What is a VPN Concentrator and How does it Work?

Updated on: 19 June 2019
Updated on:19 June 2019

The VPN Concentrator is a networking device acting like a router which allows multiple VPN tunnels to function independently and connect to the network. It’s built specifically for creating and managing VPN communication infrastructures.

Through the addition of advanced data packets, security protocols, and new algorithms, a router gets repurposed into the network device that manages large numbers of VPN tunnels (hundreds to thousands). This is what it’s good for:

  • Encryption and decryption of data
  • Establish and configure VPN tunnels
  • Authenticate users
  • Assign IP addresses to each individual user on the network
  • Ensure the end-to-end delivery of the data packets

Think of Cisco VPN concentrators which provide a high-performance output, they are very efficient and productive, and they have scalability through the so-called Scalable Encryption Processing (SEP) modules. These enable users to further increase the overall capacity and performance.

The concentrators are the core at the heart of every small business with 100 or fewer remote-access users connecting to the VPN network. But they are also essential to corporations and organizations with more than 10.000 users just as easily.

Remember how, back in the day, Windows NT 4.0 was the most used operating system of all server administrators, and the dial-up was the only internet connection available? In order to allow different users to remotely access the network, you had to use the RAS, or the Remote Access Service that Windows NT implemented.

Multiple dial-up modems were required in order to increase the magnitude the bandwidth and support more connections. Those were dark days.

Today, we have the VPN concentrators, each of them being capable of supporting thousands of users. The technological evolution is clear by now.

VPN Concentrator – how does it work?

Users from anywhere in the world access the internet. Then, their traffic gets redirected and reshaped by the VPN Concentrator Firewall. After the encryption process finishes, the data or requests are being sent to the business server.

When the traffic returns to your device, it is first sent to the VPN concentrator which encrypts it, then sends it down the rabbit hole, oh, I mean the encrypted tunnel. The tunnel is usually created instantly, when a request for it appears.

When you start up the software, it will automatically create a tunnel leading to the VPN concentrator, so that you can receive any data coming through it. Some software apps can be configured to be Always On. This means that anytime you start-up your device, it will always use an encrypted tunnel that leads to the corporate network via the VPN concentrator.

The thing is, there are too many small businesses out there that don’t take care of their networks. Hackers can invade them and plant malware or steal confidential data.

This is why the VPN concentrator was created, to provide security and encryption in these business settings. While you might want to use a remote desktop app as a home user, especially if you’re working with a dynamic IP, it’s not the same for business servers.

At the very least, they should have a VPN router working through the network. At present, this has become a synonym with VPN concentrator, because manufacturers are no longer producing standalone concentrators per se. Their functions are incorporated into multipurpose routers which also include a firewall.

The VPN concentrator is a specialized type of router with more advanced protocols and algorithms. There are still the normal routers that you mustn’t confuse with them.

VPN Concentrator vs VPN router

Choosing between a VPN concentrator or a VPN router capable of tunneling needs to happen in possession of the right know-how. Here it is – VPN routers vary depending on their underlying features, what kind of remote access you need, and what applications you’re going to use.

The top-notch VPN concentrators, on the other hand, are the type of device that’s used by medium-to-large corporations. They are industrial tools, not necessarily for individual home users. What’s more, they are also considerably more expensive than ordinary routers.

As such, when you want a small company to benefit from added security, you should acquire a VPN-capable router which acts as a gateway checkpoint for your server. It will be harder to set up and configure than the concentrator because you have to individually configure VPN clients on all remote devices in use.

A third option is a VPN appliance, which is more of a security multitool providing many advanced features.

VPN Concentrator vs Site-to-Site VPN

As I said, site-to-site VPN connections are entirely different from concentrators.

For example, if you just want to connect two or three sites together, then you should probably use Site-to-Site VPN options. These setups are specially created with fixed locations in mind, like your home office or places located in other cities. Their tunneling protocols offer access to the same database and systems.

However, when you’re in need of tunneling protocols to provide remote access from random locations, mobile devices, or to multiple users at once, then the VPN concentrator is your best bet.

VPN Concentrator vs IPSec encryption

VPN concentrators are generally run using either IPSec or SSL (Secure Socket Layer) encryption protocols, and they meant for web-based applications. The SSL VPN uses the TCP port 443, and because most browsers are also using SLL, this type of traffic matches the best with most networks. This can be customised with port forwarding.

This is why most SSL VPN clients are installed into the existing browsers or operating systems, which you access with credentials. You don’t need additional IPSec tunneling because the SSL VPN functions on the browser, sending data back to the concentrator through the encrypted tunnel.

Using SSL VPNs eliminated the need to manually configure each and every end-to-end device and client software. However, there are also some applications or software which only allow IPSec VPN connections if you want to access the OS remotely.

IPSec will require a separate client software to allow users to connect to the VPN tunnel. It has many more configuration potential when compared to the SSL-based VPN concentrators, in terms of local access and security levels.

However, you also have to put in much more work hours in order to properly set up an IPSec client software running on the network through a concentrator. This is why it’s best to resort to this configuration when connecting from fixed locations.

With mobile networks or traveling laptops, things get a little more complicated, because some connections points might completely block off IPSec traffic. This is the case with many Wi-Fi hotspots.

IPSec has two specialized modes of communication:

  • Transport mode – the data is encrypted. With the IPSec header and the IPSec trailer established on either side of the data, you use the original IP header in order to get the data to the remote site
  • Tunnel mode – both the IP header and the data are encrypted. There are still the IPSec header and the IPSec trailer set up around the data, but this time, a completely different IP header is brought forward at the front of the data packet. This way, anyone who intercepts the data will have no idea where it’s headed.

All in all, you should properly judge whether your business needs a site-to-site VPN, a VPN router, or a VPN concentrator. There are different solutions to secure your server with reliable encryption and protect them from any outside invasive attacks.

The VPN concentrator is just one of them, among the most sophisticated networking tools in the industry.

Written by: Bogdan Patru

Author, creative writer, and tech-geek. Bogdan has followed his passion for the digital world ever since he got his hands of his first pc. After years of accumulating knowledge and experience, the good Samaritan in him whispered him one day about the virtue of sharing that knowledge with those who needed it. It was 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Leave a Reply

Your email address will not be published. Required fields are marked *