IPsec VPNs

Overview

You can create and manage the association between IPsec components, and public and private services, to form a secure VPN. See Typical applications for IPsec corporate services for the typical applications of an IPsec VPN.

You use the IPsec VPN step forms to perform the following:

Tunnel types

The following table lists the tunnel types for an IPSec VPN in different products.

Table 34-1: Tunnel types for an IPsec VPN

Tunnel type

7705 SAR

7750 SR

7450 ESS in mixed mode

7210 SAS

Dynamic (site-to-site)

Dynamic (soft client)

Static

The NFM-P creates the following after the successful creation of an IPsec VPN, regardless of the tunnel type:

The NFM-P performs specific configuration actions after the successful creation of an IPsec VPN, depending on the tunnel type; see To assign policies and configurations for a dynamic site-to-site IPsec VPN to To assign policies and configurations for a static IPsec VPN for information.

Typical applications for IPsec corporate services

The following figure shows a public VPRN service that is associated with a private VPRN service. The private service belongs to a larger private VPRN. The public service can be a VPRN or IES service. The private service can only be a VPRN service.

Figure 34-1: Static IPsec tunnel
Static IPsec tunnel

The following figure shows two public L3 VPRNs, VPRN 1 and VPRN 2, which are connected to the private, secure service VPRN 3 through an IPsec gateway. The public services can be VPRN or IES services. The private service can only be a VPRN service.

Figure 34-2: IPsec tunnels for a site
IPsec tunnels for a site

Figure 34-3, IPsec tunnels for multiple sites is the same as Figure 34-1, Static IPsec tunnel, but Figure 34-3, IPsec tunnels for multiple sites shows IPsec tunnels across multiple sites. Site A, Site B, and Site C are part of the private service VPRN 4. For the site, there is a secure IPsec tunnel between a public service and a private service. The public services can be L3 VPRN or L3 IES services. The private service can only be a VPRN service.

Figure 34-3: IPsec tunnels for multiple sites
IPsec tunnels for multiple sites

The following figure shows a private VPRN that is connected to a corporate VPLS. The public IES and private VPRN service connect to the VPLS through a CCAG or SCP. A CCAG connects the private VPRN to the VPLS.

Figure 34-4: IPsec VPN in a corporate network
IPsec VPN in a corporate network