Ans:

VPN gives extremely secure connections between private networks linked through the Internet. It allows remote computers to act as though they were on the same secure, local network.

It is a system that enable you to create networks using the Internet as the medium for transporting data to ensure that only authorized users can access the network and that the data cannot be intercepted. The VPN technology supported by Windows 2000 is CISCO VPN, Free swan VPN, etc.

The function of VPN is to allow two computers or networks to talk to each other over a transport media that is not secure. To do this VPN uses a computer at each of the two or more points on the various ends of the transport media such as the internet. Each point at the end of the transport media (internet) is called a point of presence (POP).

Tunneling means that the complete IP packet to be sent from Boston to San Diego must be encapsulated into another IP packet. This new packet will have a legal internet IP address. Therefore, machine A will take the packet it needs to route (already has destination address 10.3.6.1) and roughly the following will happen:

1. Machine A will extract the IP packet.
2. Machine A will encrypt the packet.
3. Machine A will wrap the original IP packet in a new IP packet with destination address 201.47.98.101, which is machine C's true internet address.
4. Machine A will wrap the new IP packet in an ethernet packet and send it to the network.
5. The packet will be routed through the internet until it reaches machine C.
6. Machine C will extract the outer IP packet.
7. Machine C will determine that the IP packet contains another IP packet and extract it.
8. Machine C will decrypt the packet.
9. Machine C will examine the destination address of the inner IP packet, wrap it in an ethernet packet with the correct ethernet address, and send it to the internal network on its port 10.3.1.1.

This description is simplistic, but it is essentially what happens. This did not account for authentication and being sure machine C had the authority or ability to decrypt the packet. Therefore VPN can be examined in two main functional areas which are the tunneling mechanism and the security mechanisms.