Filter
Top Products
Chapter 20 IPSec VPN
ZyWALL USG 1000 User’s Guide
318
20.5 VPN Concentrator
A VPN concentrator combines several VPN connections into one secure network. Figure 207
on page 318 shows an example of this, as well as one alternative approach.
Figure 207 VPN Topologies
The VPN concentrator is used in the second approach. In the first (fully-meshed) approach,
there is a VPN connection between every pair of routers. In the second (hub-and-spoke)
approach, there is a VPN connection between each spoke router (B, C, D, and E) and the hub
router (A), which uses the VPN concentrator. The VPN concentrator routes VPN traffic
between the spoke routers and itself.
The biggest advantage of a VPN concentrator is that it reduces the number of VPN
connections that you have to set up and maintain in the network. You might also be able to
consolidate the policy routes in each spoke router, depending on the IP addresses and subnets
of each spoke.
You should not use a VPN concentrator in every situation, however. The hub router is a single
point of failure, so a VPN concentrator is not as appropriate if the connection between spoke
routers cannot be down occasionally (maintenance, for example). In addition, there is a
significant burden on the hub router. It receives VPN traffic from one spoke, decrypts it,
inspects it to find out to which spoke to route it, encrypts it, and sends it to the appropriate
spoke. Therefore, a VPN concentrator is more suitable when there is a minimum amount of
traffic between spoke routers.
Apply Click Apply to save your changes in the ZyWALL.
Cancel Click Cancel to exit this screen without saving.
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL DESCRIPTION
12