132
Networking: A Beginner's Guide
corporate LAN. Even for users who don't have DSL or cable modems available in their
area, ISDN is usually an option from the local telephone company. (ISDN and DSL
technology are discussed in more detail in Chapter 7.)
Remote users using DSL or cable modems are "hard-wired" to a particular ISP for
their connection, so they need to use a virtual private networking approach to connecting
to the LAN. ISDN users, on the other hand, have the choice of either connecting to an
ISDN-capable ISP or to ISDN "modems" hosted on the LAN. Through a process called
bonding, ISDN users can achieve speeds up to 128 Kbps, although this consumes two
B-channels. (and doubles the call charges!) Still, such speeds are better than the 33.6 Kbps
that you can otherwise achieve through a modem.
Virtual Private Networks
A virtual private network (VPN) is a network link formed through the Internet between
the remote user connected to an ISP and the company LAN. A VPN connection is
carried over a shared or public network--which is almost always the Internet. VPNs
use sophisticated packet encryption and other technologies, so the link from the user
to the LAN is secure, even though it may be carried over a public network. VPN
connections cost much less than dedicated connections, such as the WAN technologies
discussed in Chapter 7, because they take advantage of the cost efficiencies of the
Internet without compromising security.
VPN solutions range from simple ones that can be implemented on a Windows
server essentially for free--using the Remote Access Service (RAS) included with
Windows NT Server or the equivalent Routing and Remote Access Service (RRAS)
in Windows 2000 Server or later--to stand-alone specialized VPN routers that can
support hundreds of users. Figure 10-6 shows how a VPN connection works.
VPN connections are used in two important ways:
To form WAN connections using VPN technology between two networks that
might be thousands of miles apart but which each have some way of accessing
the Internet
To form remote access connections that enable remote users to access the LAN
through the Internet
The emphasis in this chapter is on remote access, but it's important to know that
VPNs support WAN connections in much the same way as they support a remote
access connection. The main difference for a WAN VPN connection is that it connects
two networks together, rather than a user and a network, and relies on different
hardware (typically) than a remote access connection uses. A WAN VPN connection
takes advantage of the existing Internet connection for both LANs and might run
virtually 24 hours a day. A remote access connection, on the other hand, is usually
formed when needed and uses less expensive hardware on the remote side, such as a
dialup modem or perhaps a higher-speed Internet connection, such as xDSL, ISDN, or
cable modem.