The Vpn Concentrator Screen - ZyXEL Communications ZyWall USG 2000 User Manual

Chapter 21 IPSec VPN

21.4 The VPN Concentrator Screen

A VPN concentrator combines several IPSec VPN connections into one secure
network.
Figure 216 VPN Topologies (Fully Meshed and Hub and Spoke)
In a fully-meshed VPN topology (1 in the figure), there is a VPN connection
between every pair of routers. In a hub-and-spoke VPN topology (2 in the figure),
there is a VPN connection between each spoke router (B, C, D, and E) and the hub
router (A), which uses the VPN concentrator. The VPN concentrator routes VPN
traffic between the spoke routers and itself.
A VPN concentrator reduces the number of VPN connections that you have to set
up and maintain in the network. You might also be able to consolidate the policy
routes in each spoke router, depending on the IP addresses and subnets of each
spoke.
However a VPN concentrator is not for every situation. The hub router is a single
failure point, so a VPN concentrator is not as appropriate if the connection
between spoke routers cannot be down occasionally (maintenance, for example).
There is also more burden on the hub router. It receives VPN traffic from one
spoke, decrypts it, inspects it to find out to which spoke to route it, encrypts it,
and sends it to the appropriate spoke. Therefore, a VPN concentrator is more
suitable when there is a minimum amount of traffic between spoke routers.
354
1 2
ZyWALL USG 2000 User's Guide