One issue that you probably will have to face is allowing your users to access your network remotely, typically through a public network such as the Internet. In most situations, you will use a Virtual Private Network (VPN) to provide for the connectivity. VPNs are discussed in Part VIII, "Virtual Private Networks." However, one limitation that VPNs have is that, after users are connected through a secure connection to your network, they have free reign over internal resources. You could implement an ACL to restrict their traffic, but this ACL applies to all users accessing a resource.
Some mechanism is needed to authenticate users and restrict what resources they can access. Cisco has two solutions to this problem:
Lock-and-key ACLs
Authentication proxy
This chapter focuses on lock-and-key ACLs; the next chapter focuses on authentication proxy.