Cisco IPsec VPN Solutions Overview

A Virtual Private Network (VPN) connection enables private networks to communicate securely with one another over an untrusted network such as the Internet. The IPsec protocol framework encrypts the IP traffic before the IP packets are transmitted from the source to the destination. The different IPsec VPN security solutions include the following:

  1. Site-to-Site IPsec VPN

Site-to-Site or LAN-to-LAN IPsec VPN tunnels provide the most versatile solution for site-to-site and remote network connectivity and encryption since they permit multivendor interoperability. They are, however, extremely challenging to manage in big networks.


  1. Cisco Dynamic Multipoint VPN (DMVPN)

DMVPN simplifies hub-and-spoke and spoke-to-spoke VPN tunnel configuration, which is achieved through the use of multipoint GRE (mGRE) tunnels, Internet Protocol Security (IPsec) protocols, and the Next Hop Resolution Protocol (NHRP). It also provides low-scale and on-demand meshing.


  1. Cisco Group Encrypted Transport (GET) VPN

GET VPN is utilized by enterprises to create any-to-any tunnel-less VPN connectivity using the original IP header over service provider MPLS networks or private WANs. It performs this without interfering with existing MPLS and private WAN network services.

Furthermore, simplified encryption over private networks using group keying meets regulatory compliance guidelines. It also provides scalable, full-time meshing for IPsec VPNs and allows smaller routers to participate in meshed networks.


  1. Cisco FlexVPN

FlexVPN is Cisco’s Internet Key Exchange v2 (IKEv2) implementation, with a unified VPN solution that integrates site-to-site, remote access, hub-and-spoke topologies, and partial spoke-to-spoke meshes. FlexVPN supports all types of VPN, and it also provides a basic yet modular framework that heavily relies on virtual access interfaces while being compatible with legacy VPN solutions using crypto maps.


  1. Remote VPN Access

Remote VPN access enables remote users to securely connect to a corporate network through IPsec tunnels. It is supported on IOS with FlexVPN and on the ASA 5500-X and FirePOWER firewalls.


IPsec VPN Solutions Features

The different IPsec VPN security solutions and their features and benefits are listed below:

Features and Benefits Site-to-Site IPsec VPN DMVPN GET-VPN FlexVPN Remote Access VPN 
Product InteroperabilityMultivendorCiscoCiscoCiscoCisco
Key ExchangeIKEv1 and IKEv2IKEv1 and IKEv2 (optional)IKEv1 and IKEv2IKEv2TLS/DTLS and IKEv2
ScaleLowHub-and-Spoke: Thousands

Spoke-to-Spoke Partial Mesh: Hundreds


Small-Scale Meshing


On-Demand Spoke-to-Spoke Partial Mesh

Automatically terminated if no traffic





Remote Access

Remote Access
RoutingNot supportedSupportedSupportedSupportedNot supported
Quality of Service (QoS)SupportedSupportedSupportedNative supportSupported
MulticastNot supportedTunneledMPLS/Private IP Networks: Natively SupportedTunneledNot supported
Non-IP ProtocolsNot supportedNot supportedNot supportedNot supportedNot supported
Private IP AddressingSupportedSupportedRequires GRE or DMVPNSupportedSupported
High AvailabilityStateless FailoverRoutingRoutingRouting IKEv2-Based Dynamic Route Distribution

Server Clustering

Not Supported
EncapsulationTunneled IPsecTunneled IPsecTunnel-less IPsecTunneled IPsecTunneled IPsec/TLS
Transport NetworkAnyAnyPrivate WAN/MPLSAnyAny

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: