Design and Implementation of a Secure WAN Using Site-to-Site VPN: A Practical Comparison with MPLS

Samia Bilhaj; Nuredin Ahmed; Abdulrahman Ashtawi

doi:10.54361/ajmas.269109

Authors

Samia Bilhaj Department of Computer Engineering, Libya Academy for Graduate Studies, Tripoli, Libya https://orcid.org/0009-0001-0654-7264
Nuredin Ahmed Department of Computer Engineering, University of Tripoli, Tripoli, Libya https://orcid.org/0000-0001-8059-4547
Abdulrahman Ashtawi Libyan Authority for Scientific Research, Tripoli, Libya https://orcid.org/0000-0003-4956-7975

DOI:

https://doi.org/10.54361/ajmas.269109

Keywords:

IPsec VPN, Network Security, Route Summarization, WAN Connectivity, OSPF, MPLS

Abstract

This study presents a technical implementation and comparative analysis of a multi-site Wide Area Network (WAN) architecture connecting a central Headquarters (HQ) in Tripoli to three remote Branch Offices. The network was modeled and validated using Cisco Packet Tracer, utilizing Open Shortest Path First (OSPF) with route summarization for dynamic routing and a Site-to-Site IPsec VPN for secure transport. Verification tests confirmed successful OSPF convergence and full end-to-end connectivity across all sites. A comparative analysis against traditional MPLS technology demonstrated that the IPsec VPN solution offers substantial cost-effectiveness by leveraging existing public internet infrastructure and eliminating the requirement for expensive dedicated leased circuits. Furthermore, performance testing revealed that the security overhead of the IPsec tunnel resulted in a manageable 153% increase in latency (from a baseline of 1.5 ms to 3.8 ms), which remains well within the acceptable threshold for enterprise applications. The findings validate that the IPsec VPN architecture provides a superior balance of economic viability and end-to-end data confidentiality, establishing it as an optimal choice for modern, budget-conscious multi-site enterprise connectivity.