Tunnels are the actual remote-to-local subnet definitions you configure for the IPsec Endpoints.
For example, a tunnel definition would be associated with an IPsec endpoint and would allow some local subnet (e.g. Overlay or unencrypted VPC VLAN) to connect to a remote subnet (e.g. your data center subnet, partner subnet, customer subnet).
In the diagram, the Data Center in Seattle can connect to both the VNS3 Controller public IP or the Overlay IP in the AWS Cloud.
Watch a visual guide for IPsec tunnels, endpoints, and cloud configurations.
Watch the video on YouTube: https://youtu.be/ms5u2e7Mmxo
Next, watch CEO Patrick Kerpan walk through IPsec basics to create and manage IPsec based tunnels in your virtual network.
Watch the video on YouTube: https://www.youtube.com/watch?v=E2z2TpkeFqM