IPsec Tunnel

An IPSec tunnel encrypts and verifies IP packets that transmit over a virtual private network (VPN) from one site to another.

The following are the characteristics of an IPsec tunnel:

IPsec negotiation mode:
For security reasons, we only support the Main mode. The Aggressive mode is not supported.
IPsec security protocol:
We support only the Encapsulating Security Payload (ESP) protocol.
IPsec encapsulation mode:
We support the Tunnel mode. The Transport mode is not supported.
IPsec routing model:
We support only policy-based IPSec VPN. Route-based IPSec VPN is not supported. Therefore, the tunnel supports only unicast data, and does not support multicast and broadcast.

The typical usage scenario of an IPsec tunnel in vRouter networks is as follows:

Prepare two isolated ZStack Cloud and set up two VPC environments in these two clouds respectively. In each VPC environment, create two VPC networks respectively and make sure that these VPC networks cannot communicate with each other. Then, you can use an IPsec tunnel to achieve communication between these VPC networks.