Remote Access VPN and Tunneling Protocol Analysis
The market forces
driving the adoption of Remote Access VPN (primarily an ever-more mobile and
distributed workforce in need of economical connectivity) are building daily.
ISPs hoping to capitalize on this growth market must build a tunneling infrastructure
to support Remote Access VPN services. But the $64,000 question. which tunneling
protocol infrastructure? In this column, we'll examine the alternative tunneling
protocol that ISPs may wish to consider.
For a Virtual
Private Network service that simply reduces the cost of authenticated remote
access VPN, compulsory L2TP tunneling protocol is arguably the most straightforward
approach. ISP NAS configuration is comparatively limited, and there is no client
software to support.
Layer 2 tunnels connect a single dial user to a private network, treating the public Internet as a virtual data link. Without tunneling protocol, PPP sessions connect a dial user to an enterprise's private modem pool. With tunnels, the PPP session endpoint can be extended to the edge of the customer's corporate network, providing secure remote access VPN solution.
Microsoft's Point-to-Point Tunneling Protocol (PPTP) is often used for voluntary authenticated and encrypted tunneling between dial-up clients and a PPTP Network Server located just inside the customer's network. With PPTP, users dial into any Internet POP and then launch the Microsoft remote access VPN Adapter.
IPsec can also be used to support Remote Access VPN by tunneling from an individual host to a security gateway, topologically similar to voluntary PPTP tunnels. IP packets to public destinations are sent without addition of IPsec Tunneling protocol.