A Virtual Private Network (VPN) uses a public network—such as the Internet—to enable remote users and sites to connect securely to the corporate network. Two types of VPNs are a remote access VPN, and a site-to-site VPN. Corporate networks and their intranets are most often built on site-to-site VPNs, where the Local Area Network (LAN) of each work location—to very little geographical restriction—can be connected together to form a secured Wide Area Network (WAN) on which company resources can be shared. Remote Access VPNs allow individual users to connect to the corporate network remotely.
On VPNs, data travels over the Internet securely through a tunneling protocol, where it is encrypted using Secure Sockets Layer (SSL) or Internet Protocol Security (IPSec). The tunneling protocol also encapsulates, or wraps, the data with routing information for the receiving user. Once received, the remote access connection is then authenticated using an AAA server, which authenticates the user, authorizes access, and accounts all activity while logged in. Common authenticating servers include Remote Authentication Dial-in User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and Active Directory (AD) among others.