The SBC supports two methods of peer authentication for each connection name entry in the connection table: digital certificate/PKI-based authentication, and pre-shared key. IPsec allows the branch office SBC to reside behind the corporate firewall by means of VPN tunneling. IPsec tunneling is also an enabling technology for the 3G/4G Branch Survivability feature.
Note: The IPsec feature is implemented as a means of establishing IPsec tunnels in support of the Branch Survivability feature. IPsec tunneling is NOT a stand-alone feature at this time.
The diagram depicts a VPN connection(IPsec tunnel) between the local and remote subnets as site-to-site tunneling on SBC gateways. Traffic between the trusted subnet networks is tunneled to fully encapsulate the packets on its way across an untrusted network, protected by both encryption and authentication.