September 29, 2011, 3:12 PM — There comes a time in most businesses when circumstances dictate that one or more users work from home either full- or part-time. In other cases, it may simply be convenient for business owners and employees to be able to use company resources from home or (unfortunately) while on vacation.
The best way to provide such remote access is with a VPN (Virtual Private Network). A VPN enables a computer that is located outside the corporate network to connect to that network as if it were inside the building, allowing access to internal resources such as file shares, applications, and printers. Some types of VPN require the outside PC to use a client to access the network, while other VPNs use SSL (Secure Sockets Layer) and can function without the need for a client to be installed. And some VPN setups can provide both of these connection methods.
In very small operations, such as an office where only a single person needs to connect to a single company computer from home, a full VPN may not be necessary. Instead, a remote desktop access app like GoToMyPC or LogMeIn can connect the off-site user to one company computer. If business needs require multiple remote connections, however, using a full VPN may be a better idea.
An IPSec VPN provides secure remote access through a client application on the remote system and a VPN terminator that resides on the company network. In many cases, the VPN termination device is also the firewall that protects the corporate network from the Internet, but it can also be a stand-alone device. This device is configured to allow VPN connections that meet certain security criteria, such as a group name and password (also known as a "Shared Secret"). If the client is not configured to exactly match the VPN device settings, it won't connect.
If a client does match the settings specified by the VPN device, then the client can successfully make the initial connection, but it still must authenticate itself to the network before it can access anything. This is generally a username and password that is configured on the VPN device itself, or on the network with Microsoft Active Directory. In either case, IPSec VPNs require two forms of authentication before a remote system is permitted to access the corporate network. And in most cases, the remote client VPN settings can be distributed through a specific file that can be imported into the client. Following that, the user can connect to the VPN and type their username and password to gain access.