VPN Tunnel

VPN Tunnel

A VPN tunnel establishes a secure connection between two sites over the Internet.

VPN Tunnel Policy

This policy consists of a set of rules that define:

  • what traffic will be securely transmitted into the tunnel
  • how the traffic is secured in the tunnel – which authentication and encryption algorithms will be applied to the data to ensure its authenticity, integrity, and confidentiality.

This information is defined in a crypto map entry. Crypto map entries with the same crypto map name- but different map sequence numbers, are grouped into a crypto map set, which is applied to the VPN interfaces on the relevant devices. All IP traffic passing through the interface is evaluated against the applied crypto map set. If a crypto map entry sees outbound IP traffic that should be protected and the crypto map specifies the use of IKE, a security association is negotiated with the remote peer according to the parameters included in the crypto map entry.

Image source 

When two peers try to establish a security association, they must each have at least one crypto map entry that is compatible with one of the other peer’s crypto map entries. The following minimum criteria for two crypto map entries to be compatible,

The crypto map entries must contain compatible crypto access lists (for example, mirror image access lists). If the responding peer is using dynamic crypto maps, the entries in the local crypto access list must be “permitted” by the peer’s crypto access list.
The crypto map entries must each identify the other peer (unless the responding peer is using dynamic crypto maps).
The crypto map entries must have at least one transform set in common.
Tunnel policies define the VPN connection between two peers. They specify which traffic will be secured and the authentication and encryption algorithms that will be used to secure the traffic.

A tunnel policy’s priority is indicated by its position in the list of policies (higher indicates higher priority). If a traffic flow matches the filter conditions in more than one tunnel policy, the policy with the highest priority is applied. You can change the order of the policies in the list according to the priority you want them to have.



Leave a Reply

Your email address will not be published. Required fields are marked *