Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Windows 2000 Virtual Private Networking (VPN)

Windows 2000 Virtual Private Networking (VPN)

4.6 9
by Thaddeus Fortenberry

Substantial interest in VPN has been created by concerns for privacy and data protection. You, the administrator must be aware of security concepts and network designs, and yet, customers require flexible network environments that will satisfy the needs of today's computer users. You must support laptop users, home LAN environments, complex branch offices, and more


Substantial interest in VPN has been created by concerns for privacy and data protection. You, the administrator must be aware of security concepts and network designs, and yet, customers require flexible network environments that will satisfy the needs of today's computer users. You must support laptop users, home LAN environments, complex branch offices, and more--all within a secure and effective network design. The way you implement VPNs in Windows 2000 is different than any other operating system. Windows 2000 Virtual Private Networking will cover all aspects of both the tunnel client. Microsoft is using PPTP, L2TP and IPSec all in this one product and the configuration of both tunnel and transport configuration can be very complex. This book covers what you, the network designer can do with this capability; new VPN features that can affect Active Directory replication; network address translation; Proxy and more will be covered in depth.

Editorial Reviews

Substantial interest in VPN has been created by concerns for privacy and data protection. However, VPNs implementation in Windows 2000 is different than any other operating system. Microsoft is using PPTP, L2TP and IPSec all in Windows 2000 Virtual Private Networking and the configuration of both tunnel and transport configuration can be very complex. Thaddeus Fortenberry's Windows 2000 Virtual Private Networking covers what the network designer can do with this increased capability, new VPN features that can affect Active Directory replication, and network address translation. 408 pp.

Product Details

Publication date:
Circle Series
Edition description:
New Edition
Product dimensions:
6.00(w) x 9.10(h) x 0.90(d)

Read an Excerpt

Chapter 1: What Is a Virtual Private Network?

In recent years, as more companies have come to require network connections to central offices, the need has grown for inexpensive, secure communications with remote users and offices. Although they're known to be reliable and secure, dedicated circuits and leased lines are not financially feasible for most companies. A Virtual Private Network (VPN) simulates a private network by utilizing the existing public network infrastructure, usually the Internet. The network is termed "virtual" because it uses a logical connection that is built on the physical connections. Client applications are unaware of the actual physical connection and route traffic securely across the Internet in much the same way traffic on a private network is securely routed. When the VPN is configured and initiated, applications will not be able to tell the difference between the virtual adapter and a physical adapter.

When a Virtual Private Network is properly set up, it combines public networks (such as the Internet), Frame Relay, and Asynchronous Transfer Mode (ATM) into a wide area network (WAN) that a dialup link treats as a private network. Once the VPN infrastructure is defined and configured, it provides seamless integration that enables the network to be viewed the same as a private network.

History of Virtual Private Networks

So how did VPNs get to where they are today? Until just a few years ago, VPNs were basically nonexistent. Recently, VPNs have experienced a lot of movement and development in a relatively short period of time as corporate demand to stay connected with users has increased.

A few vendors, such as IBM, Microsoft,and Cisco Systems, Inc., started developing tunneling technologies in the mid `90s. Although products such as IPX and SNA over IP tunneling were available several years ago, they were very specific to their environments and of limited use to the industry as a whole. The industry needed a tunnel solution that could be standardized for all types of traffic. Much of this push toward standardization was based on the acceptance and standardization of TCP/IP.

In 1996, several vendors realized the importance of VPNs, and many of these companies worked together to define tunneling protocols. These tunneling protocols facilitated two major VPN solutions: Point-to-Point Tunneling Protocol (PPTP), created by Microsoft, Ascend, 3Com, and US Robotics, and Layer 2 Forwarding (L2F), created by Cisco. Because both of these solutions are vendor-specific, proprietary protocol interoperability is limited to products from supporting vendors. PPTP and L2F are Open Systems Interconnection (OSI) Layer 2 tunneling protocols that were designed to transport Layer 3 protocols, such as Apple Talk, IP, and IPX, across the Internet. To do this, PPTP and L2F leveraged the existing Layer 2 PPP standard to transport different Layer 3 protocols across serial links. The Layer 3 packets were encapsulated into PPP frames and then encased in IP packets for transport across the IP-based network. Because neither protocol provides data encryption, authentication, or integrity functions that are critical to VPN privacy, these functions must be added as separate processes. PPTP is discussed in detail in Chapter 4, "Point-to-Point Tunneling Protocol (PPTP)".

Driven by the shortcomings of the existing tunneling protocols, in 1997 standardization and planning began to take place. This began with the introduction of Layer 2 Transport Protocol (L2TP) and Internet Protocol Security (IPSec) by the Internet Engineering Task Force (IETF). Because L2TP and IPSec are a multivendor effort, interoperability is not as much a problem as it was for their predecessors. Being a Layer 2 protocol, L2TP allowed for multiprotocol support over an IP-based network. This means that it was not restricted to a specific protocol but could be used to transport several different protocols. The L2TP specification has no built-in data security functions and requires IPSec for data security in transport mode. L2TP is covered in Chapter 7, "Layer 2 Tunneling Protocol (L2TP)."

Because tunneling technology had matured to a point that administrators were able to actually use it, the deployment of tunneling clients became more widespread. Additionally, Windows NT provided the administrator with basic network functions, such as auditing, accounting, and alarms, which allowed for easy implementation and monitoring.

In 1998, VPNs continued to mature with centralized user management, better network management, and enhanced authentication and encryption. Microsoft worked on the Windows NT 4.0 tunneling solution, updating the protocol and the security-related process. Many clients were updated to include tunnel client software for a more streamlined configuration.

