Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients

The needs for remote access in today's enterprise networks require a cost effective method for securely connecting to company resources via the Internet. IPSec is one of the best methods of creating an encrypted, authenticated tunnel to these resources, but at the same time, the current IPSec standards do not specify a method of providing clients an internal IP configuration nor a method for authenticating more than the computer that the user is currently using for the connection. This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same. Other proprietary features are discussed in this paper, such as IPSec NAT traversal, client firewall inclusion, and user authentication via the ISAKMP tunnel.