Advanced scenario
This is a complex network structure where the placement of the VPN router is important. This network model requires determining in which part of the client’s network the VPN router should be placed. It is advisable to place it in the nearest part of the network element that connects it to the Internet (e.g., the DMZ). This configuration (called “On a stick”) allows traffic sent to the client’s cloud to not interfere with other communication traveling through the network.
It is therefore necessary to have a device to start the IPSec tunnel. This scenario can be of use if the equipment that links the client to the Internet does not have an IPSec feature. By adding a UTM/router to the DMZ, a tunnel can be raised that adds a static route from the client’s PCs to send VPN traffic via the new gateway.
