Having the right access to every digital resource that one may require regardless of where they are or the type of network connection they have become for most the way of life. No matter one has a business that shares data with others or a traveler that needs to stay connected always, access to resources is taken for granted. Though public cloud hosted applications goes a long way to make the location, a non-issue but a lot of resources are privately hosted for privacy and security.

Access to such private resources often gets handled with the help of a VPN or a virtual private network. This technology is straightforward and will securely connect someone one relies on a resource which they require through a network they do not trust. Here the trick is to choose the most appropriate VPN.

Types of VPNs

When it comes to the list of reputable VPNs, it is chiefly of two kinds, client-based, and network-based.

Client-based VPNs- This VPN is between a remote network and a single user. Here an application is used for making the VPN connection. The user in most scenarios will start the virtual private network client manually and authenticate using a username and password. Then the client creates an encrypted tunnel between the remote network and the user's computer. Following this, the user will have access to the remote system through the encrypted tunnel.

This type of VPN will make it hassle-free for users to connect to their mobile handsets or laptops to their private resources from any corner of the world. For instance, one can utilize a VPN client either on their Mac, iPad or iPhone for connecting to headquarters as they travel. It will allow them to manage their network remotely on the secure VPN tunnel. Often along with basic connectivity, a VPN client also provides an array of enhanced security features. Of these one feature is the capability of scrutinizing the user’s device before permitting them on the network. At the time of the authentication process, for instance, the client of the Cisco AnyConnect can verify if the device contains specific anti-virus software installed and is a part of the particular Windows domain.

It will give the IT team the capability of rejecting the client VPN device on account of reasons besides the usual authentication failure. When it comes to the premium VPN clients, they do have a licensing cost. The client software though comes for free, but the firewall is licensed via the different simultaneous VPN connections which are allowed. Take, for instance, one may have about 1000 VPN clients that are deployed to their users' devices yet only require to have a license for the firewall to support at least 500 of such as and when the need be.

Network-based VPNs

This VPNl connects two networks securely on an untrusted network. IPsec based WAN is a typical example where different offices of a particular business will connect online through the IPsec tunnels. Although network VPNs are of different types, the top 3 include MPLS-based L3VPNs, Dynamic multipoint VPNs and IPsec tunnels including policy and route based.

• MPLS-based L3VPN- Most often MPLS is found on those service provider networks like those operated via CenturyLink, Level 3, Verizon Business, AT&T and others. It will allow the service provider in virtualizing their networks to help customers in sharing the physical network yet be kept separate logically. This VPN is not restricted only to service providers, but large enterprises too use it internally for its global infrastructure. When a company takes the WAN service from the service provider, it is probably providing L3VPN services to the company over the MPLS network. 

Every office in one's company in this scenario will connect to that service provider via what they seem like a customer router which attaches from the provider's WAN circuit to the remaining of their network. The WAN circuit's other end has the PE or provider edge router. It will drop traffic from the circuit of the company to the VRF or virtual route forwarding instance which is unique to their company and forward the same to the provider core router utilizing MPLS for tagging the traffic and identifying the VRF which the traffic belongs to. The provider across their core delivers the traffic into another PE router followed by another WAN router from which one's router will deliver the traffic into the office network that is remote. This L3VPN for one’s company is invisible. There is no requirement of running the MPLS. One cannot see the manner in which the secured traffic gets forwarded across the backbone of the provider.

They will peer nicely with the provider through BGP or OSPF routing for announcing their routes to them that they will carry within the VRF uniquely designed for them. Besides they will also know that their traffic goes to one router while coming out from another. One should buy from a provider the L3VPN service when they require international or national connectivity between their remote offices and offer the service guarantee. When building a DMVPN online is a connectivity solution that is highly viable. The online service may not be as robust as one’s company requires depending on their needs. The service provider will be capable of prioritizing video and voice traffic while the World Wide Web cannot create that differentiation. 

The internet bandwidth, on the contrary, is quite affordable in comparison to the private WAN bandwidth that runs over the L3VPN service of the carrier. Many enterprises, for this reason, are taking the danger of an inferior network quality time and again and leaving the private WAN over the VPN online.

• Dynamic Multipoint VPN- DMVPN’s current version expands the concept of the IPsec tunnels that are a point to point into the connected network of clouds. Any network through DMVPN can directly communicate to other networks on the DMVPN cloud. For implementing DMVPN needs devices which can terminate the DMVPN tunnel. The DMVPN is a Cisco technology which means it is restricted to the Cisco routers. Cisco ASA firewalls despite their popularity are not always DMVPN-capable. The truth is the technology of DMVPN is highly complex and needs the utilization of a routing protocol, NHRP, IPsec and GRE tunnels, each of which is an interdependent element which opens room for complete mesh communication. 

Cisco with an aim to ease out the complex nature of this technology provides a good DMVPN design guide which assists network architects in determining an ideal design for their setting together with baseline configurations. One can use the DMVPN for connecting remote sites to bigger corporate networks all over the public internet through the standard router configuration which post completion will be hands-off. One can use DMVPN routers in case of home office users for offering redundant connectivity to every head-end site thereby minimizing voice call latency between sites.

• IPsec Tunnels- This is the purest form of network VPN and one which the majority of the firewalls and network routers are capable of building. The tunnel in principle on a VPN that is network-based is quite similar to an IPsec tunnel that is client-based. The client and network implementations both make a secure tunnel via which flows the encrypted traffic between networks. The IPsec client-based tunnel features designs for encapsulating traffic for one device, but IPsec tunnel that is network based carries traffic for the networks of devices in its entirety, enabling them to communicate. There are a couple of things that should be agreed upon while creating the IPsec tunnel,

1. Who will talk when two devices act as the tunnel's endpoints?

2. The method used for authenticating the tunnels

3. The traffic which will flow via the tunnel

It is the IP address that will talk. The administrator of one firewall will configure the IP address of another like a peer IP. When it comes to trust it will be done through the pre-shared key, an exchange certificate or a password. There should also be an agreement amid the two endpoints on how to do encryption of traffic through ciphers. With regards to the flow of traffic through the tunnel, it will be through the crypto access list or the ACL. It will help to define the IP networks source which can communicate with the destination IP networks. The tunnels both sides should have matching elements for creating that security association and the tunnel for carrying the average traffic. IPsec tunnels can be used in these situations namely,

1. Connecting to another firm doing work for one’s company

2. A private link’s backup between remote offices

3. A connection on a temporary basis to new facilities brought online at the time of a corporate merger

4. A connection for workers in the home office

If you are interested to know more about it then hire the services of a VPN specialist right away as they can help you make the best choice.


  Modified On Nov-17-2018 06:24:49 AM

Leave Comment