IPASJ International Journal of Computer Science(IIJCS)

Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm

A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 42


ABSTRACT
A Virtual Private Network (VPN) is a private data network that makes use of the public telecommunication infrastructure,
maintaining privacy through the use of a tunneling protocol and security procedures. This paper presents the analysis and
special issues of VPN technologies in communication especially the three important VPN technologies such as Trusted VPNs,
Secure VPNs and Hybrid VPNs with their requirements, techniques and supporting with VPNC standards and performance.
Keywords: VPN - Virtual Private Network, VPNC - Virtual Private Network Consortium, IETF - Internet
Engineering Task Force, RFC - Requests For Comments, I-Ds - Internet Drafts.
1. INTRODUCTION
A Virtual Private Network (VPN) is a private data network that makes use of the public telecommunication
infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private
network can be contrasted with a system of owned or leased lines that can only be used by one company. The main
purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the
shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a
decade. A virtual private network makes it possible to have the same protected sharing of public resources for data.
Companies today are looking at using a private virtual network for both extranets and wide-area intranets. A VPN uses
the Internet infrastructure to interconnect sites and provide connectivity for remote dial-up users. The nearly universal
coverage of the Internet eliminates the need for private leased lines and modem pools, and it eliminates long distance
telephone charges remote, dial-up users. VPNs are less costly than conventional wide area networks. A VPN operates
by passing data over the Internet or corporate intranet through tunnels which are secure, encrypted virtual
connections that use the Internet (or corporate intranet) as the connection medium. The VPN establishes tunnels
between servers in a site-to-site VPN, and between clients and servers in a client-to site VPN. The VPN encrypts and
encapsulates each IP (or IPX) packet before passing it through a tunnel. The encapsulated packet includes
authentication information to ensure the authenticity of the data and its source. The VPN also uses the authentication
information to check that the original data has not been corrupted during transmission, ensuring the integrity of the
data. Site to site VPN can be further classified into two types. They are Intranet-based VPN and Extranet-based VPN.
Intranet-Based VPNs: If a Company has more remote locations that it wishes to join in a single private network, it can
create an Intranet VPN to connect LAN to LAN. Extranet-Based VPNs: When a Company has close relationship with
another company, it can build an Extranet VPN that connects LAN to LAN and allows all of the various companies to
work in a shared environment. Remote access VPN can be also called as virtual private dial-up network (VPDN). This
Remote access VPN establishes the User-to-LAN connection. In LAN connection Telecommuters dial up to reach the
Server and use their VPN client software to access the corporate network. Thus an authenticated User can logon to the
VPN tunnel from anywhere using a laptop.[1]-[3].
1.1 VPN Terminology
Virtual Private Network is a computer network in which some of the links between nodes are carried by open
connections or virtual circuits in some larger networks, such as the internet, as opposed to running across a single
private network. The link layer protocols of the virtual network are said to be tunneled through the transport network.
The rise of the Internet and the increase of speed for cheap Internet connections paved the way for new technologies.
Many developers, administrators, and, last but not the least, managers had discovered that there might be better
solutions than spending several hundreds of dollars, if not thousands of dollars, on dedicated and dial-up access lines.
The idea was to use the Internet for communication between branches and at the same time ensure safety and secrecy of
the data transferred. In other words: providing secure connections between enterprise branches via low-cost lines using
the Internet. This is a very basic description of what VPNs are all about. Taking into account literally the acronym VPN
(Virtual Private Network) Virtual means there is no direct network connection between the two communication
Performance Analysis and Special Issues of VPN
Technologies in Communication:
Trusted VPNs, Secure VPNs and Hybrid VPNs
DR. P. RAJAMOHAN

Senior Lecturer, School of Information Technology, SEGi University,
Taman Sains Selangor, Kota Damansara, PJ U 5, 47810 PJ , Selangor Darul Ehsan, Malaysia.

