For Barney to use the VPN, he must encrypt the packet as he
creates it. To do this, Barney needs to have VPN software installed on his
computer. The VPN client software performs
encryption before sending packets, and it performs decryption when receiving
packets. Barney also needs to know what encryption key to use. Barney sends this
packet to a VPN device inside the corporate network called a VPN
concentrator, which decrypts packets received from Barney and others,
as well as decrypting packets that need to be sent back to Barney.
The steps from Figure
17-6 are as follows:
|
1. |
Barney creates a new packet and then encrypts the packet. The
original packet has a destination IP address of the web server, but the new IP
header put around the encrypted packet has a destination IP address of the VPN
concentrator.
|
|
2. |
Barney forwards the packet, destination IP address of the VPN
concentrator, into the Internet.
|
|
3. |
The packet passes through the public Internet. However, the
only thing in the packet that makes any sense is the IP header. The rest of the
packet contents has been encrypted. If anyone were to capture the packet, he
would see just a bunch of jumbled bits inside the IP
packet.
|
|
4. |
The VPN concentrator receives the packet, extracts the
encrypted original packet, and decrypts the packet. Decryption refers to the reverse of encryption,
taking the encrypted data and converting it back to the original datain this
case, the same IP packet that Barney created in the first place. |
|
5. |
The VPN concentrator forwards the packet to the original
destination, which is the web server in this
case.
|
The steps list the actions, as well as some of the
implications, of using VPNs. In fact, this example shows just one type of VPN
(called an IPSec VPN); there are many other types. However, in general, all VPNs
make a public network, such as the Internet, work more like a private network,
and often, VPNs include encryption to protect your data.
Sections
Comments (0 posted)
Syndication
