A remote access VPN allows a VPN tunnel to be established between a remote user and a VPN server. For example, a remote access VPN allows a remote user to access the company network from home.

Conceptually, site-to-site VPN and remote access VPN are similar in that they both use a tunnel to make the two endpoints appear to be on the same network. The solutions vary in the way that the tunnel is established.

The following figure shows the general remote access scenario.

The following figure shows the one way option to implement a remote access VPN is by using Layer 2 Tunneling Protocol (L2TP) and IPsec.

In L2TP- and IPsec-based remote access VPN:

1. The remote host first establishes an IPsec tunnel with the VPN server.
2. The L2TP client and server then establish an L2TP tunnel on top of the IPsec tunnel.
3. Finally, a PPP session is established on top of the L2TP tunnel; that is, the PPP packets are encapsulated and sent and received inside the L2TP tunnel. The Vyatta router supports L2TP/IPsec-based remote access VPN. This deployment is described in Vyatta Remote Access VPN Reference Guide.

For more information about remote access VPN, refer to