VPN: Concepts

A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. With a VPN, you can send data between two computers across a shared or public network in a manner that emulates a point-to-point private link. Virtual private networking is the act of creating and configuring a virtual private network.

VPN connections allow users who work at home or travel to obtain a remote access connection to an organization server, using the infrastructure provided by a public internetwork such as the Internet. From the user's perspective, the VPN is a point-to-point connection between the computer, the VPN client, and an organization server (the VPN server). The exact infrastructure of the shared or public network is irrelevant, because it appears as if the data is sent over a dedicated private link.

VPN connections also allow organizations to have routed connections with other organizations over a public internetwork such as the Internet while maintaining secure communications, for example, for offices that are geographically separate. A routed VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

With Microsoft Internet Security and Acceleration (ISA) Server 2006, you can configure a secure VPN, accessible by remote access clients and by remote sites, according to your specifications. By using the ISA Server computer as the VPN server, you benefit by protecting your corporate network from malicious VPN connections. Because the VPN server is integrated into the firewall functionality, VPN users are subject to the ISA Server firewall policy. Also, by using the ISA Server computer as the VPN server, you can manage site-to-site VPN connections and VPN client access to the corporate network.

ISA Server supports two types of VPN connections:

With ISA Server, each type of VPN connection is configured slightly differently. When a single remote VPN client requires access, the configuration is for that single user. In a site-to-site network configuration, an entire network of remote users must be granted access, that is, a network of VPN users is configured.

However, much VPN configuration is common to both scenarios. For example, ISA Server perceives the initial connection request from a remote site network as it would any request from a single remote VPN client. Tunneling protocols, authentication methods, access network, and address assignment for the initial connection must be configured as they would be configured for a remote access client.

For more information about VPN, see Solution: Virtual Private Networking in ISA Server 2006 at the Microsoft ISA Server TechCenter Web site (http://www.microsoft.com), or the VPN section of ISA Server Guidance.




web link Get latest ISA Server content at http://www.microsoft.com/isaserver/techinfo/howto/default.asp.
Send feedback about this page Send feedback about this page.