ICR-1601
129
Site to Host: Site to Host is suitable for tunneling between clients in a subnet and an application server
(host). As in the diagram, the clients behind the M2M gateway can access to the host "Host-DC" located in
the control center through Site to Host VPN tunnel.
Host to Site: On the contrast, for a single host (or mobile user to) to access the resources located in an
intranet, the Host to Site scenario can be applied.
Host to Host: Host to Host is a special configuration for building a VPN tunnel between two single hosts.
Site to Site with "Full Tunnel" enabled
In "Site to Site" scenario, client hosts in remote
site can access the enterprise resources in the
Intranet of HQ gateway via an established IPSec
tunnel, as described above. However, Internet
access originates from remote site still go through
its regular WAN connection. If you want all
packets from remote site to be routed via this
IPSec tunnel, including HQ server access and
Internet access, you can just enable the “Full
Tunnel" setting. As a result, every time users surfs
web or searching data on Internet, checking
personal emails, or HQ server access, all traffics
will go through the secure IPSec tunnel and route
by the Security Gateway in control center.
Site to Site with "Hub and Spoke" mechanism
For a control center to manage the secure
Intranet among all its remote sites, there is
a simple configuration, called Hub and Spoke, for
the whole VPN network. A Hub and Spoke VPN
Network is set up in organizations with centralized
control center over all its remote sites, like shops
or offices. The control center acts as the Hub role
and the remote shops or Offices act as Spokes. All
VPN tunnels from a remote sites terminate at this
Hub, which acts as a concentrator. Site-to-site
connections between spokes do not exist. Traffic
originating from one spoke and destined for
another spoke has to go via the Hub. Under such
configuration, you don’t need to maintain VPN
tunnels between each two remote clients.
To Next Page
Loading...
