"Virtual private networks, or VPNs, are obviously the most
secure solution for allowing mobile employees to access the
corporate network from outside the premises. But because VPNs are
easily broken by network address translation (NAT) or stifled by
restrictive ACL rules, they pose interesting challenges to
enterprise network administration policy and procedure in terms of
configuration, implementation and usage.
"IPSec-derived VPN solutions can be confusing to inexperienced
administrators; they are difficult to configure because so many
parameters are involved. Worse yet, IPSec operates in kernel mode,
an excellent leverage point for potential attackers..."