cannot create a VPN. A Winsock Proxy
client immediately redirects data to a configured proxy server before the data
can be processed in the fashion required by a VPN. To establish a VPN, you should disable
the Winsock Proxy client.
