Chapter 14: Virtual Private Networks—VPN LANCOM Reference Manual LCOS 3.50
293
Virtual Private Networks—
VPN
The subsidiary also has its own connection to the Internet.
The RAS PCs connect to the headquarters LAN via the Internet.
The Internet is available virtually everywhere and typically has low access
costs. Significant savings can thus be achieved in relation to switched or
dedicated connections, especially over long distances.
The physical connection no longer exists directly between two participants;
instead, the participants rely on their connection to the Internet. The access
technology used is not relevant in this case: ideal is the use of broadband
technologies such as DSL (Digital Subscriber Line) in combination with flatrate
contracts. But also a conventional ISDN line can be used.
The technologies of the individual participants do not have to be compatible
to one another, as would be the case for conventional direct connections. A
single Internet access can be used to establish multiple simultaneous logical
connections to a variety of remote stations.
The resulting savings and high flexibility makes the Internet (or any other IP
network) an outstanding backbone for a corporate network.
Two technical properties of the IP standard speak against using the Internet
as a part of a corporate network, however:
The necessity of public IP addresses for all participants
The lack of data security of unprotected data transfers
14.1.1 Private IP addresses on the Internet?The IP standard defines two types of IP addresses: public and private. A public
IP address is valid worldwide, while a private IP address only applies within a
closed LAN.
Public IP addresses must be unique on a worldwide basis. Private IP addresses
can occur any number of times worldwide; they must only be unique within
their own closed network.
Normally, PCs in a LAN only have private IP addresses, while the router to the
Internet also has a public address. All PCs behind this router have access to
the Internet via its public IP address (IP masquerading). In such a case, only
the router itself is responsive via the Internet. PCs behind the router are not
responsive to the Internet without intervention by the router.