IPsec tunneling provides a site-to-site connection when building aCE-based IPsec VPN. In a large scale VPN deployment, especially whena service provider manages a large number VPNs, there is a need tomanage IPsec tunnels on a group basis, instead of on a tunnel basis.This document describes the definition of a VPN group, itsattributes, and usage of VPN group when managing IPsec tunnels. Bygrouping IPsec tunnels and sites into an IPsec VPN group, serviceproviders can design, provision, and manage the IPsec-based CE VPNat both group level and tunnel/site level. This gives serviceproviders more flexibility and provides more aggregation capabilityto reduce operation complexity.
展开▼