A VPN has the appearance and many of the advantages of a dedicated link but occurs over a shared   
network, using a technique called tunnelling. Data packets are transmitted across a public routed network, 
most commonly the Internet, in a secure tunnel that simulates a point-to-point connection as if it were a 
leased line.

This enables network traffic from many sources to travel via separate tunnels across the same infrastructure. It allows network protocols to traverse incompatible infrastructures. It also enables traffic from many sources to be differentiated, so that it can be directed to specific destinations and receive specific Quality of Service levels.

Tunnel initiation and termination can be performed by a variety of network devices and software, Cisco 
provide a VPN capability in their IOS router software.

For some applications it is more suitable to deploy a solution where the tunnel is started, for example, by 
a VPN client located on the end user's PC. The connection is then be initiated by a conventional analogue 
modem or through an ISDN line. Many vendors offer some capability, the best solution must be evaluated 
for specific needs.  

In addition, there will usually be one or more security servers. Along with the conventional application of 
firewalls and address translation if required, VPNs can provide for data encryption, authentication, and 
authorisation. Tunnelling devices can perform these functions by communicating with security servers.   

VPN capabilities can be added to existing networking equipment through a software or equipment upgrade. 
Once installed, the capability can be used for multiple VPN applications, each delivering security, 
performance, management control, bringing substantial cost and revenue benefits.