All of our content is written by humans, not robots. Learn More
Work from Home

What Is a VPN Concentrator?

Unless you’re part of a large enterprise, you may not be familiar with VPN concentrators.

All of our content is written by humans, not robots. Learn More
By
&
Gabe Turner
Gabe Turner Chief Editor
Last Updated Jul 25, 2024

Virtual private networks are far from one-size-fits-all services. Depending on the use case, there are different configurations for connections, different encryption protocols to use, and, of course, different outcomes when it comes to user experience.

Today, though, our digital privacy experts are going to be taking a break from individual consumer-grade VPNs and talk about the services large organizations use to connect remote employees to centralized networks — VPN concentrators.

VPN concentrator diagram
Diagram showing a VPN concentrator and where it’s used within the remote path

What Is a VPN Concentrator?

In the layman-ist of layman’s terms, a VPN concentrator is a physical, hardwired device with dedicated software that supports multiple VPN connections for one entity. It’s essentially a high-quality personal VPN, but on a huge scale, connecting hundreds or even thousands of devices to one network.

What Does a VPN Concentrator Do?

A VPN concentrator establishes multiple encrypted VPN tunnels at the same time, providing secure connections for multiple VPN nodes. A server-side feature, a VPN concentrator extends a VPN router to thousands of users, giving them encrypted tunnels so they can access a centralized system. Additionally, a VPN concentrator authenticates users, encrypts and decrypts their data, and changes their IP addresses for maximum digital security.1

VPN Encryption
VPN Encryption

How Does a VPN Concentrator Work?

At the forefront of a network, either next to or behind a firewall, a VPN concentrator will establish multiple encrypted tunnels between remote devices and a centralized network. In real terms, that means a VPN concentrator will allow a remote worker’s web traffic to travel through these tunnels before it reaches the interior of the network, which is ideal for large organizations that prioritize safety for their distributed workforces.

The Most Common VPN Concentrator Options

Unless you’re in the IT department of a large enterprise, you probably don’t have to worry about shopping for a VPN concentrator. That being said, here are the most popular VPN concentrators today:

  • Cisco Meraki
  • ShoreTel
  • Aruba

Who Uses VPN Concentrators?

Usually, large businesses and organizations use VPN concentrators to let remote employees connect to company networks. It’s rare that people use VPN concentrators for personal use; rather, large corporate enterprises with a ton of remote employees, militaries, or other organizations that need secure connections are usually the ones that use them.

The thing about VPN concentrators is that they’re expensive, so they make sense for large businesses only. For small businesses, it’s best to use a VPN router or VPNs on devices directly. Learn more about the best VPNs for business.

FYI: Typically, only large enterprises use VPN concentrators. Small businesses should look for VPN clients instead.

When Do You Need a VPN Concentrator?

If you’re part of a large business with a lot of employees who work remotely and need to access a centralized network, then you need a VPN concentrator to make that happen. Otherwise, you don’t need a VPN concentrator, but a regular VPN.

VPN Concentrator Alternatives

As we mentioned earlier, VPN concentrators aren’t the only game in town. Let’s compare them to some other VPN options.

VPN Concentrator vs. VPN Router

Using a VPN on your router will encrypt all of the devices connected to that router; i.e., all of the devices on your network. However, a router VPN won’t help you access a centralized network, so it doesn’t have the same function as a VPN concentrator.

Google Mesh Router
Google Mesh Router

Pro Tip: We recommend using router VPNs either at home or in a physical office.

VPN Concentrator vs. Site-to-Site VPN

For businesses with multiple offices like ours, a site-to-site VPN makes more sense than a VPN concentrator. Site-to-site VPNs let several offices access the same internal systems and databases rather than letting remote employees access one location.

VPN Concentrator vs. IPsec Encryption

IPsec is a protocol that protects data as it travels in the tunnel. It authenticates IP packets via RSA encrypted nonces, digital certificates, or pre-shared keys.2 IPsec occurs in the network layer, while VPN concentrators are server-side. However, these options aren’t mutually exclusive; rather, some VPN concentrators use IPsec protocols for data confidentiality, integrity, and authentication.

VPN Concentrator vs. VPN Client

A VPN client is the software that connects a user and a VPN server. While some VPN clients work in the background, some have front-end interfaces and require action from the user. And while some VPN clients are installed on computers as applications, some offices have hardware devices pre-installed with VPN software.

