1-3 - Traditional Layer 3 IP Overlay VPN Types

Question 1

What are the characteristics of this VPN type: GRE?

Answer 1

• point-to-point IP-over-IP tunnels are used
• scalability concerns as number of remote sites grows
• multiprotocol capable transport protocol (IPv4, IPv6, MPLS, and others)
• enables dynamic routing and multicast over the tunnels
• insecure (no authentication/encryption; it requires IPsec for that)

Question 2

What are the characteristics of this VPN type: DMVPN?

Answer 2

• point-to-multipoint IP-over-IP tunnels are used (mGRE)
• spoke-to-spoke traffic flows directly by dynamically establishing GRE tunnels between the spokes
• insecure (no authentication/encryption) unless its run over IPsec

Question 3

What are the characteristics of this VPN type: IPsec VPN?

Answer 3

• creates IP-over-IP tunnels
• provides network layer authentication and optional encryption to make data transfer secure
• DOES NOT (itself) offer multicast functionality. This would require the use of a GRE tunnel that is secured via IPsec.

Question 4

What are the characteristics of this VPN type: SSL VPN?

Answer 4

• achieve secure authentication and encryption of data that transfers over the Internet
• a remote access solution that replaces IPsec clients
• is firewall-friendly (uses SSL as the transport)

Question 5

What are the 3 operational modes of SSL VPNs?

Answer 5

• clientless mode: provides access to web servers behind the firewall
• thin-client mode: provides port forwarding via a Java applet
• full tunnel mode: includes an SSL VPN client

Question 6

What are the characteristics of this VPN type: L2TPv3?

Answer 6

• capable of tunneling any Layer 2 payload over L2TP
• L2TPv3 defines the L2TP protocol for tunneling Layer 2 payloads over an IP core network by using Layer 2 VPNs

Question 7

What are the benefits of L2TPv3?

Answer 7

*L2TPv3 simplifies deployment of VPNs
*L2TPv3 does not require MPLS
*L2TPv3 supports Layer 2 tunneling over IP for any payload