Chris Lawrence is a journalist and chief editor at Wlan Labs. He has been writing about technology for more than ten years. He writes about everything ranging from privacy to open source software. His goal is to educate readers about important topics to help make their lives easier.
On more than one occasion, we’ve been asked what is a VPN Concentrator? VPN Concentrators are a necessary part of VPN design. VPN, or Virtual Private Networking, is a technology that creates an encrypted connection between two computers over the internet.
VPN’s have become popular due to their ability to access secure, private information from anywhere in the world with an Internet connection. VPN Concentrators help VPN administrators implement and support these connections without needing to purchase separate hardware for each one.
VPNs work by creating an encrypted tunnel between two endpoints that allow data transfers back and forth through the network. However, since VPNs run over traditional telephone lines and other insecure networks like the Internet, they require unique encryption protocols designed specifically for VPN use.
So Who Uses A VPN Concentrator?
VPN administrators use VPN Concentrators to create VPN tunnels for any number of servers and users. VPN Administration requires the installation of VPN client software on each computer that needs access to the VPN, as well as the installation of VPN Concentrator software on a separate device than the one used to manage the VPN system.
This allows VPN management without needing to purchase hardware for each connection. The VPN administrator can install VPN client software onto any number of computers, set up the appropriate tunneling protocols, configure administration over those connections, and do it all from one central location or console (the VPN Concentrator).
This also means there is no need for multiple CPUs or network cards in each server – which saves money and power!
Why Use A VPN Concentrator?
One VPN concentrator can support up to 500 connections, which is more than sufficient for most VPN installations. VPN Concentrators are placed between the server and its VPN clients so they can manage all of the VPN connections centrally.
Suppose the VPN administrator needs to change anything about a VPN connection. In that case, he or she makes the changes on one VPN Concentrator “console” (a physical device connected to each VPN client) rather than needing to make changes at multiple remote servers.
VPN Concentrators also allow administrators to configure advanced features like policy-based access control that let them limit what resources an end-user can access or how much time they spend using them (among other options). Since this security feature allows administrators to set these policies at an individual level – even limiting VPN access to a specific VPN client or VPN tunnel – VPN Concentrators make VPN administration much more efficient and secure.
What VPN Concentrator Should I Choose?
The VPN Concentrator you choose will depend on your needs. But for most users, the Cisco VPN concentrator is probably the best option. Cisco’s VPN concentrators are widely used worldwide due to their feature-rich capabilities and reliability. They also have an excellent pricing structure that allows small businesses to affordably implement VPN technology into their networks.
For smaller companies that don’t need all of the advanced features of a Cisco device, SonicWALL’s line of SecureLinx devices is a great VPN Concentrator option. SonicWALL offers VPN Concentrators with fewer features but a much lower price than their Cisco counterparts.
The most popular VPN concentrators
There are several VPN concentrator producers, much like virtual private networks. The cost of a VPN concentrator is determined by the number of VPN tunnels it can support and its workload capabilities.
Here are some of the most well-known brands:
- Cisco Meraki is a good example. Cisco produces VPN concentrators. Their concentrators are generally simple to install and suited for large businesses.
- ShoreTel provides VPN servers to allow you to create a secure IP phone network. You can use ShoreTel’s VPN concentrators to install remote IP telephony networks that protect IP phones.
- Aruba and HP are the only companies that rank first and second in both the Desktop/Laptop and Mobile categories. In addition, HP is one of the top providers of VPN concentrators. Their equipment is useful for connecting your business system to remote users.
Benefits: How Does VPN Concentration Help Protect My Network?
VPN concentration is a crucial element in the VPN environment. VPN concentrators provide key advantages over traditional remote access VPN protocols, including:
- Centralised VPN administration – Manage all of your VPNs from one location.
- Secure SSL encrypted connections – Secure IKEv2 and IPsec connections ensure only authorised users can gain access to important company data.
- Policy-based Access Control – Implement fine-grained security policies on an individual user or group basis; for example, you could allow certain employees to connect remotely but stop others from accessing sensitive information.
VPN Concentrators also offer several other security features, including:
- VPN auditing – VPN Concentrators keep a record of VPN events, including user logins and network topology change information. These records can be used as an audit trail for compliance requirements or to identify suspicious activity if required. VPN Concentrators also provide administrators with tools to cleanse VPN logs from any non-authenticated traffic.
