Table of Contents
Advertisement
Chapter 20 IPSec VPN
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL
Apply
Cancel
20.5 VPN Concentrator
A VPN concentrator combines several VPN connections into one secure network.
on page 318
Figure 207 VPN Topologies
The VPN concentrator is used in the second approach. In the first (fully-meshed) approach,
there is a VPN connection between every pair of routers. In the second (hub-and-spoke)
approach, there is a VPN connection between each spoke router (B, C, D, and E) and the hub
router (A), which uses the VPN concentrator. The VPN concentrator routes VPN traffic
between the spoke routers and itself.
The biggest advantage of a VPN concentrator is that it reduces the number of VPN
connections that you have to set up and maintain in the network. You might also be able to
consolidate the policy routes in each spoke router, depending on the IP addresses and subnets
of each spoke.
You should not use a VPN concentrator in every situation, however. The hub router is a single
point of failure, so a VPN concentrator is not as appropriate if the connection between spoke
routers cannot be down occasionally (maintenance, for example). In addition, there is a
significant burden on the hub router. It receives VPN traffic from one spoke, decrypts it,
inspects it to find out to which spoke to route it, encrypts it, and sends it to the appropriate
spoke. Therefore, a VPN concentrator is more suitable when there is a minimum amount of
traffic between spoke routers.
318
DESCRIPTION
Click Apply to save your changes in the ZyWALL.
Click Cancel to exit this screen without saving.
shows an example of this, as well as one alternative approach.
1
Figure 207
2
ZyWALL USG 1000 User's Guide
Advertisement
Table of Contents
Troubleshooting
