City Research Online

Abstract

Numerous businesses rely on site-to-site Virtual Private Networks (VPNs) to establish secure and reliable communication between geographically dispersed locations. VPNs extend local infrastructure over public networks by integrating authentication and encryption to protect data in transit. Among the various VPN protocols, Internet Protocol Security (IPsec) is one of the most widely adopted, providing robust security through methods such as confidentiality, integrity, and authentication. Cisco Adaptive Security Appliance (ASA) is a common hardware solution for implementing IPsec VPNs. In modern business environments, ensuring minimal downtime and rapid failover after a VPN link failure is critical, as disruptions can significantly impact operational performance. This research focuses on evaluating the convergence time of Site-to-Site VPNs across two carrier networks by analyzing different IPsec parameters. Through simulations on Cisco ASA, various cryptographic algorithms and hashing methods were tested to determine their impact on failover times. Using CML (Cisco Modeling Lab) and Wireshark for simulation and analysis, the study reveals that AES encryption with lower hashing complexity leads to faster failover times. The findings highlight an inverse relationship between security levels and failover performance, underscoring the trade-offs between security and availability in IPsec VPN deployments.

Publication Type:	Conference or Workshop Item (Paper)
Additional Information:	© IEEE Cyber Science and Technology 2025. All rights reserved.
Publisher Keywords:	IPSEC, Site to Site VPN, ASA, Convergence time, Optimal failover time
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology School of Science & Technology > Department of Computer Science
SWORD Depositor:	Symplectic Administrator

Export

Downloads