Designing and Deploying IPsec Remote Access and Teleworker VPNs

IPsec remote access VPNs enable teleworkers and other remote access users to access resources at a central site and experience a similar level of functionality that they would experience if they were physically present at that central site.

Figure 9-1 illustrates IPsec remote access VPNs.

Figure 9-1. IPsec Remote Access VPNs

IPsec remote access VPNs can be deployed in two ways:

• With software clients "Road warriors" and other remote access VPN users establish a VPN connection directly from their laptops, workstations, or other devices to the VPN gateway at the central site.
• With hardware clients Telecommuters or users at a small remote site use a router or other hardware to establish a VPN connection to the VPN gateway at the central site. Telecommuter devices such as PCs make use of the VPN connection from the hardware client to access resources at the central site.

It is worth noting that an IPsec remote access VPN deployment can make use of both software and hardware clients to establish VPN connections, depending on the particular requirements of remote access users.

This chapter discusses the design and configuration of IPsec remote access VPNs using both software and hardware clients.

Note

If you do not already have a good understanding of the operation of IPsec, it may be a good idea to read Chapter 6, "Deploying Site-to-Site IPsec VPNs," prior to reading this chapter.