But while a VPN client is useful if you’re working in a physical office or at home, it’s not good for multiple people connecting to a single corporate network. For that, you’ll need a, you guessed it, VPN concentrator.3

VPN Concentrator Encryption Protocol Types

If your workplace uses a VPN concentrator, chances are that you’re using one of the following types of encryption:

  • PPTP/MPPE: Multi-protocol VPNs use Microsoft Point-to-Point Encryption, as PPTP on its own doesn’t provide data encryption.
  • L2TP/IPsec: Also called L2TP over IPsec, the Layer 2 Tunneling Protocol is used most often for remote-access VPNs with Windows 2000 operating systems as well as dial-in users. IPsec handles the encryption.4
  • IPsec: Hello, old friend. IPsec provides strong encryption and authentication in one of two modes, detailed below.
Example of NordVPN's different protocols and encryption methods
Example of NordVPN’s different protocols and encryption methods

VPN Concentrator Transport Mode

Tunnel mode encrypts both a packet’s header and payload, while transport mode encrypts the payload only. For IPsec, transport mode is the default.5

SSL vs. IPsec

SSL, which stands for Secure Sockets Layer, uses a handshake method to authenticate sessions and establish secure connections, more secure than IPsec. SSL is more compatible with firewalls and doesn’t support compression. IPsec, on the other hand, is better for dial-up or low-bandwidth networks as well as wireless networks. But don’t worry; if you’re an employee who has to use a VPN concentrator, you probably won’t have to dive deep into its internet protocols.

Function IPsec SSL
Client authentication Must Option
Compression support Yes OpenSSL only
Configuration Difficult Easy
Handshake time Slow Fast
Interoperability problem Yes No
Pre-shared key Yes No
TCP application support All Some
Throughput rate High High
UDP support Yes No6

VPN Concentrator Impact on Performance

A VPN concentrator impacts performance the same way that a VPN impacts performance, just on a larger scale:

  • Increases lag, which could make video chatting, torrenting, streaming, or file-sharing difficult
  • Doesn’t work with app applications
  • May lose internet connection
  • Slow page loading
  • Faulty connections

If you’re having any of the above issues with a VPN concentrator, try switching to another server, and if that doesn’t work, contact your company’s IT department.

VPN Concentrator Pros and Cons

Let’s break down what we like and don’t like about VPN concentrators.

Pros
  • Great for connecting a high number of remote employees to a centralized network
  • Quickly generates hundreds to thousands of tunnels in less time than connecting individual VPN clients
Cons
  • Can have deployment issues at times
  • Expensive, especially to implement
  • Not good for smaller companies or home networks

What Is a VPN?

Getting back to basics, a VPN is a virtual private network. VPNs hide your browsing activity; also, VPNs encrypt your IP address, hiding your real IP address from your internet service provider (ISP). Learn everything there is known about VPNs in our VPN how-to hub.

ExpressVPN desktop app connected to Hong Kong
ExpressVPN desktop app connected to Hong Kong

Recap

Since only large enterprises use VPN concentrators, it’s likely that even if you use one, there’s not much you’ll need to do to maintain it. Rather, most companies install VPN concentrators for their employees, so all you have to do is open your computer for secure browsing. As more and more people work from home, we expect that VPN concentrators will become more common as a method for connecting people to a single, centralized network.

Frequently Asked Questions

After being inundated with questions about VPN concentrators, we’ve answered the most common ones below.

  • Do I need a VPN concentrator?

    If you run a large enterprise with hundreds or thousands of remote employees who need to access a centralized network, then yes, you need a VPN concentrator. However, if you’re part of a small and/or in-person business, then you don’t need a VPN concentrator.

  • Where should a VPN concentrator be installed?

    You should install a VPN concentrator on all of the devices that your remote employees use for work.

  • What does a Cisco VPN concentrator do?

    A Cisco VPN concentrator connects remote employees to a centralized network, encrypting their web activity and IP addresses in tunnels along the way.

  • How much does a VPN concentrator cost?

    A VPN concentrator can cost anywhere from around $200 all the way up to $1,440, with the average being about $500.

Citations
  1. NordVPN. (2020). What is a VPN concentrator?
    https://nordvpn.com/blog/vpn-concentrator/

  2. University of New Hampshire. Appendix B: IPSec, VPN, and Firewall Concepts.
    cs.unh.edu/~it666/reading_list/Networking/firewall_concept_terms.pdf

  3. Auvik. (2015). 4 Common VPN Types (And When to Use Them).
    auvik.com/franklyit/blog/vpn-types/

  4. Cisco. (2008). How Virtual Private Networks Work.
    cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14106-how-vpn-works.html

  5. ScienceDirect. (2021). Transport Mode.
    sciencedirect.com/topics/computer-science/transport-mode

  6. International Association for Cryptologic Research. (2004). A Technical Comparison of IPSec and SSL.
    eprint.iacr.org/2004/314.pdf