Field unit connectivity thru dynamic vpn

[danieldaisyvandy () gmail com]

Hi,

I work for a news agency that has recently decided to opt for dynamic vpns to connect their field units and offices to 
their central studio.

The plan at a high-level is as below:

The field units will be connecting to internet over a satellite link, which means the field routers get a dynamic IP 
address for the WAN interface.

[field unit A LAN] ------- (field unit A router)----//------{internet}---//---(central studio router) ------[central 
studio LAN] 

Other units and offices will be connected in the same fashion. In the field units and offices, there will be several 
media equipments that will be connected to the LAN apart from the computers.

The field units sometimes have to be in conflict zones or areas which make them prone to be hijacked or equipment theft.

What access control precautions needs to or can be taken for vpn to limit unauthorized access from the field units?