Chapter 6. Deploying Site-to-Site IPsec VPNs

IPsec provides security services to IP, and it has become an extremely popular way to provision site-to-site and remote access VPNs. In a site-to-site VPN, IPsec tunnels are built between an organization’s sites, and all traffic is authenticated and/or encrypted as it passes over the intervening network.

Depending on connectivity requirements and other considerations, site-to-site IPsec VPNs can be deployed in full-mesh, partial-mesh, or hub-and-spoke architectures, as shown in Figure 6-1.

Full-Mesh, Partial-Mesh, and Hub-and-Spoke IPsec VPN Architectures

Figure 6-1. Full-Mesh, Partial-Mesh, and Hub-and-Spoke IPsec VPN Architectures

As illustrated in Figure 6-1, in a hub-and-spoke ...

Get Comparing, Designing, and Deploying VPNs now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.