What Dedicated Hardware Device Aggregates Hundreds or Thousands of VPN Connections?
What Dedicated Hardware Device Aggregates Hundreds or Thousands of VPN Connections?
5 (100%) 3 vote[s]
VPN is an encrypted connection between private networks through public networks. VPN is mainly used to solve the needs of remote access. So far, VPN is the most common remote access solution used. For this reason, manufacturers specially design VPN concentrators to help enterprises realize VPN deployment.

The whole system of VPN does not rely just on a concentrator. It performs the function of aggregation of multiple VPN connections but this device is a part of the system. VPN concentrators still keep becoming better to operate more efficiently and to match modern network ways of operation.

VPN Concentrator

A remote-access VPN consists of a VPN concentrator, which terminates the virtual remote access connections, and software clients that are installed on the remote computers in order to establish the connections.

The clients can connect to a service provider using any transmission technology. Whether you use modems, ISDN, DSL, or cable modems only depends on the access technology offered by the local service providers in the respective regions. The customer no longer needs to have central equipment ready to terminate these connections; this is done by the service providers. The customer only terminates so-called tunnels that are set up by the provider to the VPN concentrator. An increasing number of users has become a problem for ISPs, who on the other hand also have a vital interest in ensuring that enough ports are available. Because if you cannot dial into a service provider, you will not generate any turnover.

When using VPN technology, in which the virtual connections are initiated on the client, you are completely independent of the Internet service provider. You can change it at any time or use several ISPs at the same time without any problems. Because the service provider is then no longer involved in the functioning of the VPN, it only terminates telephone calls and fixed connections and transmits IP packets between end devices and VPN concentrators.

VPN and Firewall Centralized Security Management Platform

With the enhancement of network security awareness and the vigorous development of security technology, more and more governments and enterprises have begun to deploy various security systems, such as firewalls, intrusion detection, VPN and vulnerability scanning System, etc.

Security products are in separate lines, and even devices from the same manufacturer cannot achieve centralized and unified management, causing many hidden security risks caused by insufficient network management methods. Users increasingly need a comprehensive management system to manage multiple security products to form a comprehensive network security system, centralized deployment, and unified monitoring. Therefore, the safety management platform came into being.

Compared with other network products, VPN products have a very significant feature, that is, the deployment of VPN products in applications must be cross-regional and distributed.

IPsec VPN vs. SSL VPN

In the early days, when you wanted to establish a secure channel between the company’s internal network and the outside world, only IPsecVPN was the only option. However, due to the different equipment and connection specifications of each device, a very high degree of sealing was often caused. When connecting to different devices, Different connection software is required, which is troublesome and easy to cause configuration troubles. Although IPsec VPN can provide good security, it is quite inconvenient.

When SSL VPN gradually became a mature technology, many people began to explore whether SSL VPN could completely replace IPsec VPN as a new secure connection method for enterprises. Although in most daily use, SSL VPN can indeed obtain better mobility and flexibility than IPsec VPN, but for overall enterprise applications, IPsec VPN still has its irreplaceable advantages.

With the continuous expansion of the scale of the enterprise, it is necessary to extend the base, but only relying on the Internet to transmit information. The convenience and security of transmission are also reduced, and many internal dedicated application services cannot be used.

When there are more than two bases, the dedicated line is used to connect the two ends by the physical circuit layer, which has excellent security and can effectively avoid external intrusions, but it cannot provide individual Internet connections to obtain a better information transmission function.

Although the use of dedicated lines has a high degree of security and speed, the construction and maintenance costs required are quite high. Except for institutions that require high-security connections, such as financial institutions and military police systems, almost no one uses them.

Service Areas

The service areas of SSL VPN and IPsec VPN are different. The client uses a browser to connect to the SSL VPN and establishes a secure connection channel between the two ends through the HTTPS protocol. Therefore, the SSL VPN device must have the function of a Web server, and the relationship with the client is Server- The to-Client connection relationship can effectively support the one-to-many mode, but the support is poor in the many-to-many situation, and it is not suitable for the Site-to-Site environment.

Although some devices can build a Site-to-Site environment through a build method similar to IPsec VPN, there are inherent limitations in their use and poor transmission performance.

For the client, when using an IPsec VPN connection, a dedicated connection software or dial-up program must be used. The settings are more complicated, and in different connection environments, there will often be unreachable or unstable Situations, especially for mobile users who use dial-up networks.

When using an SSL VPN connection, the mobile client only needs to access resources and programs on the internal network through a browser. That supports the SSL encryption protocol, which can effectively break through the firewall, NAT, and even Proxy Cache and other network security devices.

The connection is limited, and it can support multiple devices such as PDA, GPRS mobile phone, kiosk, and even public computers. It is quite flexible in use. As long as there is an Internet connection environment, mobile users do not need to match dedicated software and hardware. It can also be safely connected back to the corporate intranet.

Free Access vs. Permission Control

IPsec VPN can provide users with free access to all shared resources on the internal network after the client is connected. Except for the policy control set by the original internal network, there is no way to give different permissions based on whether the client computer is internal or external.

For IPsec VPN, all client networks, whether internal or external, are trusted. If the user accidentally allows the infected computer to connect to the internal network through IPsec VPN, as long as the internal network is not properly established. The security protection will cause the danger of viruses.

Compared with IPsec VPN, the default concept of SSL VPN is that all client computers are not managed by corporate security policies and should not be trusted. Therefore, the authority control of SSL VPN does not completely inherit the permissions set in the corporate intranet.

Although it can support the SSO (Single Sign-On) function, the SSL VPN must also grant special permissions to the connection based on the user account or group, so as to control the applications and services that can be used and avoid remote users Unintentionally read resources that are only used by the internal network or endanger the internal network security. The larger the group, the use of IPsec VPN, the longer the distance, the use of SSL VPN.


Hello! I'm John Brown, and I'm an expert in Internet security. I'm working as a cybersecurity specialist in an IT product company. I want to help you to use a safer network using VPN. That's why I started this blog.

Related Posts

Which VPN Protocol Typically Employs IPSec?

Which VPN Protocol Typically Employs IPSec?

Do you know what electricity is? In school, we learned the definition: "This is a flow of charged particles." Enough to satisfy curiosity and turn the light on and off without wondering what actually makes the light bulb glow. If someone wants to understand the nature of electricity deeper, then the first thing he surprisingly…

What is a VPN Concentrator?

What is a VPN Concentrator?

If we use Occam's razor and, instead of spawning entities unnecessarily, focus on the essentials, we can say that Edward Snowden and the worldwide quarantine have suddenly and forever changed our understanding of Internet safety rules. Snowden healed us from the illusion that ordinary people have nothing to fear from surveillance by the special services,…

Which VPN Topology is Also Known as a Hub-and-Spoke Configuration?

Which VPN Topology is Also Known as a Hub-and-Spoke Configuration?

First, we will start with defining what is a virtual private network (VPN). VPN providers claim that the use of VPN will guarantee their customers anonymity and protect their data. However, VPN does not give you 100% protection. For example, when you download compromising files. VPN protects the data of the customers by masking their…

IPv4 vs IPv6: What’s the Difference?

IPv4 vs IPv6: What's the Difference?

The Internet is constantly changing. As many know, it's the IP protocol that makes the entire web work, and right now, we're in the midst of a major shift: IPv6 is replacing iPv4. The IPv6 standard was completed back in 1998, so the change is hardly being made at a gallop. But do we really…

Leave A Comment

Your email address will not be published. Required fields are marked *