Chapter 9. Off-Net Access to the VPN | Selecting MPLS VPN Services

This chapter covers the following topics:

Remote Access to the Corporate Network via a Server that Is Separate from the Provider-Delivered VPN
Remote-Access Server Configuration Examples
L2TP Solutions that Identify the Different Components Owned and Managed by Both the Enterprise and Service Provider
Specific DSL and Cable Connectivity Considerations
Using IPsec for Remote Access, in Both the Roving User and Fixed-Site Off-Net Case
Operation of Cisco Dynamic Multipoint VPN
Considerations for Bandwidth Use by Encapsulating Multiservice Traffic in IPsec
Access to Internet Destinations from Within a VPN
Case Study Selections

This chapter's objectives are to define the options and technical implementations for the various types of off-net access required by enterprises for typical virtual private network (VPN) deployments. Off-net is defined as connectivity by users who are not directly connected to the provider VPN service via a private and permanent connection. This includes remote access for users who are part of the corporate VPN (via both unencrypted access and encrypted access with IPsec), access from and to the Internet, and extranet connectivity.

Several topics are covered in this chapter, as well as in Chapter 7, "Enterprise Security in an MPLS VPN Environment." IPsec and network security, for example, are often grouped. However, the split taken here places topics that relate to infrastructure security in Chapter 7 and topics that relate to security of packet payload in this chapter. This chapter details the various options you can select, from configuring separate remote-access servers to providing remote access as part of the provider-managed VPN service. Implementation considerations for IPsec and Internet traffic are detailed, along with the options selected for implementation as part of the ongoing Acme, Inc. case study.