Penetration testing of IPSec VPNs

Most people that work remotely with their corporations have run into VPNs (virtual private networks). What most people do not understand is that while this is a virtual LAN that is connected to your corporate LAN, this is not the end all solution to protect your corporate network from unprivileged access. How Stuff Works has a good tutorial on how VPNs actually function.
If you work in security or system administration, a good idea would be to do penetration testing to see if your network is accessible. A good hacker can enumerate a number of valid accounts, just by testing the pseudo-random account names and reading the error messages that are returned by the VPN servers. Security Focus has a good overview on how to test your VPN via penetration testing.
All in all, working defensive security in information technology requires knowledge of how offense works and how to prevent the attacks. As the saying goes, knowledge is power.