-
1. Re: types of VPN
Paul Stewart - CCIE Security Nov 10, 2010 1:08 PM (in response to samsecure09)We sort of have two main categories of VPN. 1) Lan to Lan (aka Site to Site) and 2) Remote access. With lan to lan VPN's, there is some device (router, firewall, concentrator) that terminates bot ends of the connection. With Remote access, there is a piece of software installed on a PC/Laptop on one end and the other end would be terminated into a router, firewall or concentrator.
Within each of those two broad categories, there are many technologies that we use to achieve security and access accross a public network. This is where you get into some crazy acronyms like ISAKMP, IPSEC, AH, ESP, SSL, DTLS, DH, RSA etc, as well as EZ VPN. So I could probably spend the rest of the day going into details of each of those, so let me know where you still have confusion.
Regarding main mode, vs aggressive mode. Main mode is preferred. Most equipment will attempt main mode first. There are exceptions. One of these exceptions is when using EZ VPN (typically from a Remote Access solution) with pre shared keys. Since the group name is necessary to authenticate against the preshared key, we need to send the IKE ID earlier on in the setup. So if you allow remote users to connect with the Cisco VPN client using a preshared key, if you disallow aggressive mode, the connections will fail.
Beyond that, the most important thing is that the technologies on both ends agree on what will be used. Post back and let me know which areas that you need more discussion with.
-
2. Re: types of VPN
Kingsley - CCSP/CCIP/ CCNP/CCIE Security Nov 10, 2010 10:02 PM (in response to samsecure09)Deployment classification
- Site to Site VPN
- Remote VPN
Classification based on OSI layers
- Layer 4/7 VPN - WebVPN
- Layer 3 VPN - IPSec, GREoIPSec
- Layer 2 VPN - L2TP, PPTP, MPPE
Classification based on trust level
- Intranet VPN
- Extranet VPN
- Remote VPN
Customer point of view classifications
1. Traditonal VPN
- Frame-relay (L2 VPN)
- ATM VPN (L2 VPN)
2. CPE based VPN
- L2TP and PPTP (Layer 2 VPN)
- IPSec VPN (Layer 3 VPN)
3. Provider Provisioned VPN
- BGP/MPLS (L2/L3 VPN)
4. Session based VPN
- SSLVPN/WebVPN (L4/L7 VPN)
With regards
Kings
- Site to Site VPN
-
3. Re: types of VPN
TcpIp Apr 27, 2012 6:52 AM (in response to Kingsley - CCSP/CCIP/ CCNP/CCIE Security)For all the vpn typs that you have explained, what will be a got book to read.
thanks
-
4. Re: types of VPN
just plain old Kev Apr 27, 2012 1:21 PM (in response to TcpIp)1) CCNA security course booklet, 1.1 (currently available at amazon) is your best intro. and covers new blueprint.
2) Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide (2nd Edition) by Catherine Paquet, [Hardcover] available in Sept. (or get 1st editon 640-553 for current security exam)
3) CCNA Security 640-554 Official Cert Guide [Hardcover] available July 16) by Keith Barker, Scott Morris , Kevin Wallace , Michael Watkins
-
5. Re: types of VPN
Richy165 Apr 27, 2012 6:55 PM (in response to just plain old Kev)Hi Tcpip,
I'd also suggest reading either the All in one ASA handbook, which covers this little lot or CCNP SECURITY VPN for site-to-site, EZVPN, WebVPN, SSL and Anyconnect goodness.
Both are with respect to ASA's, however protocols don't change, just the config steps and licensing.
For MPLS work, there is probably some great cisco books however I've got the O'Reilly book for IOS and find it quite useful from time to time!
Cheers,
Rich
-
6. Re: types of VPN
mohammed Nov 16, 2013 5:03 AM (in response to samsecure09)there is also VPN based on Security level
1- Secure VPN
2- Trusted VPN
3- hybrid VPN
regards,