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 43


partners, but only a virtual connection provided by VPN. Software, realized normally over public internet connection.
And considered to be private because only the members of the company connection by the VPN software are allowed to
read data transform. With a VPN The network entities are described as a set of logical connections secured by special
software that establishes privacy of safeguard the connection endpoint[2]-[5]. VPN technology has been used to provide
secure and efficient connectivity among geographically distributed branch offices, strategic partners, and
mobile/telecommuting employees. So VPNs can connect individual users to a remote network or connect multiple
networks together. They can provide remote access through tunnel and security functions including Confidentiality,
authentication and integrity through some security procedures such as encryption[3].
1.2 VPN - Tunneling
Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and
maintaining a logical network connection (that may contain intermediate hops). On this connection, packets
constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then
transmitted between VPN client and server, and finally de-encapsulated on the receiving side. For Internet-based VPNs,
packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also
support authentication and encryption to keep the tunnels secure. Tunnel is a very important technology to implement
VPN solution. Tunnel technology can be expressed as X over Y. One network protocol can encapsulate any legal
payload of different protocol using tunnel technology. That is, X will become a payload of Y. There have been some
standard tunneling protocols, such as L2TP, PPTP, IPSec, etc. Some commercial VPN products are now widely
available. They can provide different secure, reliable and efficient services in terms of cost and capabilities. It provides
the best performance of fast, security and reliable. In a remote-access VPN, tunneling normally takes place using PPP.
Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the
host computer and a remote system. Remote-access VPN tunneling relies on PPP. Each of the protocols listed below
were built using the basic structure of PPP and are used by remote-access VPNs. L2TP can be used as a tunneling
protocol for site-to-site VPNs as well as remote-access VPNs. In fact, L2TP can create a tunnel between Client and
router, NAS and router & Router and router. The long-term direction for secure networking, IPSec is a suite of
cryptography-based protection services and security protocols. Because it requires no changes to applications or
protocols, you can easily deploy IPSec for existing networks. IPSec provides machine-level authentication, as well as
data encryption, for VPN connections that use the L2TP protocol. IPSec negotiates between your computer and its
remote tunnel server before an L2TP connection is established, which secures both passwords and data. L2TP uses
standard PPP-based authentication protocols, such as EAP , MS-CHAP, SPAP, and PAP with IPSec. Encryption is
determined by the IPSec Security Association, or SA. A security association is a combination of a destination address, a
security protocol, and a unique identification value, called a Security Parameters Index (SPI). [3]-[4]. L2F (Layer 2
Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP. PPTP (Point-to-Point
Tunneling Protocol) - PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft,
3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit encryption and will use any authentication
scheme supported by PPP[3]. L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership between the
members of the PPTP Forum, Cisco and the IETF (Internet Engineering Task Force). Combining features of both PPTP
and L2F, L2TP also fully supports IPSec[4].
1.3 VPN Advantages - Cost Savings
Organizations historically needed to rent network capacity such as T1 lines to achieve full, secured connectivity
between their office locations. With a VPN, you use public network infrastructure including the Internet to make these
connections and tap into that virtual network through much cheaper local leased lines or even just broadband
connections to a nearby Internet Service Provider (ISP). A VPN also can replace remote access servers and long-
distance dialup network connections commonly used in the past by business travelers needing to access to their
company intranet. With VPNs, the cost of maintaining servers tends to be less than other approaches because
organizations can outsource the needed support from professional third-party service providers. These provides enjoy a
much lower cost structure through economy of scale by servicing many business clients. The cost to an organization of
building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A
company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4
branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on. Internet
based VPNs avoid this scalability problem by simply tapping into the public lines and network capability readily
available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of
service[3]-[5],[9].

