The SBC supports two methods of peer authentication for each connection name entry in the connection table: digital certificate/PKI-based authentication, and pre-shared key. IPsec allows the branch office SBC to reside behind the corporate firewall by means of VPN tunneling. IPsec tunneling is also an enabling technology for the 3G/4G Branch Survivability feature.
The diagram depicts a VPN connection(IPsec tunnel) between the local and remote subnets as site-to-site tunneling on SBC gateways. Traffic between the trusted subnet networks is tunneled to fully encapsulate the packets on its way across an untrusted network, protected by both encryption and authentication.