I understand now that for a Mobile User VPN, a client program is used to create a 'tunnel' to resources behind a firewall. At that point, if there is a Windows Domain behind the firewall and you have your DNS set up right, Windows will put up its authentication box (GINA I guess).
How does it work in the branch office (site-to-site) VPN scenario.
Does the user have to do anything?? What makes the tunnel come up?? Is his workstation multihomed? How does he get to the shares on the 'other end'? How does it look to him? I've never participated in a VPN so I don't know.