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 44


1.4 The VPN Consortium (VPNC)
The VPN Consortium (VPNC) is the international trade association for manufacturers in the VPN market. The primary
purposes of the VPNC are[5],[18]:
Promote the products of its members to the press and to potential customers
Increase interoperability between members by showing where the products interoperate
Serve as the forum for the VPN manufacturers throughout the world
Help the press and potential customers understand VPN technologies and standards
Provide publicity and support for interoperability testing events
It should be noted that VPNC does not create standards; instead, it strongly supports current and future IETF standards.
1.5 Internet Engineering Task Force (IETF)
The various VPN protocols are defined by a large number of standards and recommendations that are codified by the
Internet Engineering Task Force (IETF). There are many flavors of IETF standards, recommendations, statements of
common practice, and so on. Some of the protocols used in IPsec are full IETF standards; however, the others are often
useful and stable enough to be treated as standard by people writing IPsec software. Neither of the trusted VPN
technologies are IETF standards yet, although there is a great deal of work being done on them to get them to become
standards[5],[19].
1.6 Requests For comments (RFCs)
The IETF codifies the decisions it comes to in documents called "Requests For Comments". These are almost
universally called by their acronym "RFCs". Many RFCs are the standards on which the Internet is formed. The level of
standardization that an RFC reaches is determined not only by "how good" the RFC is, but by how widely it is
implemented and tested. Some RFCs are not solid standards, but they nonetheless document technologies that are of
great value to the Internet and thus should be used as guidelines for implementing VPNs. For the purpose of defining
VPNs, any protocol that has become an IETF Request For Comments (RFC) document can be treated as somewhat of a
standard. Certainly, any IPsec-related RFC that has been deemed to be on the IETF "standards track" should certainly
be considered a standard[5],[15],[18].
1.7 Internet Drafts
Before a document becomes an RFC, it starts out as an Internet Draft (often called "I-Ds"). I-Ds are rough drafts, and
are sometimes created for no other benefit than to tell the Internet world what the author is thinking. On the other
hand, there is often very good information in some I-Ds, particularly those that cover revisions to current standards.
Some Internet Drafts go along for years, but are then dropped or abandoned; others get on a fast track to becoming
RFCs, although this is rare. Internet Drafts are given names when they first appear; if they become RFCs, the I-D name
disappears and an RFC number is assigned. It should be emphasized here that it is unwise to make any programming
decisions based on information in Internet Drafts. Most I-Ds go through many rounds of revisions, and some rounds
make wholesale changes in the protocols described in a draft. Further, many I-Ds are simply abandoned after discussion
reveals major flaws in the reasoning that lead to the draft. VPNC listed all the active I-Ds that relate to VPNs[5][18].
2. VPN TECHNOLOGIES
2.1 VPN Technologies And Terminology
Three important VPN technologies: Trusted VPNs, Secure VPNs and Hybrid VPNs. It is important to note that e
trusted VPNs and secure VPNs are not technically related, and can co-exist in a single service package. The
requirements and techniques of all this three VPNs technologies supporting with VPNC as given below based on the
analysis and research.
2.1.1 Trusted VPNs
Before the Internet became nearly-universal, a virtual private network consisted of one or more circuits leased from a
communications provider. Each leased circuit acted like a single wire in a network that was controlled by customer.
The communications vendor would sometimes also help manage the customer's network, but the basic idea was that a
customer could use these leased circuits in the same way that they used physical cables in their local network. The
privacy afforded by these legacy VPNs was only that the communications provider assured the customer that no one
else would use the same circuit. This allowed customers to have their own IP addressing and their own security
policies. A leased circuit ran through one or more communications switches, any of which could be compromised by
someone wanting to observe the network traffic. The VPN customer trusted the VPN provider to maintain the integrity
of the circuits and to use the best available business practices to avoid snooping of the network traffic. Thus, these are
called Trusted VPNs [3],[18].

