The Journey of a Network Engineer

Jul 22 2013   11:17PM GMT

How Cisco Site-to-Site IPsec VPN Works?

Sulaiman Syed Profile: Sulaiman Syed

Branch connectivity to the HQ or the Datacenter is one of the essential topics that almost all businesses have to deal with. Various methods has been developed to connect Branches. All these methods fall under the WAN connectivity module. Wan connectivity can be achieved using:

  • Dedicated Leased Lines
  • Internet

Even when the internet is used to provide Branch Connectivity. various methods and models can’t be used. from Dynamic Multipoint VPN (DMVPN), SSL VPN for clients, IPsec VPN, etc. We would discuss IPsec VPN here, and later would see a sample configurations.

Site-to-Site VPN uses Internet Security Association and Key Management Protocol (ISAKMP) and IPSec to create the tunnel. ISAKMP is a negotiation protocol that allow two routers to secure the tunnel. This negotiation is done in Two phases.

Phase one creates the first tunnel, this tunnel will protect the negotiations of the second phase (Second Tunnel). Phase one will protect the IPSec parameters that are being negotiated between the end points.

Phase two is the IPSec Tunnel, where the encryption of data, and authentication methods are negotiated and applied for the interesting traffic.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: