10.1 Types of VPNs
The VPN topologies you can set up with PacketiX VPN can be divided
into three types: a PC-to-PC VPN, a Remote Access VPN, and a LAN-to-LAN
VPN. In this section you will learn about each of these types. Most VPNs
will utilize one or a combination of these three types. However, these
three are not the only possible network configurations you can build
with PacketiX VPN.
First of all, let's look at some more details about these three major
topologies.
10.1.1 PC-to-PC VPN
This is the simplest network topology to construct using PacketiX
VPN. A PC-to-PC VPN is most useful under the following conditions:
- Only one to a few dozen computers will connect to the VPN.
- VPN Client can be installed on each of the client computers.
- The VPN network does not need to be able to connect to a
physical LAN. (When you want the entire network to be the VPN only.)
In order to connect to the VPN using this method you must install VPN
Client on each client computer. VPN Client will then directly connect to
the layer 2 network created by the Virtual HUB on a VPN Server connected
to the Internet.
Using this method you can set up a VPN which will allow only those
computers connected to the Virtual HUB via a physical network such as
the Internet to communicate with each other. Therefore, as long as
functions such as local bridging or routing on a client computer are not
used the physical network will not affect the VPN and vice-versa.
Fig. 10-1-1 PC-to-PC VPN |
Furthermore, once you have VPN Client installed you can use the
startup connection feature explained in 「4.4.19 Startup Connection」 to stay connected to a
specified VPN server's Virtual HUB whenever the computer is on. By
installing VPN Client on a server computer and having it stay connected
to a specified VPN at all times, you can set up a server which can only
be accessed by computers connected to that VPN.
Please refer to section 「10.3 Setting Up a PC-to-PC VPN」 for more detailed information on how
to build a PC-to-PC VPN.
Fig. 10-1-2 Setting up a server which can only be accessed
via the VPN |
10.1.2 Remote Access VPN
A remote access VPN is used to allow remote access from an external
location to a physical layer 2 network.
Using this type of VPN it is possible to connect to a company LAN
from outside the office (for example, from an employee's house or from a
hotel on a business trip) just as if they were connected by an extremely
long Ethernet cable.
To use a remote access VPN you will make a connection between the
network adapter connected to the LAN and the VPN Server's Virtual HUB.
This is achieved via a local bridge, which is explained in section
「3.6 Local Bridges」. As a result, a VPN Client connected to the proper Virtual HUB
will automatically be connected to the LAN connected by the local
bridge, and will be able to operate through the VPN as if it was right
there inside the office.
Please refer to section 「10.4 Setting Up a Generic Remote Access VPN」 for more detailed information on how
to build a remote access VPN.
Fig. 10-1-3 Remote Access VPN |
10.1.3 LAN-to-LAN VPN
A LAN-to-LAN VPN links existing physical layer 2 networks at
different sites together into a single network.
By using PacketiX VPN you can create a faster, more flexible, and
more stable LAN-to-LAN network compared to current layer 3 based
LAN-to-LAN connections such as private network services, frame relay
services, or older VPN protocols such as L2TP/IPSec and layer 2 based
connections such as wide area Ethernet.
To connect more than 2 LANs together you must install VPN Server on
one LAN (such as at your company's main office) and VPN Bridge on all
the others. Now you have two options. On each LAN, connect the Virtual
HUB to the physical network adapter via a local bridge connection or
create a cascade connection to the VPN Server from VPN Bridge. This will
allow layer 2 segments at different sites to function as a single
segment.
You can also use layer 3 routing instead of layer 2 bridging. To do
this, use the Virtual Layer 3 Switching function described in section
「3.8 Virtual Layer 3 Switches」.
Please refer to sections 「10.5 Setting Up a LAN-to-LAN VPN (Using Bridge Connections)」 and 「10.6 Setting Up a LAN-to-LAN VPN (Using IP Routing)」 for more detailed
information on how to build a LAN-to-LAN VPN.
Fig. 10-1-4 LAN-to-LAN VPN |
|