Encryption Domains

Here are examples of ways to set up the architecture of an encryption domain.

Scenario 1: Dedicated Encryption Domain

Component

Connects To

Gateway of Site 1

  • Gateway of Site 2 in Site-to-Site VPN

  • Remote Access Clients, as their VPN gateway

Gateway of Site 2

Gateway of Site 1 in Site-to-Site VPN

Servers in Remote Access Encryption Domain

Servers in Encryption Domain of Site 2

Servers in Remote Access Encryption Domain

Servers in Encryption Domain of Site 1

Remote Access Clients

  • Gateway of Site 1 through encrypted VPN

  • Permitted servers (3)

  • Note - cannot connect to denied servers (4)

Scenario 2: Access to External Encryption Domain

Component

Connects To

Gateway of Site 1

  • Gateway of Site 2 in Site-to-Site VPN

  • Remote Access Clients, as their VPN gateway

  • Relays clients to servers in other site's encryption domain (4) through VPN

Gateway of Site 2

Gateway of Site 1 in Site-to-Site VPN

Servers in Remote Access Encryption Domain

Servers in Encryption Domain of Site 2

Servers in Remote Access Encryption Domain

Servers in Encryption Domain of Site 1

Remote Access Clients

  • Gateway of Site 1 through encrypted VPN

  • Permitted servers (3 and 4)

Note - Clients can reach servers of two sites with one authentication session, and their activity in both sites is logged