6 Replies Latest reply: Nov 16, 2013 5:03 AM by mohammed RSS

    types of VPN

    samsecure09
    samsecure09 Nov 10, 2010 8:46 AM

      what r the different types of VPN and their sub categries....in different books differnet classification is done....what s the correct wrt CISCO ?

       

       

       

      what the default mode in VPN ..is it main mode or aggresive mode...plz elaborate wrt to types of VPN ??

        • 1. Re: types of VPN
          Paul Stewart - CCIE Security
          Paul Stewart - CCIE Security Nov 10, 2010 1:08 PM (in response to samsecure09)

          We sort of have two main categories of VPN.  1) Lan to Lan (aka Site to Site) and 2) Remote access.  With lan to lan VPN's, there is some device (router, firewall, concentrator) that terminates bot ends of the connection.  With Remote access, there is a piece of software installed on a PC/Laptop on one end and the other end would be terminated into a router, firewall or concentrator.

           

          Within each of those two broad categories, there are many technologies that we use to achieve security and access accross a public network.  This is where you get into some crazy acronyms like ISAKMP, IPSEC, AH, ESP, SSL, DTLS, DH, RSA etc, as well as EZ VPN.  So I could probably spend the rest of the day going into details of each of those, so let me know where you still have confusion.

           

          Regarding main mode, vs aggressive mode.  Main mode is preferred.  Most equipment will attempt main mode first.  There are exceptions.  One of these exceptions is when using EZ VPN (typically from a Remote Access solution) with pre shared keys.  Since the group name is necessary to authenticate against the preshared key, we need to send the IKE ID earlier on in the setup.  So if you allow remote users to connect with the Cisco VPN client using a preshared key, if you disallow aggressive mode, the connections will fail.

           

          Beyond that, the most important thing is that the technologies on both ends agree on what will be used.  Post back and let me know which areas that you need more discussion with.

          • 2. Re: types of VPN
            Kingsley - CCSP/CCIP/ CCNP/CCIE Security
            Kingsley - CCSP/CCIP/ CCNP/CCIE Security Nov 10, 2010 10:02 PM (in response to samsecure09)

            Deployment classification

             

            1. Site to Site VPN
            2. Remote VPN

             

            Classification based on OSI layers

             

            1. Layer 4/7 VPN - WebVPN
            2. Layer 3 VPN - IPSec, GREoIPSec
            3. Layer 2 VPN - L2TP, PPTP, MPPE

             

            Classification based on trust level

             

            1. Intranet VPN
            2. Extranet VPN
            3. Remote VPN

             

            Customer point of view classifications

             

            1.   Traditonal VPN

             

            • Frame-relay (L2 VPN)
            • ATM VPN (L2 VPN)

             

            2.   CPE based VPN

             

            • L2TP and PPTP (Layer 2 VPN)
            • IPSec VPN (Layer 3 VPN)

             

            3.  Provider Provisioned VPN

             

            • BGP/MPLS (L2/L3 VPN)

             

            4.  Session based VPN

             

            • SSLVPN/WebVPN (L4/L7 VPN)

             

             

             

             

            With regards

            Kings

            • 3. Re: types of VPN
              TcpIp
              TcpIp Apr 27, 2012 6:52 AM (in response to Kingsley - CCSP/CCIP/ CCNP/CCIE Security)

              For all the vpn typs that you have explained, what will be a got book to read.

               

              thanks

              • 4. Re: types of VPN
                just plain old Kev
                just plain old Kev Apr 27, 2012 1:21 PM (in response to TcpIp)

                1) CCNA security course booklet, 1.1 (currently available at amazon) is your best intro. and covers new blueprint.

                 

                2) Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide (2nd Edition) by Catherine Paquet, [Hardcover] available in Sept. (or get 1st editon 640-553 for current security exam)

                 

                3) CCNA Security 640-554 Official Cert Guide [Hardcover] available July 16) by Keith Barker, Scott Morris , Kevin Wallace , Michael Watkins

                • 5. Re: types of VPN
                  Richy165
                  Richy165 Apr 27, 2012 6:55 PM (in response to just plain old Kev)

                  Hi Tcpip,

                   

                  I'd also suggest reading either the All in one ASA handbook, which covers this little lot or CCNP SECURITY VPN for site-to-site, EZVPN, WebVPN, SSL and Anyconnect goodness.

                   

                  Both are with respect to ASA's, however protocols don't change, just the config steps and licensing.

                   

                  For MPLS work, there is probably some great cisco books however I've got the O'Reilly book for IOS and find it quite useful from time to time!

                   

                  Cheers,

                   

                  Rich

                  • 6. Re: types of VPN
                    mohammed
                    mohammed Nov 16, 2013 5:03 AM (in response to samsecure09)

                    there is also VPN based on Security level

                     

                    1- Secure VPN

                    2- Trusted VPN

                    3- hybrid VPN

                     

                     

                    regards,