Users
often want to connect to their organization's network from an off-site
computer. To do so, they need a dial-up, broadband, or virtual private
network (VPN) connection. Dial-up networking enables users to connect
off-site computers to their organization's network using a modem and a
standard telephone line. Broadband enables users to connect off-site
computers to their organization's network using high-speed Digital
Subscriber Line (DSL) routers or cable modems. VPN uses encryption to
provide secure connectivity over an existing connection, which can be a
local area, dial-up, or broadband connection. Increasingly, wireless
connections are being used as well. With a wireless connection,
computers establish connections using a network adapter that has an
antenna that enables it to communicate with similar wireless devices.
Understanding Mobile Networking and Remote Access
Although the underlying technologies are
fundamentally different, direct dial, broadband, and dial-up
connections make it possible for users to access your organization's
network remotely. With a typical direct dial network configuration,
off-site users utilize their computer's modem and a standard telephone
line to connect to a modem pool located at the office. A Microsoft
Windows Server managing the modem pool and running Routing And Remote
Access authenticates the logon ID and password and authorizes the user
to connect to the internal network. The user can then access network
resources just as she does when working on-site.
Figure 1
shows direct dial connections using modem pools. Analog modems use
dedicated telephone lines to connect users to the internal network at
speeds up to 33.6 kilobits
per second (Kbps). Digital modems use channels of a T1 line to connect
users to the internal network at speeds up to 56 Kbps. In a standard
configuration, you might have 8, 12, or 16 modems configured in the
pool, each with its own line (or channel). Typically, the modem pool
has a lead number that users can call. This number connects to the
first modem in the pool. When the lead number is busy, the line rolls
over to the next number, which connects to the next modem in the pool,
and so on, enabling users to dial a single number to gain access to all
modems in the pool.
Unlike direct dial connections, which can be made
directly to the office network, broadband connections are made through
an Internet service provider's (ISP's) network. The user's DSL router
or cable modem establishes a connection to the ISP, which in turn
connects the user to the public Internet. To connect to the office
network, broadband users must establish a VPN between the user's
computer and the office network. Figure 2 shows how VPN works.
A VPN is an extension of a private network across the
public Internet. Once a user is connected, it appears to him that he is
directly connected to the office network and can access network
resources just as he does when working on-site. These seamless
connections are possible because a virtual tunnel is established
between the user's computer and the office network, where the VPN
technology takes care of routing information over the public Internet.
One of two VPN technologies is typically used: Point-to-Point Tunneling
Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP).
Both
L2TP and PPTP offer encryption and protection from attacks, but only
L2TP uses IP Security (IPSec) for advanced encryption, making it the
more secure of the two technologies. Unfortunately, L2TP is more
difficult to configure. When you use L2TP, you'll need to use Microsoft
Certificate Services or a third party certificate server to issue
individual certificates for each system that will connect to the
network using L2TP.
In addition to using VPN with broadband
connections, you can also use VPN with dialup connections. In this
configuration, as shown in Figure 2,
users go through their ISP to establish a connection to the public
Internet and later establish a private connection to the office
network. When this configuration becomes standard procedure for dial-up
users, your organization won't need dedicated private lines like those
reserved for a modem pool.
