600 CHAPTER 42: CONFIGURING VPN
ISP gateway and PPP session ends at NAS, it is unnecessary for the gateway at the
user end to manage and maintain the status of every PPP session, thus improving
system performance.
Generally, Layer 2 and Layer 3 tunnel protocols are used independently so
combining L2TP together with the IPSec protocol provides better performance and
security for the users.
Service Purpose VPNs are also classified according to the types of service they provide:
■ Intranet VPN: In an intranet VPN, the branches of an enterprise located
everywhere are interconnected through the public network, which is the
extension or substitute of traditional leased line networks or other enterprise
networks.
■ Access VPN: Access VPN provides a means to establish private connections with
the intranet or extranet of enterprises through the public networks for those
staff members on business errands, remote personnel and SOHO. Access VPN
has two types: client-initiated VPN connections and NAS-initiated VPN
connections.
■ Extranet VPN: Extranet VPN extends an intranet to partners and clients through
VPN so that different enterprises can build their VPNs using public networks.
Networking Model VPNs are classified by the type of networking model that they use:
■ Virtual Leased Line (VLL): VLL emulates the traditional leased line service with
the help of the IP network and hence providing asymmetrical and inexpensive
leased line service. For the users at both ends of the VLL, the VLL is similar to
the traditional leased line.
■ Virtual Private Dial-up Network (VPDN): VPDN is implemented utilizing dial-up
and access services of the public network (ISDN and PSTN), which provides
access services for enterprises, small-sized ISPs, and mobile offices.
■ Virtual Private LAN Segment (VPLS) service: In VPLS, LANs can be
interconnected through virtual private segment with the help of IP public
networks. It is the extension of LAN across IP public network.
■ Virtual Private Routing Network (VPRN) service: VPRN implements the
interconnection of headquarters, branches and remote offices by means of
managing virtual routers, with the aid of the IP public networks. There are two
ways to implement the services: one is to utilize the traditional VPN protocols
as IPSec and GRE, and the other is to utilize the MPLS (Multiple Protocol Label
Switching) technology.