Updated: July 11, 2020 (January 14, 2002)

  Charts & Illustrations

VPN Scenarios

IPSec supports three basic VPN scenarios.

To connect remote offices over the Internet to a central office (top), a company places a VPN gateway at each office and establishes a secure VPN tunnel between the gateways. Traffic is secured only while it moves through the tunnel.

In a remote-user scenario (middle), individual roaming or home users connect to a company’s network over the Internet (middle) through a VPN gateway, using VPN client software on their machines.

In the untrusted private network scenario (bottom), an organization needs to connect workstations or servers over a network that is insecure, such as an 802.11b wireless LAN or a wired LAN in a physically insecure environment like a university campus. Each individual computer establishes a VPN tunnel with each resource (e.g., a file server) it needs to use.

IPSec’s role in all these scenarios is to secure the gateway-to-gateway, computer-to-gateway, or computer-to-computer connection in the VPN tunnel, providing authentication of devices, ensuring integrity of transmitted data, and (optionally) encrypting data for confidentiality. An additional protocol, called the Layer 2 Tunneling Protocol (L2TP), provides user authentication for remote user and some remote office situations.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now