In the real world, we often meet the company's branch offices to visit the company's headquarters or outside the business trip to the company intranet, this time need to be in the branch office or external staff and corporate headquarters to build a dedicated network. Traditional network interconnection schemes have the disadvantages of high cost, poor security and not easy to extend network. At this time, a VPN (virtual private network Network) network interconnection scheme is used.
With the traditional network mutual continued proportion VPN has many differences, first of all, the VPN is a public IP network (the most common is the Internet), all branches need to connect to the Internet, so a dozen need a very short network on the line. But even with the Internet, branch offices and corporate headquarters cannot communicate, because inside the company are private addresses. As the figure shows, we need to do a VPN tunnel, so that we can communicate with the branch office and corporate headquarters.
VPN Benefits: Security (most tunneling protocols support encryption), cheap, and easy to scale
Disadvantage: Large delay
Devices that can implement a VPN:
Firewall (preferred)
Routers (Weak protection)
Host OS (Windows----Routing and Remote Access Linux----IPSec, ISA)
Here we use the host of Windows Server 2003 to implement this VPN network interconnect. This experimental environment is implemented in virtual machines, which requires four machines, respectively, to simulate users, simulate the Internet, frame VPN devices and simulate intranet. We chose four Windows Server 2003 hosts, and each of the VPN and router architectures added a single NIC to them.
As shown in the figure:
The network is divided into three regions, namely VM1, VM2 and VM3, and the address planning is VM1, vm2 in the network segment of 61.130.130.0
1, respectively, the user's network card and routing device to join the first network card to the Vmnet1 area, the routing device of the second network card and VPN device to join the first network card to the Vmnet2 area, and the second VPN Device network card and the company intranet of a PC network card to join the Vmnet3 region.
2. Configure IP addresses for user PCs and router, respectively
(PC's IP address)