Remote-access VPNs
Where a site-to-site VPN is used to connect entire networks, a remote-access VPN supports the needs of telecommuters, mobile users, and extranet, consumer-to-business traffic. A remote-access VPN is created when VPN information is not statically set up, but instead allows for dynamically changing information, and can be enabled and disabled. Remote-access VPNs support a client/server architecture, where the VPN client (remote host) gains secure access to the enterprise network via a VPN server device at the network edge.
Remote-access VPNs are used to connect individual hosts that must access their company network securely over the Internet. Internet connectivity used by telecommuters is typically a broadband, DSL, wireless, or cable connection, as indicated in the figure.
VPN client software may need to be installed on the mobile user’s end device; for example, each host may have Cisco AnyConnect Secure Mobility Client software installed. When the host tries to send any traffic, the Cisco AnyConnect VPN Client software encapsulates and encrypts this traffic. The encrypted data is then sent over the Internet to the VPN gateway at the edge of the target network. Upon receipt, the VPN gateway behaves as it does for site-to-site VPNs.
Note: The Cisco AnyConnect Secure Mobility Client software builds on prior Cisco AnyConnect VPN Client and Cisco VPN Client offerings to improve the always-on VPN experience across more laptop and smart phone-based mobile devices. This client supports IPv6.