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 45


2.1.2 Secure VPNs
As the Internet became more popular as a corporate communications medium, security became much more of a
pressing issue for both customers and providers. Seeing that trusted VPNs offered no real security, vendors started to
create protocols that would allow traffic to be encrypted at the edge of one network or at the originating computer,
moved over the Internet like any other data, and then decrypted when it reached the corporate network or a receiving
computer. This encrypted traffic acts like it is in a tunnel between the two networks: even if an attacker can see the
traffic, they cannot read it, and they cannot change the traffic without the changes being seen by the receiving party and
therefore rejected. Networks that are constructed using encryption are called Secure VPNs [3],[10],[18].
2.1.3 Hybrid VPNs
More recently, service providers have begun to offer a new type of trusted VPNs, this time using the Internet instead of
the raw telephone system as the substrate for communications. These new trusted VPNs still do not offer security, but
they give customers a way to easily create network segments for wide area networks (WANs). In addition, trusted VPN
segments can be controlled from a single place, and often come with guaranteed quality-of-service (QoS) from the
provider. A secure VPN can be run as part of a trusted VPN, creating a third type of VPN that is very new on the
market are called Hybrid VPNs [3],[18]. The secure parts of a hybrid VPN might be controlled by the customer (such
as by using secure VPN equipment on their sites) or by the same provider that provides the trusted part of the hybrid
VPN. Sometimes an entire hybrid VPN is secured with the secure VPN, but more commonly, only a part of a hybrid
VPN is secure[11].
2.2 Usage Scenarios for VPN Technologies
2.2.1 Usage scenarios for Trusted VPNs
Companies who use Trusted VPNs do so because they want to know that their data is moving over a set of paths that
has specified properties and is controlled by one ISP or a trusted confederation of ISPs. This allows the customer to use
their own private IP addressing schemes, and possibly to handle their own routing. The customer trusts that the paths
will be maintained according to an agreement, and that people whom the customer does not trust (such as an attacker)
cannot either change the paths of any part of the VPN or insert traffic on the VPN. Note that it is usually impossible for
a customer to know the paths used by trusted VPNs, or even to validate that a trusted VPN is in place; they must trust
their provider completely [15],[18].
2.2.2 Usage scenarios for Secure VPNs
The main reason that companies use Secure VPNs is so that they can transmit sensitive information over the Internet
without needing to worry about who might see it. Everything that goes over a secure VPN is encrypted to such a level
that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundreds of millions
of dollars worth of computers. Further, using a secure VPN allows the company to know that an attacker cannot alter
the contents of their transmissions, such as by changing the value of financial transactions. Secure VPNs are
particularly valuable for remote access where a user is connected to the Internet at a location not controlled by the
network administrator, such as from a hotel room, airport kiosk, or home [10]-[13], [18].
2.2.3 Usage scenarios for Hybrid VPNs
It is clear that secure VPNs and trusted VPNs have very different properties. Secure VPNs provide security but no
assurance of paths. Trusted VPNs provide assurance of properties of paths such as QoS, but no security from snooping
or alternation. Because of these strengths and weaknesses, Hybrid VPNs have started to appear, although the list of
scenarios where they are desired is still evolving. A typical situation for hybrid VPN deployment is when a company
already has a trusted VPN in place and some parts of the company also need security over part of the VPN. Fortunately,
none of the common trusted VPN technologies prevent the creation of hybrid VPNs, and some manufacturers are
creating systems that explicitly support the creation of hybrid VPN services [18],[20].
2.3 Requirements for VPNs
There is one very important requirement that is common to Trusted VPNs, Secure VPNs and Hybrid VPNs: The VPN
administrator must know the extent of the VPN. Regardless of the type of VPN in use, a VPN is meant to have
capabilities that the "regular" network does not. Thus, the VPN administrator must be able to know at all times what
data will and will not be in the VPN.
2.3.1 Trusted VPN Requirements
2.3.1.1 No one other than the trusted VPN provider can affect the creation or modification of a path in the VPN.
The entire value of the trusted VPN is that the customer can trust that the provider to provision and control the VPN.
Therefore, no one outside the realm of trust can change any part of the VPN. Note that some VPNs span more than one
provider; in this case, the customer is trusting the group of providers as if they were a single provider.

