IPsec VPN is a common method for enabling private communication over the Internet. IPsec supports a similar client server architecture as SSL VPN. However, to support a client server architecture, IPsec clients must install and configure an IPsec VPN client (such as Fortinet’s FortiClient Endpoint Security) on their PCs or mobile devices. IPsec client configurations can be cryptic and complex, usually making SSL VPN more convenient for users with little networking knowledge. However IPsec VPN supports more configurations than SS L VPN. A common application of IPsec VPN is for a gateway to gateway configuration that allows users to transparently communicate between remote networks over the Internet. When a user on one network starts a communication session with a server on the other network, a security policy configured for IPsec VPN intercepts the communication session and uses an associated IPsec configuration to both encrypt the session for privacy but also transparently route the session over the Internet to the remote network. At the remote network the encrypted communication session is intercepted and decrypted by the IPsec gateway at the remote network and the unencrypted traffic is forwarded to the server. Responses from the server than pass back over the encrypted tunnel to the client. L VPN. A common application of IPsec VPN is for a gateway to gateway configuration that allows users to transparently communicate between remote networks over the Internet. When a user on one network starts a communication session with a server on the other network, a security policy configured for IPsec VPN intercepts the communication session and uses an associated IPsec configuration to both encrypt the session for privacy but also transparently route the session over the Internet to the remote network. At the remote network the encrypted communication session is intercepted and decrypted by the IPsec gateway at the remote network and the unencrypted traffic is forwarded to the server. Responses from the server than pass back over the encrypted tunnel to the client.