Site-to-Site VPN Tunnel Connection
A site-to-site VPN tunnel connects networks in different geographic locations. You can create site-to-site IPsec connections between two different Multicloud Defense Gateways or between a Multicloud Defense Gateway and a cloud service provider that complies with all relevant standards. After the VPN connection is established, the hosts behind the local gateway can connect to the hosts behind the remote gateway through the secure VPN tunnel.
Typically, the dynamic peer must be the one that initiates the connection as the other peer would not know the IP address of the dynamic peer. When the remote peer attempts to establish the connection, the other peer validates the connection using the preshared key, IKE settings, and IPsec configurations.
Because the VPN connection is established only after the remote peer initiates the connection, any outbound traffic that matches access control rules that allow traffic in the VPN tunnel will be dropped until that connection is established. This ensures that data does not leave your network without the appropriate encryption and VPN protection.
At this time, Multicloud Defense supports site-to-site VPN tunnel connections with the following platforms or products:
-
AWS
-
Azure
-
GCP
-
ASA device
-
FTD device
-
Extranet or a third party firewall