Types of site-to-site VPN topologies

This table provides an overview of the different site-to-site VPN topology options available for secure network connectivity configuration.


Site-to-Site VPN Topology	Description	More Information
SD-WAN Topology	Configure a secure branch network using the SD-WAN wizard. This wizard simplifies and automates VPN and routing configuration of your network using a hub and spoke topology, enabling SD-WAN capabilities.	SD-WAN wizard for secure branch network deployment
Route-Based VPN	Configure secure traffic dynamically between peers in a network based on routing over Virtual Tunnel Interfaces (VTIs).	Create a route-based site-to-site VPN
Policy-Based VPN	Configure secure traffic between peers in a network based on a static policy using protected networks.	Configure a policy-based site-to-site VPN
SASE Topology	Configure an IPsec IKEv2 tunnel from a Firewall Threat Defense device to Secure Access or an Umbrella Secure Internet Gateway (SIG). This tunnel forwards all internet-bound traffic to Secure Access or Umbrella SIG for inspection and filtering.	Secure traffic using Cisco Secure Access and Firewall Threat Defense devices Configure a SASE tunnel for Umbrella