A VPN consists of four main components

A VPN consists of four main components: 1) a VPN client, 2) a Network Access Server (NAS), 3) a tunnel terminating device or VPN server, 4) a VPN protocol. In a typical access VPN connection, a remote user (or VPN client) initiates a PPP connection with the ISP's NAS via the public switched telephone network (PSTN) [10,11]. An NAS is a device that terminates dial-up calls over analog (basic telephone service) or digital (ISDN) circuits [8]. The NAS is owned  by the ISP, and is usually implemented in the ISP's POP. After the user has been authenticated by the appropriate authentication method, the NAS directs the packet  to the tunnel that connects both the NAS and the VPN server. The VPN server may reside in the ISP's POP or at the corporate site, depend- ing on the VPN model that is implemented. The VPN server recovers the packet from the tunnel, unwraps it, and delivers it to the corporate network. Figure 2 illustrates VPN architecture. There are four tunneling protocols used to establish VPNs, and three are extensions of the Point-to-Point Protocol (PPP) [5,6,10,11]: 1) Point-to-Point Tunneling Protocol (PPTP). 2) Layer 2 Forwarding (L2F). 3) Layer 2 Tunneling Protocol (L2TP). 4) IP Security (IPSec) Protocol Suite. In this Section we will discuss IPSec with some details because IPSec can work with IP4 and IP6. IPSec provides cryptography-based protection of all data at the IP layer of the communications stack. It provides secure communications transparently, with no changes required to existing applications [12,13]. IPSec protects network traffic data in three ways [12, 13]: 1) Authentication: The process by which the identity of a host or end point is verified. 2) Integrity checking: The process of ensuring that no modifications were made to the data while in-transit across the network. 3) Encryption: The process of "hiding" information while intransit across the network in order to ensure privacy.