IPsec UDP Mode in Aruba EdgeConnect White Paper

This white paper discusses the implementation of IPsec UDP mode within the Aruba EdgeConnect platform, addressing the challenges associated with traditional IKE-based IPsec in SD-WAN environments. It outlines the complexities of managing site-to-site VPNs, particularly in full mesh topologies, where the number of required tunnels can lead to operational inefficiencies. The paper explains how IPsec UDP mode, also known as 'IKE-less' mode, provides a scalable and secure solution by utilizing end-to-end IPsec VPN tunnels without the need for IKE. It details the advantages of this mode, including its ability to traverse NAT environments, mitigate carrier rate limiting, and enhance security against stolen devices through effective key management. Additionally, the document highlights the role of the Aruba Orchestrator in managing authentication and key distribution, ensuring that only authorized appliances are admitted into the network. The paper concludes with a comparison of traditional IPsec methods and the benefits of adopting IPsec UDP mode for modern SD-WAN deployments.