a central operator premises that includes:

a local communication unit; and

a local manipulator having a second copy of a decentralized table;

a remote operator zone that includes:

a remote communication unit, the remote communication unit being communicatively coupled to the local communication unit through the specific network segment; and

a remote manipulator having a first copy of the decentralized table;

a corporate local area networks;

the communication system being operable to manage a VPN tunnel between the remote client communicatively coupled to a remote VPN unit and a corporate client communicatively coupled to a corporate VPN unit through the central operator and the remote operator zone by:

receiving a first packet of a new VPN connection from the remote VPN at the remote manipulator;

creating a decentralized table entry with an identifier that is associated with the source and destination IP addresses of the VPN packet and synchronizing the second copy of the decentralized table at the local manipulator;

modifying the destination IP address of the packet to be the IP address associated with the local manipulator;

receiving a packet, at the central operator premises, from the remote manipulator, the packet including data to identify an appropriate entry in the decentralized table; and

modifying the destination address of the packet to be the IP address according to the data in the identified entry at the second copy of the decentralized table.