How do I securely transmit data between a site-to-site IPSec VPN and a third-party network using a route-based VPN in QuWAN Orchestrator?
Applicable Products
- QuRouter version 2.4.0 or later versions
- QuWAN Orchestrator
Scenario
If you plan to adopt QuWAN, QNAP’s SD-WAN solution, while retaining your existing network infrastructure, it is recommended to configure a route-based VPN to establish a site-to-site IPSec VPN tunnel. This setup ensures secure communication between networks and provides control over traffic forwarding across multiple networks.
This tutorial guides you through integrating QuWAN with your current network architecture while minimizing risks and disruptions to your existing framework.
Role of route-based VPN
A route-based VPN is a type of VPN that uses a virtual tunnel interface (VTI) to forward traffic between two networks. Unlike policy-based VPNs, which rely on access control lists (ACLs) or security policies to determine which traffic is encrypted, a route-based VPN dynamically routes traffic based on the system’s routing table.
This approach enables secure data routing between an existing IPSec VPN tunnel and external networks while maintaining traffic control and encryption. It also supports traffic segmentation by allowing you to define specific routes for transmitting data between different network endpoints. To configure route-based VPN in QuWAN Orchestrator, see Route-based VPN settings in the QuWAN and QuWAN Orchestrator Web Help.
Understanding VPN and IPSec VPN
A VPN (Virtual Private Network) establishes a secure and encrypted connection over an untrusted network, such as the internet, to ensure secure communication between remote sites or users. VPNs are essential for protecting sensitive data in transit and ensuring secure connectivity between different network locations.
An IPSec VPN (Internet Protocol Security VPN) is a specific type of VPN that uses IPSec protocols to provide secure encryption and authentication for network traffic. IPSec VPNs are commonly used for site-to-site communication, ensuring that data transmitted between different network locations remains confidential and tamper-proof.
In this scenario, the IPSec VPN serves as the secure transport mechanism between your primary site and a remote network. However, when integrating a third-party network, you need a route-based VPN to handle dynamic routing while maintaining end-to-end security.
This combination of IPSec VPN and route-based VPN ensures that data is securely transmitted, with controlled routing and encryption mechanisms in place to protect communication between your network and external entities.
Procedure
To configure an IPsec VPN between a QNAP site-to-site VPN and a third-party network, refer to the appropriate setup guide based on the brand of the remote network device:
