Blog article

VPN Concentrator Explained

VPN concentrators are stand-alone devices that create secure encrypted tunnels to provide remote access to company resources over the public internet.


Min read

VPN router, VPN gateway, or VPN concentrator? The borders between the three may be blurry, but there exist some practical differences.

This article describes what the VPN concentrator is and what it does.

Table of contents

What is a VPN concentrator?

A VPN concentrator is a dedicated network device (hardware or virtual) that provides secure connections between remote users and a company network. VPN concentrators tend to be enterprise-grade devices capable of handling a large number of parallel connections.

You may think of it as a scaled-up VPN router with a few bells and whistles attached, or another name for a VPN gateway marketed as a stand-alone product.

Fig. 1 – VPN concentrator deployment

What does a VPN concentrator do?

The main purpose of a VPN concentrator is to provide secure remote access over the public internet via a secure tunnel.

In the language of VPNs, this is called a point-to-site VPN. However, in companies with several remote branches, individual local concentrators can be interconnected via site-to-site tunnels.

In addition, VPN concentrators may handle other tasks, such as:

  • User authentication – Only verified company employees are granted access with assigned privileges, which prevents unauthorized access and protects company data from theft and misuse.
  • Traffic encryption – VPN concentrators establish end-to-end encrypted connections (VPN tunnels), which conceal data during transit over the internet and protect it from interception.
  • IP address assignment – Users are assigned IP addresses, e.g. to provide secure remote access to cloud systems (IP whitelisting).

Thanks to this, VPN concentrators fulfill several use cases.

  • Secure remote access – The primary use case is to provide remote access to remote employees with the same level of security and privacy as they would enjoy on the company LAN.
  • Network segmentation – VPN concentrators capable of assigning privileges can segment the network by limiting the number of privileges a user receives, which contains an attack in a limited number of systems if the attacker succeeds in penetrating the network.
  • Identity obfuscation – Encapsulation in an encrypted tunnel hides metadata about the communicating parties, such as IP address or port number, which conceals the user’s activity on the internet and protects their data from interception.
  • Application access – Modern VPN concentrators allow remote users to safely access SaaS applications by establishing a private tunnel between them and the application.

How a VPN concentrator works

Before any data passes between the company network and the user, the VPN concentrator creates an encrypted tunnel. It can use several VPN protocols to do this, and more than one at a time.

The traffic is then sent through this tunnel, encrypted before departure and decrypted upon arrival.

Benefits of using a VPN concentrator

VPN concentrators provide several benefits.

  • High workloads – VPN concentrators are robust stand-alone devices capable of handling hundreds of parallel tunnels.
  • Central administration – VPN concentrators provide central management of secure VPN connections
  • Access control – VPN concentrators allow restricting user access to selected systems based on attributes or roles.

Drawbacks of a VPN concentrator

VPN concentrators aren’t for everyone. Despite their benefits, they have certain downsides.

  • High initial cost – VPN concentrators come with an enterprise-grade price tag that smaller companies cannot afford.
  • Lack of scalability – With a large number of remote workers (as the pandemic has shown), you may run out of bandwidth to provide smooth enough service for all of them. Hardware concentrators have a performance ceiling that can only be raised by deploying additional VPN concentrators.
  • Management complexity – Configuring a VPN concentrator requires a trained networking specialist in order to provide smooth remote access to all relevant systems and to make the VPN fit in with the rest of the organization’s security ecosystem.

Alternatives to a VPN concentrator

VPN router

A VPN router provides a similar functionality as a VPN concentrator, but with fewer features and at a smaller scale. It may be a good alternative for companies with fewer remote workers and a smaller budget.

On the other hand, the configuration complexity is still very high, if not higher, as you may need to configure every VPN client individually.

Business cloud VPN

A cloud-delivered business VPN provides a remote-access service identical to a VPN concentrator without any of the downsides. The function of the VPN concentrator is taken over by the cloud VPN gateway, which is a virtual device that handles site-to-site and point-to-site tunneled connections in a highly scalable way.

Being SaaS-delivered, the business cloud VPN is better suited for small and medium businesses:

  • The price matches the performance – companies pay more when they use more,
  • The cloud VPN scales easily according to changing needs,
  • The administration overhead rests with the provider, which eliminates management complexity for the business.


VPN concentrators are reliable, high-performance solutions for securing remote access for a large number of workers.

Legacy hardware concentrators require serious financial investment and know-how, which means they cater primarily to the needs of large enterprises. Small and medium businesses make better use of virtual concentrators (gateways) that come with business cloud VPNs, as SaaS-delivered VPN services scale better and reduce management overhead.