IPsec provides security services to IP, and it has become an extremely popular way to provision site-to-site and remote access VPNs. In a site-to-site VPN, IPsec tunnels are built between an organization’s sites, and all traffic is authenticated and/or encrypted as it passes over the intervening network.
Depending on connectivity requirements and other considerations, site-to-site IPsec VPNs can be deployed in full-mesh, partial-mesh, or hub-and-spoke architectures, as shown in Figure 6-1.
Figure 6-1. Full-Mesh, Partial-Mesh, and Hub-and-Spoke IPsec VPN Architectures
As illustrated in Figure 6-1, in a hub-and-spoke ...