Skip navigation
Login   |   Register
Cisco Learning Home > CCIE Security Study Group > Discussions
32485 Views 6 Replies Latest reply: Nov 16, 2013 5:03 AM by mohammed RSS

Currently Being Moderated

types of VPN

Nov 10, 2010 8:46 AM

samsecure09 37 posts since
Feb 24, 2010

what r the different types of VPN and their sub different books differnet classification is done....what s the correct wrt CISCO ?




what the default mode in VPN it main mode or aggresive mode...plz elaborate wrt to types of VPN ??

  • Paul Stewart  -  CCIE Security 7,570 posts since
    Jul 18, 2008
    Currently Being Moderated
    1. Nov 10, 2010 1:08 PM (in response to samsecure09)
    Re: types of VPN

    We sort of have two main categories of VPN.  1) Lan to Lan (aka Site to Site) and 2) Remote access.  With lan to lan VPN's, there is some device (router, firewall, concentrator) that terminates bot ends of the connection.  With Remote access, there is a piece of software installed on a PC/Laptop on one end and the other end would be terminated into a router, firewall or concentrator.


    Within each of those two broad categories, there are many technologies that we use to achieve security and access accross a public network.  This is where you get into some crazy acronyms like ISAKMP, IPSEC, AH, ESP, SSL, DTLS, DH, RSA etc, as well as EZ VPN.  So I could probably spend the rest of the day going into details of each of those, so let me know where you still have confusion.


    Regarding main mode, vs aggressive mode.  Main mode is preferred.  Most equipment will attempt main mode first.  There are exceptions.  One of these exceptions is when using EZ VPN (typically from a Remote Access solution) with pre shared keys.  Since the group name is necessary to authenticate against the preshared key, we need to send the IKE ID earlier on in the setup.  So if you allow remote users to connect with the Cisco VPN client using a preshared key, if you disallow aggressive mode, the connections will fail.


    Beyond that, the most important thing is that the technologies on both ends agree on what will be used.  Post back and let me know which areas that you need more discussion with.

    Join this discussion now: Login / Register
  • Currently Being Moderated
    2. Nov 10, 2010 10:02 PM (in response to samsecure09)
    Re: types of VPN

    Deployment classification


    1. Site to Site VPN
    2. Remote VPN


    Classification based on OSI layers


    1. Layer 4/7 VPN - WebVPN
    2. Layer 3 VPN - IPSec, GREoIPSec
    3. Layer 2 VPN - L2TP, PPTP, MPPE


    Classification based on trust level


    1. Intranet VPN
    2. Extranet VPN
    3. Remote VPN


    Customer point of view classifications


    1.   Traditonal VPN


    • Frame-relay (L2 VPN)
    • ATM VPN (L2 VPN)


    2.   CPE based VPN


    • L2TP and PPTP (Layer 2 VPN)
    • IPSec VPN (Layer 3 VPN)


    3.  Provider Provisioned VPN


    • BGP/MPLS (L2/L3 VPN)


    4.  Session based VPN


    • SSLVPN/WebVPN (L4/L7 VPN)





    With regards


    Join this discussion now: Login / Register
  • TcpIp 364 posts since
    May 4, 2011
    Currently Being Moderated
    Re: types of VPN

    For all the vpn typs that you have explained, what will be a got book to read.



    Join this discussion now: Login / Register
  • Currently Being Moderated
    4. Apr 27, 2012 1:21 PM (in response to TcpIp)
    Re: types of VPN

    1) CCNA security course booklet, 1.1 (currently available at amazon) is your best intro. and covers new blueprint.


    2) Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide (2nd Edition) by Catherine Paquet, [Hardcover] available in Sept. (or get 1st editon 640-553 for current security exam)


    3) CCNA Security 640-554 Official Cert Guide [Hardcover] available July 16) by Keith Barker, Scott Morris , Kevin Wallace , Michael Watkins

    Join this discussion now: Login / Register
  • Richy165 27 posts since
    Jul 24, 2009
    Currently Being Moderated
    5. Apr 27, 2012 6:55 PM (in response to just plain old Kev)
    Re: types of VPN

    Hi Tcpip,


    I'd also suggest reading either the All in one ASA handbook, which covers this little lot or CCNP SECURITY VPN for site-to-site, EZVPN, WebVPN, SSL and Anyconnect goodness.


    Both are with respect to ASA's, however protocols don't change, just the config steps and licensing.


    For MPLS work, there is probably some great cisco books however I've got the O'Reilly book for IOS and find it quite useful from time to time!





    Join this discussion now: Login / Register
  • mohammed 307 posts since
    Jun 27, 2013
    Currently Being Moderated
    6. Nov 16, 2013 5:03 AM (in response to samsecure09)
    Re: types of VPN

    there is also VPN based on Security level


    1- Secure VPN

    2- Trusted VPN

    3- hybrid VPN




    Join this discussion now: Login / Register


More Like This

  • Retrieving data ...

Bookmarked By (2)