A VPN has the appearance and many of the advantages of a dedicated link but occurs over a shared
network, using a technique called tunnelling. Data packets are transmitted across a public routed network,
most commonly the Internet, in a secure tunnel that simulates a point-to-point connection as if it were a
This enables network traffic from many sources to travel via separate
tunnels across the same infrastructure. It allows network protocols to
traverse incompatible infrastructures. It also enables traffic from
many sources to be differentiated, so that it can be directed to
specific destinations and receive specific Quality of Service
Tunnel initiation and termination can be performed by a variety of network devices and software, Cisco
provide a VPN capability in their IOS router software.
For some applications it is more suitable to deploy a solution where the tunnel is started, for example, by
a VPN client located on the end user's PC. The connection is then be initiated by a conventional analogue
modem or through an ISDN line. Many vendors offer some capability, the best solution must be evaluated
for specific needs.
In addition, there will usually be one or more security servers. Along with the conventional application of
firewalls and address translation if required, VPNs can provide for data encryption, authentication, and
authorisation. Tunnelling devices can perform these functions by communicating with security servers.
VPN capabilities can be added to existing networking equipment through a software or equipment upgrade.
Once installed, the capability can be used for multiple VPN applications, each delivering security,
performance, management control, bringing substantial cost and revenue benefits.