- SSL VPN port forwarding – Allow access to internal company web servers from outside the corporate network using SSL VPN technology without compromising security; for example, access HR systems, file servers, etc.
- Multi-site interconnectivity – VPN concentrators support multiple nested VPN tunnels at each physical location (for example, you could run two separate VPNs, each VPN uses two VPN Concentrators, and the VPNs are connected with an IPsec VPN tunnel).
- Multi-tenancy – VPN concentrator can create separate VPN sessions for different users or groups within the same physical device. For example, you could use one VPN concentrator to connect remote offices in different countries but give each office its remote access to VPN tunnels.
VPN Concentrators vs VPN Routers
VPN Concentrators are similar to VPN routers in providing VPN access. VPN concentrators offer two advantages over VPN routers:
- Network design flexibility – VPN Concentrators allow you to use more complicated VPN network designs with multiple tunnels, etc., whereas VPN routers do not.
- SSL VPN options – VPN routers only support SSL VPN connections using the AnyConnect client; however, most VPN concentrators also support standard SSL VPN connections (using OpenVPN), allowing administrators to build a broader range of secure connectivity options into their environment.
Remote Access vs Site-to-Site Connectivity
VPN Concentrators are typically used as remote access devices instead of site-to-site connectivity devices. Remote-access VPNs allow employees who work from home or on the road to securely connect to a company VPN and access company resources such as file shares, intranet websites, etc.
Site-to-site VPNs allow multiple VPN tunnels between VPN Concentrators in different physical locations (e.g., branch offices) and form a VPN connection (or VPN tunnel) across the Internet.
VPN Concentrators vs IPsec Encryption
IPsec VPN Encryption Gateways (e.g., Cisco VPN 3000 Series Concentrators) are similar to VPN Concentrators in that they allow VPN tunnels to be established across the Internet.
The main difference between VPN concentrators and IPsec VPN encryption gateways is that VPN Concentrators do not perform any encryption or decryption themselves; instead, they simply pass encrypted data packets through an existing network connection (i.e., over the WAN).
However, VPN Concentrators offer some additional benefits beyond this:
- Centralised VPN administration – Manage all of your VPNs from one location.
- Secure SSL encrypted connections – Secure IKEv2 and IPsec connections ensure that only authorised users can access important company data. VPN Concentrators also provide SSL VPN (SSL VPN connections with the AnyConnect VPN client).
- VPN throughput – VPN Concentrators can handle large VPN tunnels. For example, Cisco VPN 5000 Series concentrator has two Gbps throughput per device and up to 8 GB of RAM providing ample performance for even the largest VPNs.
Users will need their IPsec-compatible client software to connect to the VPN tunnel. Compared to SSL-based VPN concentrators, it has greater local access and security flexibility.
However, correctly configuring IPsec client software running on the network through a concentrator is more complex and time-consuming than setting up an SSL-VPN concentrator.
Things get a lot more complicated when dealing with mobile networks or remote desktop access. Some connection points may completely ban IPsec traffic, as with many Wi-Fi hotspots.
The data is encrypted in transport mode. You use the original IP header to send the data to the remote site utilizing IPsec headers and trailers on either side.
In tunnel mode, both the IP header and the data are encrypted. An additional, unrelated IP header is used at the front of the data packet in tunnel mode, replacing the original IP header. Anyone who captures your information will be none the wiser as to where it’s going.
What Is A VPN Concentrator In Conclusion
You should first evaluate whether you need a site-to-site VPN, a VPN router, or a VPN concentrator to safeguard your company’s data. There are several options for protecting your networks and preventing any external attack.
The VPN concentrator is one of the solutions available, and it is one of the market’s most sophisticated security network devices.
The lower-cost concentrators manufactured by the major vendors only support one of these protocols, whereas the cheaper ones tend to just work with one.
It is necessary to determine your needs before selecting a VPN protocol. Some applications will not function with an SSL-VPN client. Furthermore, some SSL-VPN solutions may not enable centralized storage or access to shared.
IPsec-based VPNs provide the most options and are typically more secure than SSL-based VPNs. Furthermore, because the SSL-VPN concentrator will be simpler to set up and operate, there’ll be fewer chances of misconfiguration causing security vulnerabilities.
To learn more about how VPNs work, check out our what is a VPN guide, which gives you a broad overview and links to other detailed FAQs.