Cisco offers many different types of IPSec VPN solutions.
Site to Site IPSec VPN
A site to site IPSec virtual private network is the most flexible VPN with support for multiple vendors. They can be difficult to scale and manage in larger networks. It has support for private IP addressing and stateless failover. The VPN is a tunnelled IPSec connection between two hosts.
Cisco DMVPN
A Cisco dynamic multipoint virtual private network simplifies a scalable hub and spoke VPN with the addition of support for spoke to spoke communication. Next Hop Resolution Protocol with a combination of multipoint GRE tunnels establish connectivity between sites. Private IP addressing is supported and can utilise routing to implement high availability between spokes and hubs. It utilises a tunnelled IPSec connection to establish connectivity.
Cisco GET-VPN
Cisco Group Encrypted Transport (GET) creates a tunnelled-less IPSec VPN. It utilises the original IP header for the virtual private network rather than encapsulating another layer inside of the header. It requires the use of GRE or DMVPN with Cisco GET-VPN support to work and is ideally used on a Private WAN/MPLS. By encrypting the traffic over a private link Cisco GET-VPN helps organisations to reach regulatory law compliance in the Heath Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard (PCI DSS), and the Gramm-Leach-Biley Act (GLBA)
FlexVPN
FlexVPN is Ciscos implementation of the IKEv2 standard. It features a unified VPN solution that combines sites-to-site, remote access, hub and spoke and partial mesh topologies. It offers a simple modular framework that extensively uses virtual access interfaces but remains compatible with legacy VPN configurations with crypto maps.
Remote Access VPN
A remote VPN allows users to dial in remotely to an enterprise network. It is a feature on FlexVPN and ASA-5500-X/FirePOWER firewalls.
Leave a Reply