Cisco Cisco Firepower Management Center 4000
11-3
FireSIGHT System User Guide
Chapter 11 Using Gateway VPNs
Understanding VPN Deployments
See
for more information.
Understanding Star VPN Deployments
In a star VPN deployment, a central endpoint (hub node) establishes a secure connection with multiple
remote endpoints (leaf nodes). Each connection between the hub node and an individual leaf node is a
separate VPN tunnel. The hosts behind any of the leaf nodes can communicate with each other through
the hub node.
remote endpoints (leaf nodes). Each connection between the hub node and an individual leaf node is a
separate VPN tunnel. The hosts behind any of the leaf nodes can communicate with each other through
the hub node.
Star deployments commonly represent a VPN that connects an organization’s main and branch office
locations using secure connections over the Internet or other third-party network. Star VPN deployments
provide all employees with controlled access to the organization’s network.
locations using secure connections over the Internet or other third-party network. Star VPN deployments
provide all employees with controlled access to the organization’s network.
In a typical star deployment, the hub node is located at the main office. Leaf nodes are located at branch
offices and initiate most of the traffic. Each of the nodes must be a VPN-enabled managed device.
offices and initiate most of the traffic. Each of the nodes must be a VPN-enabled managed device.
Note that star deployments only support IKE version 2.
The following diagram displays a typical star VPN deployment.