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 46


2.3.1.2 No one other than the trusted VPN provider can change data, inject data, or delete data on a path in the
VPN.
A trusted VPN is more than just a set of paths: it is also the data that flows along those paths. Although the paths are
typically shared among many customers of a provider, the path itself must be specific to the VPN and no one other than
trusted provider can affect the data on that path. Such a change by an outside party would affect the characteristics of
the path itself, such as the amount of traffic measured on the path.
2.3.1.3 The routing and addressing used in a trusted VPN must be established before the VPN is created.
The customer must know what is expected of the customer, and what is expected of the service provider, so that they
can plan for maintaining the network that they are purchasing [6]-[7],[18]-[20].
2.3.2 Secure VPN Requirements
2.3.2.1 All traffic on the secure VPN must be encrypted and authenticated.
Many of the protocols that are used to create secure VPNs allow the creation of VPNs that have authentication but no
encryption. Although such a network is more secure than a network with no authentication, it is not a VPN because
there is no privacy.
2.3.2.2 The security properties of the VPN must be agreed to by all parties in the VPN.
Secure VPNs have one or more tunnels, and each tunnel has two endpoints. The administrators of the two endpoints of
each tunnel must be able to agree on the security properties of the tunnel.
2.3.2.3 No one outside the VPN can affect the security properties of the VPN.
It must be impossible for an attacker to change the security properties of any part of a VPN, such as to weaken the
encryption or to affect which encryption keys are used [10]-[13],[18]-[20].
2.3.3 Hybrid VPN Requirements
2.3.3.1 The address boundaries of the secure VPN within the trusted VPN must be extremely clear.
In a hybrid VPN, the secure VPN may be a subset of the trusted VPN, such as if one department in a corporation runs
its own secure VPN over the corporate trusted VPN. For any given pair of address in a hybrid VPN, the VPN
administrator must be able to definitively say whether or not traffic between those two addresses is part of the secure
VPN[18]-[20].
3. TECHNOLOGIES SUPPORTED BY VPNC
The following technologies support the requirements from the previous section. VPNC supports these technologies
when they are implemented by users themselves and when they are implemented in provider-provisioned VPNs with
examples of few RFCs.
3.1 Trusted VPN Technologies
Modern service providers offer many different types of trusted VPNs. These can generally be separated into "layer 2"
and "layer 3" VPNs [6]-[8],[13]-[18]
3.1.1 Technologies For Trusted Layer 2 VPNs Include:
ATM - Asynchronous Transfer Mode Circuits
Frame Relay Circuits
Transport of Layer 2 Frames Over MPLS, as described in draft-ietf-l2vpn-vpls-bgp and other related Internet
Drafts. Transport of Layer 2 Frames Over MPLS
Transport of Layer 2 Frames Over MPLS

RFC 3916 Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) Informational RFC
RFC 3985 PWE3 Architecture Informational RFC
RFC 4447 Transport of Layer 2 Frames Over MPLS Proposed standard
RFC 4448 Encapsulation Methods for Transport of Ethernet Over MPLS Networks Proposed standard

3.1.2 Technologies For Trusted Layer 3 VPNs Include:
MPLS with constrained distribution of routing information through BGP, as described in RFC 4364 and other
related Internet Drafts.
It is widely assumed that both will become standards in the future. Also, the service provider industry has not embraced
one of these technologies much more strongly than the other.
IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 47




General MPLS

RFC 3031 Multiprotocol Label Switching Architecture Full standard
RFC 3032 MPLS Label Stack Encoding Full standard
RFC 3036 Label Distribution Protocol (LDP) Specification Full standard
RFC 3037 LDP Applicability Informational RFC

MPLS constrained by BGP routing

RFC 4364 BGP/MPLS IP VPNs Proposed standard
RFC 4365 Applicability Statement for BGP/MPLS IP VPNs
Informational
RFC
RFC 4381 Analysis of the Security of BGP/MPLS IP VPNs
Informational
RFC
RFC 4026 Provider Provisioned Virtual Private Network (VPN) Terminology
Informational
RFC
RFC 4176 Framework for PPVPN Operations and Management
Informational
RFC
RFC 4265
Definition of Textual Conventions for Virtual Private Network (VPN)
Management
Proposed standard
RFC 4031 Service requirements for Layer 3 Provider Provisioned Virtual Private Networks
Informational
RFC
RFC 3809 Generic Requirements for Provider Provisioned VPNs (PPVNP)
Informational
RFC
RFC 4110 Framework for Layer 3 Provider Provisioned Virtual Private Networks
Informational
RFC
RFC 4111 Security Framework for Provider Provisioned Virtual Private Networks
Informational
RFC

