Designing Secure and Scalable end-to-end Private Network Connections between sites via Overlay Tunnels

Today, a secure and scalable end-to-end private network connection between head office and branches is a fundamental requirement of modern-day businesses. There are multiple solutions available, but this research will focus on the wide availability of the technology in most areas. Internet is standard network connectivity that links different branches from a different location to the business headquarter. The widespread availability of the Internet and the compatibility of the Overlay tunnels make a cost-effective solution to connect businesses. The study location is an advertising firm in the Philippines, classified as a small-to-medium-sized enterprise that requires network architecture enhancements. The critical demand is to connect three remote offices with the headquarters office for more protected file and application sharing. The remote users or employees accessing the resources anytime and anywhere should also be considered. The study will use the Generic Routing Encapsulation (GRE) and the Internet Protocol Security (IPSec) as overlay tunnels to implement interconnectivity between sites at remote locations.

Furthermore, in light of significant security breaches, the design will consider the use of new network security measures. The new network design enables secure file and application sharing through overlay tunnels between the headquarters and the other three provincial branches and remote users. Branch connectivity uses GRE over IPSEC tunnels, dynamic routing, and only authorized VPN connections to access HQ resources. The proposed network architecture operated successfully during the test validation (using ping, tracert, and traceroute utility commands). Finally, the suggested network design is secured from MAC address flooding, ping of death (DOS), and VPN snooping based on the vulnerability studies.