You want to replace the remote VPN clients on each PC with a VPN gateway for the entire remote office. For example:
RemotePC1-----+---(Internet)------------Linksys-----Server | RemotePC2-----+would become
RemotePC1-----+---Router---(Internet)---Linksys-----Server | RemotePC2-----+
There are two ways to accomplish this. You can look for a router that behaves as though it were a VPN client. Or you can create a site-to-site VPN tunnel between the router and the Linksys or Server.
The first method has the advantage of requiring no change to your Server site. Your VPN gateway, whether it's your Linksys or Server, will continue to authenticate the new remote router as though it were just another VPN client. In fact, some PCs can continue to connect as they do now while others connect through the remote router. However, your equipment choices are going to be somewhat limited, because there are not that many routers designed to behave as "hardware VPN clients." For an entry-level example, see the SnapGear SG300.
The second method is more common for securing traffic from a remote office to a central site. It requires compatible VPN gateways at both ends. Depending on the products and protocols you are using today, you may be find a VPN/router that will be directly compatible. This is more likely if you are using IPSEC than if you are using PPTP, since many PPTP products operate in client/server rather than site-to-site mode. One entry-level IPSEC router for site-to-site tunneling is the SonicWALL TELE3. Note that if you're using a Windows 2000/XP/2003 Server as a VPN gateway today, you can just add new security policies for an IPSEC site-to-site tunnel. IPSEC is already part of those operating systems, although many companies prefer using a separate VPN gateway to avoid putting VPN load on the server itself.
If you're looking to reduce VPN costs, you might also want to calculate your VPN capacity to see if you can possibly downgrade your VPN link capacity. This tip explains how to calculate the cost of VPN links, for more information.
This was first published in June 2004