3.2 Secure VPN Technologies
For Secure VPNs list of protocols with few example of RFCs[10]-[18].
General IPsec
ESP and AH (encryption and authentication headers)
Key exchange (ISAKMP, IKE, and others)
Cryptographic algorithms
IPsec policy handling
Remote access
SSL and TLS
IPsec With Encryption in either tunnel and transport modes. The security associations can be set up either manually
or using IKE with either certificates or preshared secrets. IPsec is described in many RFCs, including 2401, 2406,
2407, 2408, and 2409 (for IKEv1), and 4301, 4303, 4306, 4307, and 4308 (for IKEv2).
General IPsec

RFC 4301 Security Architecture for the Internet Protocol Proposed standard
RFC 2401 Security Architecture for the Internet Protocol Obsoleted by RFC 4301

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 48


ESP and AH Headers
RFC 4302 IP Authentication Header Proposed standard
RFC 4303 Encapsulating Security Payload (ESP) Proposed standard
RFC 4304 Extended Sequence Number Addendum to IPsec DOI for ISAKMP Proposed standard
RFC 4835 Cryptographic Algorithm Implementation Requirements For ESP And AH Proposed standard

Key Exchange

RFC 4306 Internet Key Exchange (IKEv2) Protocol Proposed standard
RFC 4307
Cryptographic Algorithms for Use in the Internet Key Exchange
Version 2 (IKEv2)
Proposed standard
RFC 4308 Cryptographic Suites for IPsec Proposed standard
RFC 2407 Internet IP Security Domain of Interpretation for ISAKMP Obsoleted by RFC 4306 (IKEv2)
RFC 2408
Internet Security Association and Key Management Protocol
(ISAKMP)
Obsoleted by RFC 4306 (IKEv2)
RFC 2409 Internet Key Exchange (IKE) Obsoleted by RFC 4306 (IKEv2)

Cryptographic Algorithms

RFC 2405 ESP DES-CBC Cipher Algorithm With Explicit IV Proposed standard
RFC 2451 ESP CBC-Mode Cipher Algorithms Proposed standard
RFC 2104 HMAC: Keyed-Hashing for Message Authentication Informational RFC
RFC 2202 Test Cases for HMAC-MD5 and HMAC-SHA-1 Informational RFC
RFC 2403 Use of HMAC-MD5-96 within ESP and AH Proposed standard
RFC 2404 Use of HMAC-SHA-1-96 within ESP and AH Proposed standard

IPsec Inside of L2TP as described in RFC 3193 has significant deployment for client-server remote access secure
VPNs.
Remote access

RFC 2661 Layer Two Tunneling Protocol (L2TP) Proposed standard
RFC 2888 Secure Remote Access with L2TP Informational RFC
RFC 3193 Securing L2TP using IPsec Proposed standard
SSL 3.0 or TLS With Encryption. TLS is described in RFC 4366. These technologies (other than SSL 3.0) are
standardized in the IETF, and each has many vendors who have shown their products to interoperate well in the
field.
SSL and TLS

RFC 5246 The TLS Protocol Version 1.2 Proposed standard
RFC 2818 HTTP Over TLS Informational RFC
RFC 4366 TLS Extensions Proposed standard
RFC 4279 Pre-Shared Key Ciphersuites for TLS Proposed standard


IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 49


3.3 Hybrid VPN Technologies
Any Supported Secure VPN Technologies Running Over Any Supported Trusted VPN Technology.
It is important to note that a hybrid VPN is only secure in the parts that are based on secure VPNs. That is, adding a
secure VPN to a trusted VPN does not increase the security for the entire trusted VPN, only to the part that was directly
secured. The secure VPN acquires the advantages of the trusted VPN, such as having known QoS features[18],[20].
4. CONCLUSION
VPN can be a solution to reduce the network complexity, reduce the networks operational cost and access the remote
network via global Internet or Intranet with support of VPN Technologies in communication along with VPNC
supports . IPsec is the most dominant protocol for secure VPNs. SSL gateways for remote-access users are also popular
for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. For trusted VPNs, the
market is split on the two MPLS-based protocols. Companies want to do their own routing tend to use layer 2 VPNs;
companies that want to outsource their routing tend to use layer 3 VPNs. VPNC does not create standards; instead, it
strongly supports current and future IETF standards. The cost savings from the use of public infrastructures could not
be recognized if not for the security provided by VPNs. Encryption and authentication protocols keep corporate
information private on public networks. With VPN technologies, new users can be easily added to the network.
Corporate network availability can be scaled quickly with minimal cost. A single VPN implementation can provide
secure communications for a variety of applications on diverse operating system.
5. REFERENCES
[1] Dave Kosiur, Wiley & Sons, Building and Managing Virtual Private Networks; ISBN: 0471295264, pp. 35-110.
[2] John Mains, VPNs A Beginners Guide, McGraw Hill; ISBN: 0072191813, pp. 28-72.
[3] Dr.S.S.Riaz Ahamed & P.Rajamohan, Comprehensive performance Analysis and special issues of Virtual Private
Network Strategies in the computer Communication: a Novel Study, International Journal of Engineering Science and
Technology (IJEST), ISSN : 0975-5462 Vol. 3 No. 7 July 2011, pp. 640-648.
[4] Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony Chan (Cisco Press 2005), Layer 2 VPN Architectures,
pp.73-122.
[5] Wikipedia, Virtual private network, http://en.wikipedia.org/wiki/Virtual private network & Wikipedia , Open
VPN, http://en.wikipedia.org/wiki/OpenVPN
[6] Chris Metz., The Latest in Virtual Private Networks: Part I. IEEE Internet Computing, pp. 8791, 2003.
[7] Chris Metz., The Latest in Virtual Private Networks: Part II. IEEE Internet Computing, pp. 6065, 2004.
[8] Chris Metz., Multiprotocol Label Switching and IP, Part II: Multicast virtual private net-works, IEEE Internet
Computing, pp. 7681.
[9] Alwin Thomas and George Kelley, Cost-Effective VPN-Based Remote Network Connectivity Over the Internet,
2003.
[10] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. Types of VPN, pp. 24-26.
[11] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. VPN Over IPSec., pp. 36-39.
[12] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. Explanation of the IPSec protocols, pp. 39-45.
[13] B. Gleeson et al., IP Based Virtual Private Networks, RFC 2764, February 2000.
[14] A. Nagarajan, Generic Requirements for Provider Provisioned Virtual Private Networks (PPVPN),RFC3809,
June 2004
[15] L. Andersson and T. Madsen, Provider Provisioned Virtual Private Network (VPN) Terminology, RFC4026,
March 2005
[16] E. Rosen & Y. Rekhter, BGP/MPLS VPNs, RFC 2547, March 1999.
[17] K. Muthukrishnan & A. Malis, A Core MPLS IP VPN Architecture, RFC 2918, September 2000.
[18] http://www.vpnc.org/vpn standard
[19] http://www.ietf.org
[20] E. Ramaraj and S. Karthikeyan, A New Type of Network Security Protocol Using Hybrid Encryption in Virtual
Private Networking, Journal of Computer Science 2 (9): 672-675, 2006, ISSN 1549-3636, 2006 Science
Publications.

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm
A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 7, July 2014 ISSN 2321-5992



Volume 2 Issue 7 July 2014 Page 50


AUTHOR
DR. P. RAJAMOHAN received his Bachelor of Science Degree in Physics later he obtained his Post
Graduate Diploma in Computer Applications (PGDCA), Master Degree in Computer Applications
(MCA) and PhD in Computer Science. His primary research interest in Virtual Private Network
Implementation for Efficient Data Communication and wireless Networks Communications. He is the
member of the Institution of Engineers (India), member of Associate in Cisco Certified Networks,
member of the International Association of Engineers (IAENG) and member of the Computer Science Teachers
Association, USA (CSTA). Dr. P. Rajamohan, over all his 20 years experiences in both academic and IT industry. He
is currently working as a Senior Lecturer in School of Information Technology, SEGi University, Malaysia.