Determining what type of VPN to create

This information can help you decide on various connection types you can setup.

Determining how you will use your VPN is one of the first steps in successful planning. To do this, you need to understand the role that both the local key server and the remote key server play in the connection. For example, are the connection endpoints different from the data endpoints. Are they the same or some combination of both? Connection endpoints authenticate and encrypt (or decrypt) data traffic for the connection, and optionally provide key management with the Internet Key Exchange (IKE) protocol. Data endpoints, however, define the connection between two systems for IP traffic that flows across the VPN; for example, all TCP/IP traffic between 123.4.5.6 and 123.7.8.9. Typically, when the connection and data endpoints are different, the VPN server is a gateway. When they are the same, the VPN server is a host.

Various types of VPN implementations that are well suited to most business needs follow:

Gateway-to-gateway

The connection endpoints of both systems are different from the data endpoints. The IP Security (IPSec) protocol protects traffic as it travels between the gateways. However, IPSec does not protect data traffic on either side of the gateways within the internal networks. This is a common setup for connections between branch offices because traffic that is routed beyond the branch office gateways, into the internal networks, is often considered trusted.

Gateway-to-host

IPSec protects data traffic as it travels between your gateway and a host in a remote network. VPN does not protect data traffic in the local network because you consider it trusted.

Host-to-gateway

VPN protects data traffic as it travels between a host in the local network and a remote gateway. VPN does not protect data traffic in the remote network.

Host-to-host

The connection endpoints are the same as the data endpoints on both the local and the remote systems. VPN protects data traffic as it travels between a host in the local network and a host in the remote network. This type of VPN provides end-to-end IPSec protection.

Parent topic: