So I am not clear based on your description, but is sounds like there is a location that you are at that has Wifi. This Wifi network is connected to the Internet. You want to be able to connect back to your work's network. If this is correct, this is my suggestion...

You do not need a VPN router. If you want to connect back to your corporate network, if they offer VPN services, you need the VPN client loaded on your computer. If they do not have VPN services, how do you normally connect back when you are travelling or at a remote location? Connecting back to a work location via VPN over a public netowrk is Safe. That is the point of VPN, to secure the connection over an untrusted network.

"Anyone connecting on this wifi could access your network, but its not connected to your work network???" Of course not... How did this IT person explain that a person could connect back to the work network through a public wifi?

>>How did this IT person explain that a person could connect back to the work network through a public wifi?

I think he meant that he wanted to take a router and connect it downstream from the public wifi router. So that his wan port is connected to the public router and he offers his own wifi. His router would then create a peer to peer vpn tunnel.

#1 - most consumer routers will not let you connect WAN to a wifi network.
#2 - if somehow you got around #1, if you leave your wifi open, then yes, everyone could connect to the remote network.
#3 - Your IT person should have suggested just using a client on your PC.

If the router that connects public wifi to the internet will ALSO be used to create a VPN tunnel, this is still a safe config if done correctly.

Just separate out the public wifi space from the private space in 2 VLANs isolated from each other. Both route outbound. THe VPN tunnel is built to match the interesting traffic to only the private wifi subnet.

I do this all the time.

To have a dedicated router that can support VPN tunnel would suggest that you have more than one person in this building that needs a secure connection back to the remote office. Generally, these "branch office" tunnels are created so that you can have a small office of employees to have a secure connection back. However, just to summarize what I had suggested before...if you are the only employee at this location, then a VPN router is not feasible. All you need to do is load the VPN client on your computer and connect back to your work's network through their VPN gateway. This will create a secure tunnel over this pubic network. That is safe. If you do require to create a branch office tunnel, then both networks at this location should be separated by VLANs.

What model is the current router?

I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

You are correct.

I"m with ITG-JM. If it's only for 1 user (you), then use a VPN client on your machine.