1999 saw the introduction of effective VPNs with new features, such as a standards-based authentication model, an easier interface for server configuration, and additional client configuration tools. With the new authentication model, the smart cards that could be deployed for client access increased security and integration of VPNs into consumer devices. Therefore, VPN use by telecommuters became widespread, and corporate use of VPNs for branch office links increased. Windows 2000 has a mature VPN option that provides the necessary features for a secure and manageable tunneling solution that is dramatically less expensive than a hardware solution and/or leased lines. Microsoft has fully committed to implementing VPN technologies in Windows 2000 because they predict that VPNs will be an important element in corporate networks in the near future. Windows 2000 not only comes with built-in support for IPSec, L2TP, and PPTP, but also delivers a full suite of securityrelated services ranging from full Remote Authentication Dial-In User Service (RADIUS) support to the Extensible Authentication Protocol (EAP). Windows 2000 VPN services are discussed in more detail in Chapter 3, "VPN Features in Windows 2000."

How a Virtual Private Network Works

As stated previously, a Virtual Private Network is essentially a "private tunnel" over a public infrastructure. To emulate a private network link, the VPN encapsulates data with a header that provides routing information, which enables the data to travel the public network (normally the Internet) from the source to the destination. To emulate a private link, the VPN encrypts the encapsulated data being sent for confidentiality, authenticity, and guaranteed integrity. Packets that are intercepted on the public network are unreadable without the encryption keys. A link in which the data is encapsulated and encrypted is known as a VPN, or tunnel, connection.

VPNs can be maintained by a variety of devices. It is now possible to have a Windows 2000 server connect to a router with an encrypted tunnel, or another Windows 2000 device, or a firewall, or anything that uses the standard protocols and support that encryption mechanizes...

Meet the Author

Thaddeus Fortenberry, MCSE, MCT is a leading expert in Virtual Private Networking and the Windows platform. As Compaq's Program Manager of Virtual Private Networks, he designs the global specifications for tunneling and deploying tunnel servers. He has been working with Windows NT since its initial release, and he worked in a support role specializing in VPNs and networking for the Windows 2000 Rapid Deployment Program participants at Microsoft. Thaddeus also assisted in administering and deploying Compaq's Qtest Active Directory¿the second largest pre-release deployment of Windows 2000 Active Directory. In addition, he was the key architect of the HappyVPN test network¿a deployment of Active Directory over a distributed network based entirely on VPN links using Windows 2000 tunneling technologies.

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews

Windows 2000 Virtual Private Networking 4.7 out of 5 based on 0 ratings. 9 reviews.
Guest More than 1 year ago
We are a small company that is deploying Windows 2000 as our VPN solution and had been having problems understanding all of the issues with the deployment. This book puts it all together and explains the whole picture of how the deployment should work. I particularly found the chapter of Proxy and NAT information helpful. I have NEVER seen a book the explains all of the issues and basic differences between different types of connection sharing devices. Also, the book covers about 20 different designs of how you can put together your network with both the tunnel server and the home LANs (a lot of my users have home LANs). It is neat how Thaddeus did not try to tell the reader how they should do it, but rather lists the advantages and disadvantages of each. I cannot recommend this book enough! Thank you.
Guest More than 1 year ago
In have found the book to be an interesting mix of theory and practical how to. It is focused on helping the implementer of VPN's, it cover the basics, the analysis, the policies but most of the book is step by step howto. Good work.
Guest More than 1 year ago
This book you must have if you are new in the field of Virtual Private Networking. Book is also recommended for administrators or even designer who are intending to deploy VPN's in Win2k. You can read how to implement your VPN solution step by step. The book includes lots of screen shots of Win2k setup screens and also good - detailed description.
Guest More than 1 year ago
Once you struggled through the VPN theory, this book can be a great help in configuring your VPN using Win2K. This book distinguishes itself from most of the works I read on VPN, because it also describes HOW to configure your VPN with Win2K. This is the work you want on your shelf next to the RFC's. A recommendation!
Guest More than 1 year ago
If you're searching for a book on VPN technologies within the Windows 2000 environment, this book is a must read. The author did a great job explaining real-world approaches to implementing VPNs under different business needs and requirements. I found the book easy to read and well structured, with each chapters devoting in-depth discussions to different aspects of VPN.
Guest More than 1 year ago
I reviewed this book before it went to press and thought it was excellent. I received a copy of the finished book and have already used it on many occasions to help configure Windows 2000 VPNs. This book is not for those looking to learn about VPN technologies, but for those looking to implement VPN services on Windows 2000. It provides detailed step-by-step configuration instructions and I highly recommend it.
Guest More than 1 year ago
I gave Fortenberry's Win2000 VPN book 4 Stars because I may not be smart enough to recognize a 5 Star book; however, it is a very good book. I am an engineer with a startup involved in Internet security. This book covered many areas of interest involving both Win2000 specifics and general VPN information. We successfully found answers to questions regarding IPSec Drivers and the TCP/IP Stack, NAT limitations, and network design. The book will certainly be on my desk as a valuable reference.
Guest More than 1 year ago
This book is a must read for anyone who needs to have a basic understanding of VPNs and a must keep for any administrator or designer intending to implement VPNs in Windows 2000. There is enough information to guide you through a full analysis, from security risks to alternative solutions, and all the way to obtaining a cost-effective solution.
Guest More than 1 year ago
Great book. Chocked full of useful VPN information. A real page turner!