167Using the BayStack Instant Internet Management Software Version 7.11Chapter 6IP security and VPNThis chapter explains how to configure IP security to use the Instant Internet unitand a Contivity Extranet Switch (CES) or two Instant Internet units in a virtualprivate network (VPN).Understanding virtual private networkingInstant Internet includes IP security (IPsec) virtual private networking (VPN)capabilities designed to establish a tunnel with a Contivity Extranet Switch (CES),another Instant Internet unit at different location, or other IPsec-compliantdevices. A VPN is a special type of connection that permits remote users or LANsto communicate with another LAN over a public network, such as the Internet.When you set up a VPN, you are essentially using a public network as your ownprivate, secure network. When users connect through the VPN, you incur only thelocal toll charges to your ISP.To create a VPN, a special connection, called a “tunnel,” is first establishedbetween the two sites. Tunnels allow private IP traffic to flow across the Internet,including NetBIOS information (for Windows networking) encapsulated withinIP packets. Through the tunnel, all IP-based resources and applications on theremote LAN become available to the local site.