In an earlier blog, Confessions of a Reluctant Teleworker, I mentioned that I find myself grounded at home in Atlanta, GA, because of the Coronavirus (COVID-19) pandemic. During this extended period, I am on the job as a teleworker as the situation gradually improves. I also discussed the enterprise-grade teleworker solution I have been using at my house in Atlanta, GA. I have been using an ExtremeRouting XR600P™ branch router and an ExtremeWireless AP305C™ with a Layer 3 IPsec VPN connection back to Extreme Headquarters.
Essentially, I have what you could describe as a power-user solution for a remote teleworker. However, I have been reminded by numerous people that a power-user solution might not be the best for everyone. The bulk of remote workers need a fast and straightforward way to access the same resources as corporate users. Therefore, Extreme Networks also offers a simple and cost-effective solution for remote users to access corporate resources through a Layer 2 IPsec VPN securely.
I spend time every year in Mexico, and I need a fast and simple solution for remote access at my temporary residence. All I need is a single AP that can connect back to our corporate office. In my opinion, the most important aspect of this type of solution is the auto-provisioning capability of the solution. In other words, when I go to Mexico, I should be able to plug in the AP to any home Internet gateway device, and the VPN tunnel should automatically establish back to corporate. The good news is that I can do this with an access point managed via ExtremeCloud™ IQ. As shown in Figure 1, a predefined network policy with L2 VPN services is simple to configure.
The policy specifies the external IP address of an active VPN server as well as a pool of IP addresses that the AP endpoints use inside the L2 IPsec VPN tunnel. When I plug in an AP for the first time, it connects to the cloud, downloads this policy, and automatically establishes the VPN tunnel back to corporate headquarters. Within a matter of minutes, I am connecting to the same Corporate SSID that I use at the Extreme offices. The best example is to use the Atom AP30. As shown in Figure 2, the Atom AP30 is a pluggable enterprise access point. I plug this little guy into an AC power socket and connect an Ethernet cable to the home gateway, and I am up and running.
The beauty of a L2 VPN is that any access point managed in ExtremeCloud™ IQ can be auto-provisioned. All you need is a means to power the AP and a home gateway device to provide an IP address for the AP’s management interface. Another popular choice for L2 VPN deployments is the enterprise-class wallplate access point, the AP150W.
As shown in the diagram in Figure 3, the benefit of L2 VPN is that any AP is a secure extension of the corporate network.
The same networks that exist at headquarters extend to your home. For example, an employee might still connect to the corporate SSID using 802.1X with a company-issued laptop. BYOD devices might connect to a different SSID with more restrictive access policies. Some of the easy to deploy advantages of a L2 VPN include:
At the end of the day, I have a fast-and-easy L2 VPN teleworker solution at my residence in Mexico. And I still maintain my power-user L3 VPN remote access solution from my home in Atlanta. Of course, both of my teleworker solutions are managed via ExtremeCloud™ IQ. From the cloud, a network administrator can easily configure, provision, and monitor equipment for thousands of teleworkers. You can learn more about the wide variety of Extreme’s remote networking solutions at: https://www.extremenetworks.com/remote/.