Distributed VPN gateway for processing remote device management attribute based rules

The invention claimed is: 1. A non-transitory machine readable medium storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for: receiving, at a virtual private network (VPN) gateway executing on a computer, a data message sent by a remote device through a tunnel that connects the remote device to the network; and intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message's destination within the network; and identifying a set of remote device management (RDM) attributes associated with the received data message by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the RDM attribute set, performing a service operation on the data message; the sets of instructions for execution by a set of processing units of the computer. 2. The non-transitory machine readable medium of claim 1 further storing a set of instructions for forwarding the data message to the destination within the network after performing the service operation on the data message. 3. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for performing the service operation comprises a set of instructions for discarding the data message when the data message is associated with a first set of RDM attributes. 4. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for performing the service operation comprises a set of instructions for performing a load balancing operation on the received data message based on the RDM attribute set. 5. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for performing the service operation comprises a set of instructions for using the identified RDM attribute set to identify a service rule that specifies the service operation to perform on the received data message. 6. The non-transitory machine readable medium of claim 5 , wherein the set of instructions for using the identified RDM attribute set to identify the service rule comprises a set of instructions for using the identified RDM attribute set to identify a service rule with an RDM attribute set that matches the identified RDM attribute set. 7. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for performing the service operation comprises a set of instructions for performing a destination network address translation (DNAT) operation on the received data message based on the RDM attribute set. 8. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for performing the service operation comprises a set of instructions for selecting a domain name system (DNS) server based on the RDM attribute set. 9. The non-transitory machine readable medium of claim 8 , wherein the set of instructions for selecting a DNS server comprises selecting a DNS server associated with a location with which the remote device is associated. 10. The non-transitory machine readable medium of claim 8 , wherein the location is a first location, wherein the set of instructions for selecting the DNS server further comprises a set of instructions for forwarding the data message to the selected DNS server, said DNS server in the first location, the first location being different than a second location at which the DNS server was selected. 11. The non-transitory machine readable medium of claim 1 , wherein the RDM attribute set is stored in the data storage for the received data message after the VPN gateway authenticates a request for a VPN session for the received data message's flow. 12. The non-transitory machine readable medium of claim 11 , wherein the RDM attribute set is stored in the data storage by the VPN gateway. 13. The non-transitory machine readable medium of claim 11 , wherein the RDM attribute set is stored in the data storage by an RDM server that authenticates the VPN session request for the VPN gateway. 14. A non-transitory machine readable medium storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for: receiving a data message sent by a remote device; identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, performing a destination network address translation (DNAT) operation on the received data message by: (i) determining, based on the RDM attribute set, that the remote device is associated with a first location but is accessing the network at a second location; (ii) identifying an RDM based rule specifying that remote devices associated with the first location that access the network at the second location have to be directed to network elements in the second location that are segregated from other network elements in the second location for use by remote devices associated with the first location; and (iii) performing the DNAT operation to direct the data message to one of the segregated network elements; the sets of instructions for execution by a set of processing units of one computer. 15. A computer comprising: a set of processing units for processing instructions; a memory for storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for: establishing, at a VPN gateway executing on the computer, a VPN tunnel with a remote device; receiving, at the VPN gateway, a data message sent by the remote device through the tunnel; intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message's destination within the network; and identifying a set of remote device management (RDM) attributes associated with the data message received from the remote device by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the identified RDM attribute set, performing a service operation on the remote-device data message. 16. The computer of claim 15 , wherein the service operation is one of a firewall operation, a load balancing operation, a destination network address translation operation, and a domain name system (DNS) operation. 17. A method of processing remote-device data messages entering a network, the method comprising: receiving, at a virtual private network (VPN) gateway executed by a set of processing units of a computer, a data message sent by the remote device through a tunnel that connects the remote device to the network; and intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message's destination within the network; and identifying a set of remote device management (RDM) attributes associated with the received data message by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the RDM attribute set, performing a service operation on the data message wherein said receiving, identifying and performing are executed by the set of processing units of the computer. 18. The method of claim 17 , wherein the RDM attribute set is stored in the data storage for the received data message after the VPN gateway authenticates a request for a VPN session for the r