# IPSec Peering Cloudbrink's IPSec Peering feature allows administrators to connect remote users to their existing IPSec infrastructure which can be a datacenter or branch IPSec gateway, an SD-WAN cloud gateway or branch edge appliance. Administrators can deploy Cloudbrink for remote users and take advantage of the application performance and zero-trust security capabilities without any change to their existing networking infrastructure and still provide access to the applications in these networks. ### Overview Organizations need to provide a high-performance zero-trust access solution to remote users because user productivity is significantly impacted if the applications are responding slowly. Cloudbrink can improve the application performance by overcoming the last-mile networking challenges (eg: unreliable networks in hotel, airport, shared home WiFi) and providing best user experience. Administrators want to deploy Cloudbrink for remote users but also want to ensure that this deployment is smooth and doesn’t require major changes to their existing networking infrastructure inside their on-prem datacenter or branches. With the Cloudbrink IPSec Peering feature, customers can terminate their remote user connections via Cloudbrink on to their existing IPSec solution that is already deployed inside their datacenters or branches. With this feature, customers can benefit from Cloudbrink application performance improvements, zero-trust security for remote users and with no changes to their existing networking infrastructure. #### Sample topologies for IPSec Peering Deployments

#### Configuration 1. Configure the enterprise-services that represent the networks behind the IPSec Gateway(s) that users need access to.

\
2. Create a new IPSec Gateway by providing the peer IPSec gateway public IP address(es), primary/ secondary details, cipher suites to be used for IKE and IPSec, DNS and enterprise-services info (created in step-1). Configure > Resources > IPSec Gateways a. Peer Connections Configure > Resources > Enterprise-Services

b. Tunnel Parameters

c. DNS server

d. User IP Management

e. Enterprise-services

3. Create a new resource-template with the set of applications (application-services and enterprise-services) that will be enabled to remote users. Configure > Resources > Resource Templates

4. Assign the resource-template to the appropriate device-user-groups. Configure > Device User Groups > Device User Group Policies

\ 5\. At this stage, the Cloudbrink endpoints on the IPSec Gateways need to be configured. Administrators need to contact Cloudbrink support team to get the public IP information of the Cloudbrink IPSec endpoints. IPSec requires configuration on both sides to create the IPSec tunnels. With the above configuration, remote users belong to “VPN\_ODBT” device-user-group can access all subnets defined under “IPSec\_resource\_template” via the IPSec gateways defined under “IPSec\_endpoint\_DC1”. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudbrink.com/configuration/ipsec-peering.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.