Virtual private network (VPN) connections overview

With the Point-to-Point Tunneling Protocol (PPTP)or Layer Two Tunneling Protocol (L2TP), which are automatically installed on your computer, you can securely access resources on a network by connecting to a remote access server through the Internet or other network. The use of both private and public networks to create a network connection is called a virtual private network (VPN). The following table describes the advantages of using VPN connections.


Cost advantages

The Internet is used as a connection instead of a long distance telephone number or 1-800 service. Because an ISP maintains communications hardware such as modems and ISDN adapters, your network requires less hardware to purchase and manage.

Outsourcing dial-up networks

You can make a local call to the telephone company or Internet service provider (ISP), which then connects you to a remote access server and your corporate network. It is the telephone company or ISP that manages the modems and telephone lines required for dial-up access. Because the ISP supports complex communications hardware configurations, a network administrator is free to centrally manage user accounts at the remote access server.

Enhanced security

The connection over the Internet is encrypted and secure. New authentication and encryption protocols are enforced by the remote access server. Sensitive data is hidden from Internet users, but made securely accessible to appropriate users through a VPN.

Network protocol support

Because the most common network protocols (including TCP/IP and IPX) are supported, you can remotely run any application dependent upon these particular network protocols. The IPX/SPX protocol is not available on Windows XP 64-Bit Edition.

IP address security

Because the VPN is encrypted, the addresses you specify are protected, and the Internet only sees the external IP address. For organizations with nonconforming internal IP addresses, the repercussions of this are substantial, as no administrative costs are associated with having to change IP addresses for remote access via the Internet.

There are two ways to create a VPN connection: By dialing an ISP, or by connecting directly to the Internet, as shown in the following examples.

In the first example, the VPN connection first makes a call to an ISP. After the connection is established, the connection then makes another call to the remote access server that establishes the PPTP or L2TP tunnel. After authentication, you can access the corporate network, as shown in the following illustration.


In the second example, a user who is already connected to the Internet uses a VPN connection to dial the number for the remote access server. Examples of this type of user include a person whose computer is connected to a local area network, a cable modem user, or a subscriber of a service such as ADSL, where IP connectivity is established immediately after the user's computer is turned on. The PPTP or L2TP driver makes a tunnel through the Internet and connects to the PPTP-enabled or L2TP-enabled remote access server. After authentication, the user can access the corporate network, achieving the same functionality as the preceding example.



Connecting directly to the Internet means direct IP access without going through an ISP. (For example, some hotels allow you to use an Ethernet cable to connect to the Internet.)

If you have an active Winsock Proxy client, you cannot create a VPN. A Winsock Proxy client immediately redirects data to a configured proxy server before the data can be processed in the fashion required by a VPN. To establish a VPN, you should disable the Winsock Proxy client.

Related Topics

VPN administration

Make a virtual private network (VPN) connection

IP address security

VPN network protocol support

VPN enhanced security

VPN cost advantages

Layer Two Tunneling Protocol (L2TP)

Point-to-Point Tunneling Protocol (PPTP)

© 2016 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies