When considering the medium-sized network design requirements in a branch role rather than a headend or standalone role, it is possible to eliminate some components from the design, keeping the following points in mind:
If a private WAN link is used to connect to the corporate headquarters, it is possible to omit the entire Corporate Internet module unless local Internet connectivity is required.
If an IPSec VPN is used to connect to the corporate headquarters, it is possible to omit the WAN module from the design.
If the corporate headquarters provides the services, a VPN concentrator or dial-access router might not be needed for remote-access services.
Management servers and hosts are normally located at the corporate headquarters, which means that management traffic must traverse either the private WAN link or the IPSec VPN connection. Management traffic can easily flow across the private WAN link, but when an IPSec VPN is used, some devices are located outside of the VPN tunnel and therefore require some alternate form of management. This might require the use of a separate IPSec tunnel that terminates on the actual device, or the device might have to be managed by other means, such as Secure Socket Header or something similar.