a vpn can be thought of as a secure tunnel passing through the internet, connecting two devices such as a pc or router, which form the two tunnel endpoints. at one endpoint, data is encapsulated and encrypted, then transmitted through the internet. at the far endpoint, the data is received, unencapsulated and decrypted. although the data may pass through several internet routers between the endpoints, the encapsulation and encryption forms a virtual “tunnel” for the data.

   

    the tunnel endpoint device, which encodes or decodes the data, can either be a pc running vpn client software or a vpn-enabled router or server. several software standards exist for vpn data encapsulation and encryption, such as pptp and ipsec. your fvm318 firewall uses both pptp and ipsec.

    to set up a vpn connection, you must configure each endpoint with specific identification and connection information describing the other endpoint. this set of configuration information defines a security association (sa) between the two points.