Protocols give VPNs their rights of passage

Protocols give VPNs their rights of passage

A typical virtual private network has gateways at both ends of a public network. A variety of products, such as VPN access servers, VPN routers and even computers loaded with VPN client software, can act as the gateways.

At one end of the network, frames of data are encapsulated, given headers and routing information, and sent on their way. When they reach their destination, the gateway or appliance at the other end unencapsulates the data frames and forwards them to the intended recipient.

The logical path through which the encapsulated packets travel the internetwork is called a tunnel. Tunneling, which includes the entire process of encapsulation, transmission and unencapsulation, is nothing new. It has been around for years in various forms, including IBM Corp.'s Systems Network Architecture over IP networks and Novell Inc.'s Internet Packet Exchange tunneling for IP internetworks.

But three important tunneling protocols with high-level encryption and security features have revolutionized the growth of VPN services, particularly over the Internet:

  • Point-to-Point Tunneling Protocol, which facilitates the encryption and encapsulation of IP, IPX and NetBEUI traffic into an IP header so that it can be sent safely over the Internet, or an enterprise intranet or extranet

  • Layer 2 Tunneling Protocol, which allows the same type of traffic to be encrypted and sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, frame relay or asynchronous transfer mode

  • IP Security Tunnel Mode, which allows IP data payloads to be encrypted and then encapsulated in an IP header to be sent across the Internet or an enterprise intranet.

    A white paper by Microsoft Corp. says four security techniques are vital to any VPN system, regardless of the tunneling protocols it uses:

  • User authentication. It must verify a user's identity and restrict VPN access to authorized users. It also must provide audit and accounting records on user privileges.

  • Address management. It must assign and keep private clients' addresses on the private network.

  • Data encryption. It must render data carried on the public network unreadable to unauthorized clients.

  • Key management. It must generate and refresh encryption keys for the client and server.

'J.B. Miles


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination 

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected