— By monitoring the exchanged IPsec traffic an adversary can usually easily discover the layout of virtual private networks (VPNs). Of even worse extend is the disclosure if compromised IPsec gateways are considered, for example in remote environments. This revelation enables attackers to identify vital components and may allow him to compromise the availability of the overall infrastructure by launching well-targeted denial-of-service (DoS) attacks against them. In this article we present a formal model to analyze the resilience of VPN infrastructures against DoS attacks, to estimate the impact of compromised gateways, and to formalize the planning process of more resilient infrastructures.