There are many different ways to configure and connect a VPN connection. In this video, you’ll learn about site-to-site, host-to-site, and host-to-host VPN connections.
<< Previous: VPN ConcentratorsNext: VPN Protocols >>
There are many different ways to set up a virtual private network communication from a remote site or a remote user. In this video we’ll look at a number of the most popular ways to set up these links. A site-to-site VPN is generally used when you have an organization with a remote location. Or maybe these are two separate organizations that would like to communicate with each other, but they would like to communicate over an existing internet connection. Well, we know the communication through the internet is something that is insecure.
So a site-to-site VPN allows us to encrypt all of the traffic between those locations by using a VPN appliance, or a firewall, or a router, or another device that can handle these types of site-to-site VPNs. This means we don’t have to install a new network connection. We don’t need a new WAN link. There’s no additional circuits. And generally, there are no additional costs as long as you already have a device that can handle something like a site-to-site VPN.
One would simply set up the VPN appliance to communicate to the inside of our network, and since those are trusted, all of that communication will be in the clear, or decrypted traffic. And we’ll tell our VPN appliance to communicate to the other VPN appliance and encrypt all of the traffic that’s traversing between those two devices. Now we’ve got a secure link through the internet, and we’ve got the ability to see that data on our local enterprise networks.
A host-to-site VPN is something we might use if we have a laptop or a mobile device, and we’re in a coffee shop, or a hotel, or we’re at a conference. And we’d like to use the hotel’s network, but still be able to communicate securely back to our corporate environment.
So in this case we have a corporate network. We’ve got a VPN concentrator. We’ve got an internet connection. And here’s our remote user out at the coffee shop. Well, by installing some software or using software that’s built into our operating system, we can communicate directly back to a VPN concentrator over this encrypted tunnel. And everything on the inside of that VPN concentrator is in the clear, or decrypted traffic into the corporate network.
If any of this corporate information goes through the concentrator back to us, the concentrator will encrypt it, send it through the internet connection. And on our single device, we will decrypt that data. And that way we’re sure that even though we’re on this open hotel network, all of our traffic going back to our corporate environment is still going to be encrypted and secure.
In the previous two examples we had VPN concentrators. We had a VPN endpoint. And these were generally pieces of hardware that are designed to perform this VPN functionality. But you don’t have to have hardware to make this happen.
You can make all of this happen in a piece of software. And you could even connect two devices together using the software in something called a host-to-host VPN. This is a user-to-user communication. There’s no additional hardware in the middle. All you need is to load compatible software on both sides.
And these two devices will create a tunnel between the two devices where all of that communication will be encrypted. The software receives that at the end of the tunnel on each of the devices and decrypts it. Which allows us to still see this information on our laptop, but communicate securely between the two devices.
Category: CompTIA Network+ N10-006