A Virtual Private Network (VPN) connection enables private networks to communicate securely with one another over an untrusted network such as the Internet. The IPsec protocol framework encrypts the IP traffic before the IP packets are transmitted from the source to the destination. The different IPsec VPN security solutions include the following:
- Site-to-Site IPsec VPN
Site-to-Site or LAN-to-LAN IPsec VPN tunnels provide the most versatile solution for site-to-site and remote network connectivity and encryption since they permit multivendor interoperability. They are, however, extremely challenging to manage in big networks.
- Cisco Dynamic Multipoint VPN (DMVPN)
DMVPN simplifies hub-and-spoke and spoke-to-spoke VPN tunnel configuration, which is achieved through the use of multipoint GRE (mGRE) tunnels, Internet Protocol Security (IPsec) protocols, and the Next Hop Resolution Protocol (NHRP). It also provides low-scale and on-demand meshing.
- Cisco Group Encrypted Transport (GET) VPN
GET VPN is utilized by enterprises to create any-to-any tunnel-less VPN connectivity using the original IP header over service provider MPLS networks or private WANs. It performs this without interfering with existing MPLS and private WAN network services.
Furthermore, simplified encryption over private networks using group keying meets regulatory compliance guidelines. It also provides scalable, full-time meshing for IPsec VPNs and allows smaller routers to participate in meshed networks.
- Cisco FlexVPN
FlexVPN is Cisco’s Internet Key Exchange v2 (IKEv2) implementation, with a unified VPN solution that integrates site-to-site, remote access, hub-and-spoke topologies, and partial spoke-to-spoke meshes. FlexVPN supports all types of VPN, and it also provides a basic yet modular framework that heavily relies on virtual access interfaces while being compatible with legacy VPN solutions using crypto maps.
- Remote VPN Access
Remote VPN access enables remote users to securely connect to a corporate network through IPsec tunnels. It is supported on IOS with FlexVPN and on the ASA 5500-X and FirePOWER firewalls.
IPsec VPN Solutions Features
The different IPsec VPN security solutions and their features and benefits are listed below:
| Features and Benefits | Site-to-Site IPsec VPN | DMVPN | GET-VPN | FlexVPN | Remote Access VPN |
| Product Interoperability | Multivendor | Cisco | Cisco | Cisco | Cisco |
| Key Exchange | IKEv1 and IKEv2 | IKEv1 and IKEv2 (optional) | IKEv1 and IKEv2 | IKEv2 | TLS/DTLS and IKEv2 |
| Scale | Low | Hub-and-Spoke: Thousands Spoke-to-Spoke Partial Mesh: Hundreds | Thousands | Thousands | Thousands |
| Topology | Hub-and-Spoke Small-Scale Meshing | Hub-and-Spoke On-Demand Spoke-to-Spoke Partial Mesh Spoke-to-Spoke: | Hub-and-Spoke Any-to-Any | Hub-and-Spoke Any-to-Any Remote Access | Remote Access |
| Routing | Not supported | Supported | Supported | Supported | Not supported |
| Quality of Service (QoS) | Supported | Supported | Supported | Native support | Supported |
| Multicast | Not supported | Tunneled | MPLS/Private IP Networks: Natively Supported | Tunneled | Not supported |
| Non-IP Protocols | Not supported | Not supported | Not supported | Not supported | Not supported |
| Private IP Addressing | Supported | Supported | Requires GRE or DMVPN | Supported | Supported |
| High Availability | Stateless Failover | Routing | Routing | Routing IKEv2-Based Dynamic Route Distribution Server Clustering | Not Supported |
| Encapsulation | Tunneled IPsec | Tunneled IPsec | Tunnel-less IPsec | Tunneled IPsec | Tunneled IPsec/TLS |
| Transport Network | Any | Any | Private WAN/MPLS | Any | Any |
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
