Oracle Exam 1Z0-1072-22 Topic 7 Question 25 Discussion

VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

On general, IPSec can be configured in the following modes:

Transport mode:IPSec encrypts and authenticates only the actual payload of the packet, and the header information stays intact.

Tunnel mode (supported by Oracle):IPSec encrypts and authenticates the entire packet. After encryption, the packet is then encapsulated to form a new IP packet that has different header information.

Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs.

Each Oracle IPSec VPN consists of multiple redundant IPSec tunnels. For a given tunnel, you can use either Border Gateway Protocol (BGP)dynamic routingorstatic routingto route that tunnel's traffic. More details about routing follow.

IPSec VPN site-to-site tunnels offer the following advantages:

Public internet lines are used to transmit data, so dedicated, expensive lease lines from one site to another aren't necessary.

The internal IP addresses of the participating networks and nodes are hidden from external users.

The entire communication between the source and destination sites is encrypted, significantly lowering the chances of information theft.