- Design Considerations
- Virtual Private Network Deployment
- Network Design Concepts with Tunneling
Virtual Private Network Deployment
Now that you know the ways in which VPNs can benefit you, let's look at some typical network deployments with VPNs.
To avoid using long distance or 1-800 numbers (and their associated costs), an offsite client can use the Internet to establish a VPN connection to the corporate network, as shown in Figure 2.1.
Two sites with dedicated or dial-up links to an ISP can have VPN links. As an example of this, consider the branch office connections shown in Figure 2.2.
Tunneling over a corporate network is basically the same as remote access over the Internet, except that both the client and the destination networks are on the corporate network. This enables users to access secure or hidden networks, as shown in Figure 2.3.
Tunneling can be used to connect two or more secure or hidden networks on the same corporate network based on account security. As an example of this, consider how two hidden networks are connected by a VPN connection over the intranet, as shown in Figure 2.4.
In addition, a tunnel linking two networks can have another tunnel within the tunnel, as shown in Figure 2.5. This setup is sometimes used to solve multiprotocol issues and is sometimes needed for unusual network designs. Another reason to use a tunnel within a tunnel is to encrypt IP traffic for end-to-end security.
If the ISP has a VPN service, ISP-provided VPN services can be used to link separate sites by initiating a tunnel from two network links through the ISP's VPN network. Such a configuration is shown in Figure 2.6.