Product specifications
Chapter 6: Connection Management Efficient Networks
®
Router family
Command Line Interface Guide
Page 6-52 Efficient Networks
®
Workstation Client to LAN Server
Tunneling from a Workstation to a Server on the Enterprise LAN
This is a common approach to VPN. The workstations at the remote offices or homes
have special software installed that allows them to connect to the tunnel server on the
Corporate LAN. The connection is transparent to the Internet and each workstation is
authenticated and managed independently on its own tunnel. Each workstation can
have a different means of accessing the Internet (modem, LAN router, etc).
Types of VPNs used
Typically, only tunneling VPN solutions are used in this environment. It is used when
there are a lot of mobile users who need to connect to the corporate office. All they
need to do is have access to the Internet, and the software on the workstation will be
able to connect to the Corporate LAN.
Advantages
Mobile access: Accessing the Corporate network is as simple as finding a phone to
plug into and dialing the Internet. The user is not limited to any particular ISP or
modem technology, but the workstation must have the tunnel client software installed
and configured.
Do it yourself: This type of VPN can be installed and configured quickly. Then it can
be easily added to when new users come online.
Disadvantages
Software must be installed on each workstation: Each workstation that accesses the
Corporate LAN through VPN needs to have the tunneling software installed and
configured on it. This can be a problem if the client software is not available for all
operating systems. This can also be a problem if the workstation gets lost or stolen --
the thief can access the Corporate LAN.
Large number of tunnels to service: Since each workstation is its own tunnel, this can
create a high volume of tunnels for the Corporate tunnel server to manage. It can also
add to LAN traffic if LAN-based workstations are tunneling over the LAN on the way to
the Corporate network.
LAN client to LAN server
Tunneling from LAN/WAN edge to LAN/WAN edge at Enterprise
Creating tunnels at the edge of a LAN, just before data leaves the trusted network, is
a practical approach when the whole LAN needs to gain access to another LAN that is
also attached to the Internet. This approach is ideal for small offices and
telecommuters that do not require mobile access to the Corporate network.