Globalization is the order of the day. Linking globally dispersed corporate offices and securing the data transferred between them is a critical activity. Virtual Private Network (VPN) is a viable and low cost option. VPN is cost effective as the Internet is its backbone. In addition to security, corporate needs uninterrupted and guaranteed service. Internet Protocol Security (IPSec) VPN can live up to their expectations by having reserved bandwidth. IPSec VPN provides confidentiality, availability and integrity. However it does not protect the network from spoofed packet attacks. These attacks target the bandwidth allocated to VPN and degrade the performance of the VPN. Bandwidth Flooding attack on VPN represents a major threat. In this paper we focus on making the reserved bandwidth available fully to the legitimate VPN users. Source end protection architecture is proposed to maximize the utilization of the reserved bandwidth by protecting VPN sites from insider and outsider attacks. The protection from insider attack is based on a probability based rate limiting model. The protection from outsider attack is based on an Access Token Embedded Encapsulating Security Payload (ATEESP) header. We analyze the effectiveness of our proposed architecture through simulation. © 2020