A VPN connection requires a VPN Server and a VPN Client — the server is the gatekeeper at one end of the tunnel, the client at the other. The main difference between the server and the client is that it’s the client that initiates the connection with the server. A VPN client can establish a connection with just one server at a time. However, a server can accept connections from many clients.
Typically, the VPN server is a separate hardware device, most often a security appliance such as a Cisco ASA security appliance. VPN servers can also be implemented in software. For example, Windows Server 2008 includes built-in VPN capabilities, though they are not easy to configure. And a VPN server can be implemented in Linux as well.
The following illustration shows one of the many VPN configuration screens for a Cisco ASA appliance. This screen provides the configuration details for an IPSec VPN connection. The most important item of information on this screen is the Pre-Shared Key, which is used to encrypt the data sent over the VPN. The client will need to provide the identical key in order to participate in the VPN.
A VPN client is usually software that runs on a client computer that wants to connect to the remote network. The VPN client software must be configured with the IP address of the VPN server as well as authentication information such as a username and the Pre-Shared Key that will be used to encrypt the data.
If the key used by the client doesn’t match the key used by the server, the VPN server will reject the connection request from the client.
The following illustration shows a typical VPN software client. When the client is configured with the correct connection information (which you can do by clicking the New button), you just click Connect. After a few moments, the VPN client will announce that the connection has been established and the VPN is connected.
A VPN client can also be a hardware device, like another security appliance. This is most common when the VPN is used to connect two networks at separate locations.
For example, suppose your company has an office in Pixley and a second office in Hootersville. Each office has its own network with servers and client computers. The easiest way to connect these offices with a VPN would be to put an identical security appliance at each location. Then, you could configure the security appliances to communicate with each other over a VPN.