In the next release of BorderManager, the virtual private network (VPN) component will include new client software, which will enable remote users to initiate secure VPN tunnels to the corporate office. Remote users will first dial into the local Internet service provider's (ISP's) point-of-presence (POP) on the Internet, and will then authenticate and attach to the corporate network. At this point, the users will feel right at home, just as if they were using their own workstation at the corporate office.
The client software, which was being tested at the time this article was written, was designed with ease-of-installation in mind. Once the software is installed, users will need only to establish a dial-up Point-to-Point Protocol (PPP) connection with the lo-cal ISP POP. Once users have logged in to and connected to the ISP, the client VPN will launch a login executable. A dialog box will then appear, prompting the users to enter a username and password.
After users enter their username and password, the BorderManager VPN client software negotiates with the BorderManager server at the corporate network. During this negotiation, the client software and the BorderManager server will exchange Diffie-Hellman keys using the IP Security (IPSec) and Simple Key Management for Internet Protocol (SKIP) standards, create a shared secret, and establish a secure tunnel across the Internet.
At this time, the BorderManager server will also enable users to choose whether they want all packets encrypted or just packets bound to particular addresses. For example, a user could specify that he or she wanted only those packets going to the corporate intranet to be encrypted but that all other packets remain unencrypted.