Chapter 8. Troubleshooting IPSec VPNs

IP Security (IPSec) provides security services for IP traffic. IPSec can be used to build secure site-to-site and remote access virtual private networks (VPNs) over a public infrastructure such as the Internet.

Site-to-site VPNs consist of IPSec tunnels built between the sites of an organization or organizations. These tunnels terminate on security gateways, such as routers and firewalls, and once established, allow transparent and secure transport of IP traffic between sites.

Figure 8-1 illustrates a simple site-to-site VPN.

Figure 8-1. Simple Site-to-Site VPN

[View full size image]

Remote access IPSec VPNs (see Figure 8-2) can also be deployed to allow remote access clients, such as a sales force, to connect back to a corporate network. In this case, an IPSec tunnel is built between the user's desktop or laptop computer and a security gateway at the corporate site.