DirecWay Virtual Private Network Overview
Virtual Private Networks
Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks such as the Internet. VPN connections can allow users working at home or on the road to use the Internet to establish a connection to their company’s (or other organization’s) private network.
The private data is encrypted and encapsulated, or wrapped, with a header that provides routing information in order to be sent across the publicly shared Internet; this is known as tunneling.
Encryption and other security mechanisms allow the data to pass through the Internet (or any network) without being intercepted, since the tunneled data is indecipherable without the proper encryption keys. Thus a VPN connection logically behaves as a secure point-to-point connection to the private network, though it uses a public network to transport its data.
Client/Server Based VPN
The most widely used VPN architecture is the client/server model. In the client/server model, a software client is loaded on the remote computer that connects over the Internet to a VPN server or router located on the organization’s private network.
In the DirecWay network, the VPN client/server software will encrypt and tunnel the data end to end throughout the entire network, as shown below: The clients that have been tested and approved with DirecWay system are Microsoft Windows VPN (PPTP), Cisco VPN, and Nortel Extranet. Other clients such as Indus River and Borderware Secure VPN are currently under test.
Some client/server implementations require that the client have a static routable address assigned to the remote. Whether or not it is static, a routable address is required by the IPSec implementation between the server or router side and the client.
If IPSec is used, a static IP address will be required. The Checkpoint VPN client is the only client that we tested that will not currently work on DirecWay. The issues with Checkpoint have been addressed, and Checkpoint and HNS engineers are working together on a solution.
The clients that have been tested and approved to work over DIRECWAY are as follows:
| Client Name | Works | Comments/Other Requirements |
| Microsoft’s PPTP | YES | |
| Cisco | YES | Static IP required |
| Nortel’s Extranet clien | YES | Static IP required |
| Indus River | YES | Pilot testing |
| Borderware Secure | YES | Pilot testing |
| Checkpoint | NO | Solution may be forthcoming |
A VPN client’s typical rates on an FTP download are approx. ½ of the standard DIRECWAY speeds. This takes place due to the fact that client/server VPN connections cannot
take advantage of some DIRECWAY performance-enhancing technologies because packets are tunneled by the VPN application from end
to end.Typically all applications that work with DirecWay will work over a DirecWay with a VPN client; however, because of this there will often be decreased performance.
POP3 and Web based mail, accessing Database using HTTP or Web server work reasonably well over a VPN connection.
Directly accessing the database or server with the email client either may not work at all or performance is severely limited.