LANCOM Reference Manual LCOS 3.50 Chapter 14: Virtual Private Networks—VPN
294
Virtual Private Networks—
VPN
Routing at the IP level with VPN
IP connections must be established between routers with public IP addresses
in order to link networks via the Internet. These routers provide the
connections between multiple subnetworks. When a computer sends a packet
to a private IP address in a remote network segment, the local router forwards
the packet to the router of the remote network segment via the Internet.
VPN handles the conversion between private and public IP addresses. Without
VPN, computers without public IP addresses would not be able to
communicate with one another via the Internet.
14.1.2 Secure communications via the Internet?The idea of using the Internet for corporate communications has been met
with skepticism. The reason for this is that the Internet lies beyond a
company's field of influence. Unlike dedicated connections, data on the
Internet travels through the network structures of third parties that are
frequently unknown to the company.
In addition, the Internet is based on a simple form of data transfer using
unencrypted data packets. Third parties can monitor and perhaps even
manipulate the contents of these packets. Anyone can access the Internet. As
a result, third parties may gain unauthorized access to the transferred data.
VPN – Security through encryption
VPN was developed as a solution to this security problem. If necessary, it can
encrypt the complete data communications between two participants. The
packets are then unreadable for third parties.
The latest and most secure encryption technologies can be used for VPN. A
very high level of security can thus be reached. VPN-protected data traffic via
the Internet offers a degree of security that at least corresponds to that of
dedicated lines.
Codes usually referred to as "keys" are agreed upon between the participants
and used for data encryption. Only the participants in the VPN know these
keys. Without a valid key, it is not possible to decrypt the data. They thus
remain "private", inaccessible to unauthorized parties.
Send your data through the tunnel – for security’s sake
This also explains the nature of a virtual private network: A fixed, physical
connection between the devices of the type required for a direct connection
does not exist at any time. Rather, the data flows via suitable routes through