Lots of us know and love leading VPN vendors for their ability to stream geo-blocked content while keeping us hidden. However, that’s not all a VPN can do. Initially, a VPN was a technology to bring together remote corporate workplaces. Furthermore, businesses around the globe have adopted VPNs as the go-to solution for networking and remote access. Although what they did implement was the older version or, as we know it, the site-to-site VPN.
However, over time, providers developed VPNs for individual use. But how? Consumer VPNs run on the corporate implementation of the same tech, namely, remote access VPNs. A remote access VPN is the same as any other VPN, but with a minute difference. Instead of creating a “permanent network” with remote LANs (Local Area Networks), it establishes a temporary connection. Doing so decreases the load on the network and helps with management and better remote access. How so? You’ll find out!
Definition of remote access VPN
A remote access VPN creates a secure connection between a company’s central network and the remote workforce. However, this connection is temporary, unlike a site-to-site VPN. That is why remote access VPNs are more popular. They are easier to establish, cheaper, and have further scalability from their counterparts. Remote access is the tech that has allowed VPNs to go mainstream.
Your favorite consumer VPN vendors, many of which we reviewed, rely on this implementation to provide VPN services. The tech uses tunnels to establish a connection between VPN clients and VPN servers in a network to facilitate the exchange of resources. Although, there are a few other considerations in the corporate space. Two examples are VPN gateways and a NAS (Network Attached Storage) to implement the resource exchange.
Remote VPNs establish tunnels over a public network like the internet and connect employee user-end devices to the company NAS. Furthermore, this tunnel and the data traveling through it are under protection due to encryption and security protocols.
A company often relies on the remote access VPN when it has an individual workforce to consider and not a physical location. Although, a Remote VPN can also be feasible for traditional implementations. All the business needs to establish a successful connection is a VPN client and NAS. Since the process is cheap and offers outstanding mobility, it is easier to scale the network as the company deems fit by utilizing, for example, VPN concentrators.
There are several ways to create a remote access VPN by using different VPN protocols. Corporates can use either the IPsec suite of protocols to enhance security or SSL to provide mobility. Thus, a Remote VPN can be of two types: an IPsec VPN or an SSL VPN. We’ll cover both further down in this article. Before we do that, it’s a great idea to check our piece on plenty of advantages and disadvantages of VPN for remote access.
How does Remote Access VPN work?
A remote access VPN tends to work in the same way as any other VPNs out there. To elaborate, it uses the security protocols to establish a tunnel to encrypt data traffic between the client and the server it connects. However, the whole tunneling is a temporary process devoid of physical assistance. It can allow an offsite employee to access the central NAS and exchange resources.
Typically, remote VPNs are more suitable for a large and roaming user base. Although, by roaming, we mean mobile devices. Thus, remote VPNs allow a diverse user base to connect to a central authority via any network. Here is what the process looks like:
- The VPN client on the user end device recognizes the “interested traffic.”
- It initiates the tunneling process with a remote gateway according to the protocols in place.
- Then the traffic undergoes encryption in the tunnel and moves forward to the gateway.
- The gateway then receives the traffic and decrypts it before sending it to the NAS.
- The NAS authenticates the user according to the credentials and allows access to resources.
- Then it sends back the response, which the remote gateway encrypts.
- Lastly, the VPN client receives this response, decrypts it, and presents it to the user.
Types of remote access VPNs
Based on the protocols employed, there are two kinds of remote access VPNs:
1. IPsec (Internet Protocol Security) VPN
IPsec is a suite of protocols that uses different key-exchange techniques to authenticate and facilitate a secure communications channel over any network. It is more traditional, and both remote and site-to-site access VPNs use it. IPsec VPN has superior security compared to its SSL counterpart and offers a varying degree of authentication. However, it is costly to implement IPsec compared to SSL because client software must be present. Furthermore, it runs at layer 3 of the OSI model and supports UDP and TCP both.
2. SSL (Secure Socket Layer) VPN
SSL, on the other hand, offers improved mobility to corporations using a VPN. It is much easier to scale and doesn’t require exclusive client software. SSL VPN utilizes a web browser to initiate a VPN connection. Thus, it forgoes the use of a client. However, it requires multiple levels of authentication, though it is much faster than IPsec VPNs. Also, SSL VPNs are exclusive to the remote access scenario. They are often temporary and cheaper due to the absence of client software. However, they pay the price in terms of security. SSL VPN operates at layer 6 of the OSI model, and it incorporates the use of TCP.
Common Use Cases for Remote Access VPNs
| Use Case | Description |
|---|---|
| Remote Workforce | Employees can securely access company resources and work remotely from any location. |
| Telecommuting | Allowing employees who work from home or other off-site locations on a regular basis to access the company resources. |
| Contractors and Vendors | Temporary workers, contractors, and vendors can be given access specific resources as needed. |
| Branch Office Connectivity | Connecting remote branch offices to the central network securely and efficiently. |
| Mobile Access | Secure access to company resources for employees working on mobile devices with possible threats. |
| Collaborative Projects | Collaborate with others and share files securely without any limitations of a regular VPN. |
| Data Protection and Compliance | Ensures sensitive data remains secure and compliant with regulations during remote access. |
| Disaster Recovery and Business | Helps to provide remote access to critical systems and data in the event of an outage. |
| Client Support and Troubleshooting | Enabling IT teams to remotely access and troubleshoot employee devices and systems. |
Is it better than site-to-site VPN?
The ongoing debate in the VPN industry regarding better implementation isn’t ending soon. However, the recent pandemic has shown us that remote access VPNs are better than site-to-site VPNs. Why? Because there is a low entry and management cost. Superior speed, better mobility, and future scalability are among other reasons.
However, I believe a company can utilize both if the situation permits. An S2S VPN is optimal for a business with fixed branches. A remote VPN can handle the individual workforce with ease. They both have their merits and demerits. But a remote VPN can do what s S2S can never comply with.
Should we look beyond VPN for remote access?
Although VPNs aren’t dead, newer yet far more efficient tech is already available in the market, ready to dethrone VPNs. One such example is the integration of the cloud in businesses. Using a cloud VPN, corporates don’t need a remote server to access resources.
Also, VPNs tend to disconnect, which represents glaring security issues for the business as they lose visibility and control over user traffic. Therefore, many IT professionals think that the days of network-centric security are now history. Etched below are a couple of facts that can knell the death toll for the VPN era:
- VPNs are at risk of human error
- VPNs are an external security solution and not an internal one
- They provide a compromised end-user experience
- There is always a chance of a DDoS (Distributed Denial of service) attack
- VPNs grant network-level access
- There is no application segmentation
- They can’t track app-related activity