VPN (Virtual Private Network) defines a private secure connection between two nodes on a public network such as the Internet. VPN at the IP level is deployed using IP Security (IPSec). IPSec is a standards-based set of protocols defined by the IETF that provide privacy, integrity, and authenticity to information transferred across IP networks.
The standard key exchange method employed by IPSec uses the Internet Key Exchange (IKE) protocol to exchange key information between the two nodes (referred to as peers). Each peer maintains Security Associations (SAs) to maintain the private secure connection. IKE operates in two phases:
The Phase-1 exchange negotiates an IKE SA
The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges, which in turn generate IPSec SAs
IPSec SAs secure the actual traffic between the protected networks behind the peers, while the IKE SA only secures the key exchanges that generate the IPSec SAs between the peers.
The Branch Gateway IPSec VPN feature is designed to support site-to-site topologies, in which the two peers are gateways.
Note:
To configure IPSec VPN, you need at least a basic knowledge of IPSec. Refer to the following guide for a suitable introduction:
http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm
