IPsec VPNs
Overview
You can create and manage the association between IPsec components, and public and private services, to form a secure VPN. See Typical applications for IPsec corporate services for the typical applications of an IPsec VPN.
You use the IPsec VPN step forms to perform the following:
Tunnel types
The following table lists the tunnel types for an IPSec VPN in different products.
Table 34-1: Tunnel types for an IPsec VPN
Tunnel type |
7705 SAR |
7750 SR |
7450 ESS in mixed mode |
7210 SAS |
---|---|---|---|---|
Dynamic (site-to-site) |
✓ |
✓ |
||
Dynamic (soft client) |
✓ |
✓ |
||
Static |
✓ |
✓ |
✓ |
✓ |
The NFM-P creates the following after the successful creation of an IPsec VPN, regardless of the tunnel type:
-
if you specify that the secure and corporate services are to be linked, a composite service that contains the corporate and secure services
The NFM-P performs specific configuration actions after the successful creation of an IPsec VPN, depending on the tunnel type; see To assign policies and configurations for a dynamic site-to-site IPsec VPN to To assign policies and configurations for a static IPsec VPN for information.
Typical applications for IPsec corporate services
The following figure shows a public VPRN service that is associated with a private VPRN service. The private service belongs to a larger private VPRN. The public service can be a VPRN or IES service. The private service can only be a VPRN service.
Figure 34-1: Static IPsec tunnel
The following figure shows two public L3 VPRNs, VPRN 1 and VPRN 2, which are connected to the private, secure service VPRN 3 through an IPsec gateway. The public services can be VPRN or IES services. The private service can only be a VPRN service.
Figure 34-2: IPsec tunnels for a site
Figure 34-3, IPsec tunnels for multiple sites is the same as Figure 34-1, Static IPsec tunnel, but Figure 34-3, IPsec tunnels for multiple sites shows IPsec tunnels across multiple sites. Site A, Site B, and Site C are part of the private service VPRN 4. For the site, there is a secure IPsec tunnel between a public service and a private service. The public services can be L3 VPRN or L3 IES services. The private service can only be a VPRN service.
Figure 34-3: IPsec tunnels for multiple sites
The following figure shows a private VPRN that is connected to a corporate VPLS. The public IES and private VPRN service connect to the VPLS through a CCAG or SCP. A CCAG connects the private VPRN to the VPLS.